SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Employees who use public wifi are playing a game of risk, says CompTIA
Mon, 20th Mar 2017
FYI, this story is more than a year old

Employees could be putting your organisation at risk just by the wireless networks they use, says tech industry association CompTIA.

Employees who use unsecured networks, such as public Wifi networks, could compromise an organisation's entire internal network if there is a breach, exposing potentially sensitive company data.

A survey by GFI found that 95.6% of respondents used public Wifi to carry out work tasks. While they might know the risks, they value conducting business rather than protecting data. They also believe they won't be a target, so don't take adequate steps to data protection.

Sean Murphy, CompTIA's ANZ channel community executive council member and owner of Nexus IT says that anyone can potentially see devices on public wifi networks. He believes that even those who switch their device configuration to ‘public network' aren't protected.

“Cyber criminals have network analysers on their smart phones to see what operating system and IP address people are using, to engage in attacks on their system,” he says.

Further, anyone on the network can see and explore the device. Traffic can be intercepted stealthily, creating opportunities for malicious activity such as man–in-the-middle attacks, and identity and data theft. With many professionals using public Wi-Fi to conduct business in an increasingly mobile world, businesses must consider whether the risk is acceptable,” he continues.

CompTIA says that employees should avoid:

  • Logging into personal accounts. Public networks allow hackers to see login credentials and save them for later
  • Using banking or actions that involve personally identifiable information, such as checking statements, credit card accounts and logging into email accounts through browsers
  • Logging into business accounts
  • Sending messages through social apps such as Facebook, Messenger and Skype as these are not encrypted and can be intercepted.

“Many businesses are failing to ensure that mobile devices are secure whether they are company-issued or BYOD. Many have little or no security, no passwords set up, no encryption and no security software. This put the company, the employee and customers at risk of suffering a cyber attack,” Murphy says.

“While public Wi-Fi may be convenient and can add business value, employees should be mindful and take precautions. If possible, employees should wait until they are back in the office or can access a secure Wi-Fi connection before accessing sensitive files or systems,” he concludes.