As lockdown restrictions are starting to ease, many of us are gingerly making our way back into public spaces – and also using public WiFi – but is there a less obvious threat waiting for those of us that do venture out?
Remote working was becoming an increasingly popular phenomenon even before the pandemic hit, but now it’s become almost essential. In a pandemic-struck world, it’s now pretty common for office workers to carry out their jobs from home, with more organisations than ever before embracing everything that the ideal of the ‘modern workplace’ has to offer.
Now, as the lockdown restrictions are softening, we’re seeing employees flock back to coffee shops, co-working spaces, and even parks – just to get a change of scenery after months spent working from home. In order to make this new regime change work, employees will often need to access public Wi-Fi – and therein lies the problem.
Connecting with the Unknown
Although security experts have long advised the public to avoid using unsecured public WiFi networks – especially when accessing confidential work documents – so-called ‘secured networks’ also come with their own risks.
As the name suggests, an unsecured public WiFi network lacks any kind of security feature, and is essentially a free-for-all. Secured public WiFi, however, is often judged as being fast because users are asked to log in and consent to using the service. The question is: what are users consenting to, exactly? Increasingly, companies are using their WiFi hotspots for data mining purposes, as part of a mobile engagement strategy – leading to serious concerns about user privacy.
What’s more, cyber-criminals are able to steal information using Man in the Middle attacks, exploiting a security flaw to intercept unencrypted data. Although most modern corporate data has some encryption, some files could still slip through the net. Elsewhere, users can fall into the trap of connecting to a rogue network that mimics a public hotspot, totally unaware that cyber-criminals have them right where they want them.
Despite these dangers, the temptation to join public WiFi – secured or otherwise – is always in reach of employees, whether on the daily commute or in their favourite coffee shops. Curbing this risky behaviour must be a priority for businesses as their employees strive to return to some kind of normal.
Protecting Your Organisation
So, where do organisations begin when it comes to tackling such a pervasive challenge? The answer starts with education and ends with the right solutions; the following are just a few early steps to take:
- Encryption, encryption, encryption! – Malicious actors can’t use information they can’t decode, so make use of Microsoft 365’s encryption functions. 365 provides Microsoft-managed solutions for volume encryption, file encryption, and mailbox encryption in Office 365. Not only does it input multiple layers of encryption at the same time, this nifty solution also lets you password-protect Office documents, giving you an added layer of protection.
- Virtual Private Networks – A VPN extends a private network across a public network and can go a long way towards securing your connection. It works by enabling users to send and receive data across public networks, as if their devices were directly connected to the private network only.
- Secure BYOD – With more employees using smartphones and tablets to conduct their work, securing those devices is more important than ever. Adopting a secure BYOD policy means your organisation will be protected no-matter where your employees access data from, or what network they use.
- Zero Trust – Rather than worrying about securing the network that your employees are on, or even the employee themselves accessing it, the new way to secure corporate data is by adopting a Zero Trust model. In this model, verification is king, and no access is automatically trusted – meaning your data is safe from intentional cyber-attacks or unintentional employee slip ups.
The pandemic has undoubtedly caused businesses to shift focus, rethink previous practices, and embrace the modern workplace. But before employees rush to spread their wings and get back to something resembling normalcy, businesses would do well to invest time and resources into introducing new layers of protection first.
With a strong security policy and the right technical solutions at your fingertips, you can ensure that both your users and your organisation can reap the benefits of remote work, without increased security risk – no matter where they’re working from.
If you’d like to know more about protecting your organisation from security threats, please contact a member of our dedicated team – they’re happy to help.