Story image

Employees who use public wifi are playing a game of risk, says CompTIA

20 Mar 17

Employees could be putting your organisation at risk just by the wireless networks they use, says tech industry association CompTIA.

Employees who use unsecured networks, such as public Wifi networks, could compromise an organisation’s entire internal network if there is a breach, exposing potentially sensitive company data.

A survey by GFI found that 95.6% of respondents used public Wifi to carry out work tasks. While they might know the risks, they value conducting business rather than protecting data. They also believe they won’t be a target, so don’t take adequate steps to data protection.

Sean Murphy, CompTIA’s ANZ channel community executive council member and owner of Nexus IT says that anyone can potentially see devices on public wifi networks. He believes that even those who switch their device configuration to ‘public network’ aren’t protected.

“Cyber criminals have network analysers on their smart phones to see what operating system and IP address people are using, to engage in attacks on their system,” he says. 

Further, anyone on the network can see and explore the device. Traffic can be intercepted stealthily, creating opportunities for malicious activity such as man–in-the-middle attacks, and identity and data theft. With many professionals using public Wi-Fi to conduct business in an increasingly mobile world, businesses must consider whether the risk is acceptable,” he continues.

CompTIA says that employees should avoid:

  • Logging into personal accounts. Public networks allow hackers to see login credentials and save them for later
  • Using banking or actions that involve personally identifiable information, such as checking statements, credit card accounts and logging into email accounts through browsers
  • Logging into business accounts
  • Sending messages through social apps such as Facebook, Messenger and Skype as these are not encrypted and can be intercepted.

“Many businesses are failing to ensure that mobile devices are secure whether they are company-issued or BYOD. Many have little or no security, no passwords set up, no encryption and no security software. This put the company, the employee and customers at risk of suffering a cyber attack,” Murphy says. 

“While public Wi-Fi may be convenient and can add business value, employees should be mindful and take precautions. If possible, employees should wait until they are back in the office or can access a secure Wi-Fi connection before accessing sensitive files or systems,” he concludes.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.