Although I first started using computers in college mostly for word processing and typing up papers in my Ag Econ classes, it really wasn’t until about 2000 until I really started using the Internet, E-Mail, and even the Web Browser. At the time, I was using PINE (a UNIX based E-Mail package), and Netscape Navigator as my major tools.
Of course at that time as well, I got introduced to the concepts of networking, and what an Ethernet card is and Cat 5 cabling. Heck, I even learned all about what those lights mean when your computer is connected to the Internet (green means you’re connected, yellow means the data packets are communicating with the Ethernet Card).
This hard wired connectivity was all the norm I would say up until early this decade. Now, the craze of course you know is all about Wi Fi, and having the ability to connect wirelessly wherever you may be at, any time in the world. Heck, the technology of Wi Fi has even come to the point where you can even your use your Smartphone as a source of an Internet connection in which to connect your laptop to.
That is what I do these days, I just use my iPhone as what is known as a “Personal Hotspot”. After all, why pay Comcast over $60 per month for an Internet connectivity, right? Although Wi Fi may come with its great levels of convenience, it does come with its fair share of security risks as well. This has been a topic for a long time amongst IT professionals in the network security world for the longest time.
Long story short, is how can you assure that a WiFi connection is safe, when a majority of them are being used at public places such as Starbuck’s and Panera Bread? In these instances, a Cyber attacker can quite easily sniff out your data packets, and use the information in them to launch subsequent ID theft attacks. After all, these public Wi Fi spots are not on a secure connection by any means.
This is exemplified by a recent survey that was conducted by a security firm called iPass. Here are some of the key findings from it:
*Over 500 C-Level Execs were surveyed, across the US, UK, Germany, and France. While they said that using Wi Fi has greatly increased their levels of productivity, it has also brought on a whole new array of security issues to be dealt with.
*Over 80% of these C-Level Execs said that their employees have faced significant security issues just in the last 12 months. A majority of these incidents took place on insecure, public Wi Fi spots as I have just previously described.
*Many of these C-Level Execs have adopted a BYOD (this stands for “Bring Your Own Device”) policy. This is where employees can use their own, personal wireless devices in order to conduct their work related matters. This too brings in a whole new array of security issues as well. For example, over 92% have said that implementing a BYOD policy has brought upon newer types of Cyber threats.
*On the above note, only 53% of the organizations polled actually have a BYOD security policy in place, and only 30% of the employees actually followed these policies to the letter.
*27% of these C-Level Execs have totally banned their employees from using any kind of Wi Fi hotspot when conducting work related matters.
*46% of these C-Level Execs have now mandated the use of a Virtual Private Network (VPN) for employees when they do actually conduct work related matters.
*Interestingly enough, the C-Level Execs in in the UK aren’t really too concerned about their employees using public Wi FI spots when it comes to connecting to the corporate intranet. 42% of these C-Level Execs have no plans of abolishing this policy, while only 10% and 12% of C-Level Execs in Germany and France, respectively, allow for their employees to use Wi Fi public hot spots for work related activities.
*But despite this, only 38% of the UK based C-Level Execs have any faith that their employees are actually using a VPN, whereas 53% of the C-Level Execs in Germany have some level of faith that their employees are using a VPN.
So what is a C-Level Exec to do? They have to embrace the fact that Wi Fi is here to stay and will be the norm for a long, long time to come. As this quote nice summarizes it: “Public Wi-Fi has now become the norm, people tend to work remotely or on the move; the power of smartphones and business pressures are such that people connecting to untrusted networks to get their work done is now an ‘accepted’ practice . . .” (SOURCE: https://www.scmagazine.com/despite-risks-a-majority-of-firms-are-allowing-the-use-of-wi-fi-hotspots/article/754926/).
Then he or should follow these 4 basic principles:
- Remote connectivity to the corporate IT infrastructure can be done only using a VPN;
- Implement 2FA (Two Factor Authentication) on all wireless devices that are issued to employees;
- Totally ban the policy of BYOD (yes, there are cost savings to this, but there is much greater exposure to Cyber attack with this – we will examine BYOD in a future blog);
- Educate your employees about proper Wi Fi usage. Reinforce to them the consequences for not following the security policies that have been set forth, but make them personally and financially responsible for any security breaches that place on their issued wireless devices.
Really in the end, it is the fear factor that works the best, especially when it hits home.