In a survey of IT decision makers, 94 per cent see free Wi-Fi hotspots as a significant threat to information security. What’s more, 62 per cent of surveyed individuals say they prohibit mobile workers from using free Wi-Fi hotspots. A further 20 per cent say they plan to ban such usage in the future, according to the iPass Mobile Security Report.
That organizations are nervous about free Wi-Fi should come as no surprise. As iPass vice-president of engineering Keith Waldorf explains, many businesses have had security breaches. They’re worried about potential network intrusions. Those concerns extend to free Wi-Fi hotspots, where hackers have been known to lurk in wait to access unprotected machines used by unwary visitors.
A closer look at the numbers shows that survey respondents aren’t necessarily concerned about the security measures — or lack thereof — employed by the hotspot operator. While 37 per cent say their biggest mobile security threat is related to free Wi-Fi, almost as many (36 per cent) say their biggest concern is employee inattention to security.
And 27 per cent say they’re worried about the devices employees use. Some 88 per cent say they struggle to consistently enforce safe mobile-usage policies. Organizations often give workers VPNs to access corporate networks remotely and safely, but iPass found that just 26 per cent of respondents are “fully confident” that employees use those encrypted communications tunnels every time.
Waldorf says what many IT decision makers must feel about this matter: “The fact is, mobile workers will seek out free Wi-Fi connectivity for its convenience, despite its security flaws. Simply banning access to free Wi-Fi hotspots is a heavy-handed approach and is not the solution.”
Instead, companies should educate mobile workers about the dangers of unsecured Wi-Fi and give them the tools to access secure Internet connections, he says. Certainly, it’s a commercial for iPass’s own secure Wi-Fi service. Nonetheless, the advice is sound. Security tools and education are helpful. It’s just that they might not cut it, either.
After all, even when users have the wherewithal to connect securely, they don’t always do so. If a mobile worker is in a rush to meet a deadline and needs to send information immediately — and the only reliable connection is an unsecured hotspot — you can bet that employee will link up and send.
Invest in the network
That means IT decision makers may need to spend less time trying to force users to turn on VPNs or steer clear of café connections, and focus more on securing the corporate network. In this case, advanced intrusion detection systems, firewalls and other strong electronic barriers are the best way to minimize infiltration.
A growing number of technology advisors make the case for cloud computing as a way to protect digital assets. Many cloud services come with data security features that simplify the task of safeguarding intellectual property. Companies can also zero in on security as a service by hiring a managed security services provider. Such firms often have certified experts who know how to ensure network performance and safety.
As Waldorf says, it’s unrealistic to expect mobile workers will stay away from free Wi-Fi. It’s also unlikely that they’ll always use VPNs and other security measures. A hardened network — ready and able to thwart intruders — could be the most important component in enterprise security infrastructure.
Image courtesy of Free Digital Photos