You already have plenty on your plate, whether you are implementing and maintaining technology, helping to resolve technical issues or ensuring your company’s data is safe and secure. Now, you can add the proliferation of rogue free public Wi-Fi networks to that list.
Free Wi-Fi connections can be tempting for traveling employees. And hey, you can’t blame them, as one less item on an expense report can make them look better — especially if your company is tightening its belt. But talking to them about the risks can help protect them — and you.
How Rogue Free Public Wi-Fi Works
Tech-savvy thieves are taking advantage of users’ thirst for constant connectivity. “The basic idea is someone in vicinity has created a ‘free Wi-Fi network’ that you connect to, but in doing so, you’re allowing them to tap into your info, access your files and possibly steal your personal identity too,” says Tim Bajarin, president of Creative Strategies, a tech consultancy in Campbell, Calif.
“These ‘rogue’ networks are really individuals who have software to hack into your systems — and because the majority of people’s laptops are not protected, they’re a lot more susceptible than they think.”
In fact, New York-based independent security consultant Dino A. Dai Zovi says he and a colleague, Shane Macaulay, authored a tool called KARMA to demonstrate the risk of unprotected wireless networks. “KARMA acts as a promiscuous access point that masquerades itself as a wireless network,” explains Dai Zovi. “It makes the victim connect to our rogue wireless network automatically.”
Rogue operators will often craft network names similar to the name of the hotel or the coffee shop where your end user is attempting to connect. One careless click and your data is exposed. Scary stuff. So, what to do?
Tips for Safer Surfing on Free Public Wi-Fi
You’ve got your work cut out for you, and it starts with employee awareness, say the experts. Consider these steps:
- Avoid free public Wi-Fi. Caution employees to steer clear of freebies. “When I go to hotel, I make sure they have a wired [Ethernet] connection,” says Bajarin. “And if I want to go wireless on my laptop or other devices in my hotel room, I bring an Airport Express with me,” he adds, referring to Apple’s compact wireless router.
- Be efficient. If you or your end users can’t avoid a free public Wi-Fi network, “get on, get what you need and get off — and don’t do any financial things until you’re back at home,” cautions Bajarin.
- Use VPN. Only use free public Wi-Fi if you have VPN (Virtual Private Network) access, says Dai Zovi. “Otherwise, everything you do can be easily monitored by anyone nearby.” Citing recent Firesheep attacks, Zovi says that even password-based networks can be attacked by malicious types. Firesheep is an extension for the Firefox browser that can grab your login credentials for sites such as Facebook and Twitter.
- Give employees your own connection. Another option for mobile workers is to use WAN-enabled laptops, USB sticks with cellular connectivity or to create a mobile hotspot through a smartphone or tablet.
- Use security software. Make sure all security software is updated regularly, enable firewalls and give employees a means to encrypt sensitive data.
Only through education, secured connections and some common sense can your employees keep personal and professional data safe from cyber-snoopers, waiting to attack through a free public Wi-Fi.