The dangers of public Wi-Fi are well documented, but the increase in remote working means the threat has grown. During the pandemic, many businesses had little option other than to allow their employees to work remotely. Remote working during the pandemic meant employees working from home, but now that COVID-19 restrictions are easing the dangers of public Wi-Fi have reared their head one again. Many businesses have seen benefits to remote working and are continuing to allow employees to work from home, while many others are considering adopting a hybrid working model, where employees can work remotely for at least some of the week.
The Dangers of Public Wi-Fi
There are a variety of risks when accessing the Internet over public Wi-Fi networks, one of the most serious being the Wi-Fi access point that people connect to is not actually the Wi-Fi network of the establishment where employees are working. It is all too common for threat actors to set up rogue access points that resemble the legitimate Wi-Fi access points that they spoof. Through those access points – often referred to as evil twins – connections are monitored, and no communicated data are secure.
Attackers often inject malicious proxies, eavesdrop on network traffic, and use redirects to send Wi-Fi users to malicious websites. While perhaps unlikely in a local coffee shop, it is possible to compromise wireless technologies such as Bluetooth and Near Field Communication (NFC), and these tactics are commonly used, especially in foreign countries. If Bluetooth and NFC are enabled, an attacker could scan for nearby devices and gain information that could allow them to identify and target a particular individual.
How to Reduce Risk
There are various steps that remote workers should take to ensure they do not unwittingly fall victim to a malware infection, disclose their credentials in a phishing attack, or otherwise compromise their device, and in turn, the network of their employer. The most straightforward of these measures is to simply not use public Wi-Fi networks, although that is not always possible for travelling employees.
If it cannot be avoided, it is important to connect to a Wi-Fi hotspot that has encryption and strong authentication, as security will be greater. It is never a good idea to connect to any Wi-Fi network that has no security and does not require a password to connect, but it can be difficult to determine how good Wi-Fi security actually is.
It is important to remember that having a password on a Wi-Fi access point does not mean there is data encryption, so any transmitted data may be intercepted. Even with encryption, if an attacker knows the pre-shared key, the encryption is rendered useless as data can easily be decrypted.
It is also possible to force a network into using unsecure protocols or obsolete algorithms, and there are widely available open-source tools that can easily be used to capture credentials and other sensitive data.
It is therefore important to take precautions. For employees, the steps are straightforward. Avoid public Wi-Fi networks if at all possible and avoid disclosing any sensitive data on websites that do not start with HTTPS. Bear in mind that hackers can set up HTTPS websites just as easily as anyone else so be sure not to place too much reliance on https for providing security.
Employees should avoid disclosing any sensitive data or accessing their email or work network entirely over public Wi-Fi if possible, and to ensure that tools supplied by employers – such as a VPN – are used.
Employers should ensure a Virtual Private Network (VPN) is available to employees and there is sufficient capacity to allow all workers to connect. Employers can – and should – extend the protection of their web filtering solution to remote workers’ devices. Web filters will block access to known malicious websites and can block malware downloads. Solutions such as WebTitan are easy to configure to protect remote workers’ devices, and filtering controls will then be applied just as if the employees are in the office.
Standard cybersecurity best practices should also be followed, such as ensuring patches and software are kept up to date, including VPNs. Multifactor authentication should be enabled and anti-malware software installed. Anti-spam solutions – SpamTitan for example – should also be implemented to block email attacks, and firewalls should be used to prevent unauthorized inbound and outbound connections.
It is also recommended to disable Link-Local Multicast Name Resolution (LLMNR) and Netbios Name Service (NBT-NS) on Windows laptops and to configure Web-Proxy Autodiscovery Protocol (WPAD) to use only corporate proxy servers and to turn off device file and printer sharing on public networks.