Read Time: 4 Minutes
An on-going investigation into the perils of public Wi-Fi worked with three British politicians to show how insecure public Wi-Fi access points can expose people and businesses to online threats. Businesses need to take note of how these politicians risked their privacy and confidential data so they could use public Wi-Fi hotspots, and ask themselves how many of their employees do the same.
The experiment saw all three politicians leak confidential data while using public Wi-Fi – data that can be used to hack things like email, social media, and even bank accounts. It was conducted on behalf of F-Secure by the Cyber Security Research Institute and Mandalorian – an ethical hacking firm based in the UK.
The politicians, deliberately selected from the most powerful chambers in UK politics, were Rt. Hon. David Davis MP, Mary Honeyball MEP, and Lord Strasburger. The exercise was carried out with the permission of the politicians who, despite holding important positions within the different parliaments, admitted that they had received no formal training or information about the relative ease with which computers can be breached while using public Wi-Fi – a service they all admitted to using regularly.
The techniques used in the experiment were all relatively simple and inexpensive, but all can be effective tools to use against businesses that fail to prepare their employees for the security risks of working on the go. You can read the full report here, but here’s a few key takeaways that IT administrators should keep in mind regarding the security practices being used by their businesses.
#1: Employees Rely on Public Wi-Fi for Work
Honeyball, who sits on the committee responsible for the EU’s We Love Wi-Fi campaign, said she was “surprised and shocked” when Mandalorian’s Steve Lord revealed that her Facebook account had been compromised. It was particularly disconcerting given her dependency on using public Wi-Fi.
“I’ve used Wi-Fi all over Europe, so this is very worrying indeed. I need to use it in my work because I travel around a lot. I find it very worrying indeed. I don’t know how I could do my job properly without access to public Wi-Fi.”
Many modern businesses have tools and resources that allow employees to work effectively while out of the office. It’s great for people to be able to send emails or login to company networks while sitting in cafes or hotels, but this benefit shouldn’t expose companies to potential data breaches. Businesses need to appreciate the potential security implications of fostering a mobile workforce that’s dependent on public Wi-Fi access.
#2: Employees May Not Understand Online Threats
Honeyball used an iPad during the experiment that was given to her a few days before by the EU’s technology officers. While the officers had informed her about the importance of using secure passwords, they did not go beyond that or tell her about other potential security issues.
Approximately half of the businesses surveyed in a recent study from PricewaterhouseCoopers did not offer employees any kind of cybersecurity awareness training – making employee training the least common safeguard used by businesses. This figure seems to echo Honeyball’s concern that she was uninformed about the security implications of her work habits.
Intuitively speaking, it seems illogical to assume that non-IT personnel are well informed about the security risks they may be taking as part of their everyday work routines. And as the experiment demonstrated, one such security risk would be relying on public Wi-Fi.
#3: Employees Aren’t Necessarily Proactive about Security
F-Secure’s own research suggests that many people don’t use the security tools available to them. In a survey conducted in the US, only 23% of respondents said they have used a VPN to connect to the Internet. According to F-Secure Security Advisor Sean Sullivan, VPNs are an easy way for people to secure their data when using public Wi-Fi networks, making their relatively low use an indication that people aren’t necessarily proactive about securing their data.
Lord Strasburger, who had a VoIP call monitored and recorded during the experiment, felt that people’s lack of awareness needs to be addressed to prevent confidential data from being leaked.
“I think it proves that people, when they are using technology, need to know a lot more about it, because in the end they have to look after themselves, because it really is down to you, or me, no-one else is going to do it.”
Many people are either uninformed about their IT security, or lack the technical background to really understand the online risks they take on a daily basis. So companies need to be proactive and help them manage these risks to keep the company safe. An effective mobile fleet management solution can help companies secure fleets of company or employee owned mobile devices, and thwart many of the techniques used to hack the politicians during the experiment.
Businesses that want to empower their workforce to embrace mobility should keep the experiences of these politicians in mind, and consider the fact that their employees are faced with similar security risks every single day.