For some reason, it seems to be a well-kept secret that public networks are not exactly secure. Just about anywhere you may go in a given day – coffee shops, libraries, shopping malls, office buildings, your hotel – there’s a network just waiting for your device to join it. Convenient? Sure. But from a security standpoint, this is not a good thing.
Try telling that to a convenience-driven society that’s grown quite used to shopping, checking its email, dating, doing its banking, and chatting on social media, whenever and wherever it wants to. Despite the publicity given to data theft and identity theft, many if not most people don’t change their online behavior on vulnerable public networks, or even take advantage of even basic protective measures.
A recent article in Harvard Business Review outlined the range of threats to public wifi users’ security, describing some of the common tricks the “bad guys” use to gain access to sensitive user information. For anyone who values the integrity of their financial information or private emails, it should be pretty scary reading.
The truth is that it should be pretty scary to companies, too. In my role as Help Desk Manager at Red Level, I’ve got a front row seat to the havoc that a data thief can cause, both to individual users and the companies who employ them. The unfortunate truth is that the weakest links in a company’s information security chain are the people who work in it.
In a culture where people bring their own devices to the office or work remotely from Starbucks, it can be very difficult to ensure that your company’s sensitive information isn’t being snagged by some cybercriminal along with your employees’ own data. The firewalls, monitoring systems and other protective measures you maintain onsite can’t do much to help you if your employees are putting your data at risk offsite, or on their own insecure devices.
Are you getting more than you bargained for when you join a free network?
Fortunately, you have some options that can help you to safeguard company data (and provide some protection to employees at the same time). If your company doesn’t have a VPN (virtual private network) established, set one up – and make sure that company servers and email systems can’t be accessed from remote sites without it. At the same time, talk to your IT provider about establishing two-factor authentication to help make sure that users are authorized.
The next step is probably the most difficult, but also the most important: strengthen your security chain’s weakest link by educating employees of the risks they face personally and those they pose to the company through careless use of public networks. Not just a memo, or a cursory warning – a detailed, in-depth education covering the steps they need to take to connect and communicate safely, using both the systems you’ve established and their own common sense.
It’s a vital, valuable lesson: By getting employees to think past their ingrained habits and eagerness to connect anywhere for the sake of convenience, you can take an important step towards protecting your important data. Just as importantly, you can provide your company and your team with an extra benefit ‑ the peace of mind that comes from keeping Wi-Spies at bay.
Need help securing your network? Red Level is here to help. Call 248-812-8200 and talk to one of our network security and mobile security experts.