During the COVID-19 pandemic, many employees and employers alike discovered that remote work could be just as productive as in-person work. In fact, McKinsey estimates that 20 to 25 percent of the workforces in advanced economies could work remotely three and five days a week without a loss of productivity.
But remote work isn’t without its downsides—especially when it happens in public places—and the security risks associated with it are among them. So, are you wondering how to minimize security risks while using public Wi-Fi? Let’s take a closer look at these risks and explain how to avoid them.
Download
DoD Contractor’s Guide to CMMC 2.0 Compliance
Public Wi-Fi Networks
Remote workers are attracted to places that offer free public Wi-Fi like flies are attracted to honey because they can’t do their work without internet access. What they sometimes don’t realize is that not all public Wi-Fi networks are as sweet as they appear to be.
It’s a fairly common practice for cybercriminals to set up so-called Wi-Fi honeypots in highly trafficked areas, such as airports, shopping malls, and public libraries.
A Wi-Fi honeypot is essentially a malicious wireless hotspot created to steal sensitive information.
Not realizing their malicious nature, remote workers connect to Wi-Fi honeypots to obtain access to the internet, allowing the attackers behind them to see what they do online, read unencrypted information, and redirect them to credential-stealing websites.
How to Stay Safe from WiFi Honeypots
Since it’s virtually impossible for the average employee to reliably distinguish legitimate public Wi-Fi networks from those that are malicious, the best way to minimize security risks on public Wi-Fi is to avoid them altogether.
Instead of relying on public Wi-Fi, employees should be encouraged to use their smartphones to create their own mobile hotspots. Both Android and iOS devices make this easy.
When a fast cellular data connection isn’t available to create a personal mobile hotspot and public Wi-Fi is the only option, then it’s paramount to encrypt all online traffic so that even if someone manages to intercept it, they won’t be able to make sense of it.
Fortunately, modern remote desktop solutions like Microsoft’s Remote Desktop Protocol (RDP) enable strong encryption by default. Organizations can also deploy a virtual private network (VPN) solution to make it possible for employees to safely connect to specific servers.
Device Theft and Loss
According to a study published by Kensington, one laptop is stolen every 53 seconds, and 70 million smartphones are lost each year, with only 7 percent recovered.
For obvious reasons, employees who are working in various public places are much more likely to experience device theft and loss than those who spend most of their time in the office, with security cameras and sometimes even security guards keeping them and their belongings safe.
The financial loss associated with a stolen or lost device is always unpleasant for the employee who purchased the device for himself/herself or the organization that provided it, but it pales in comparison with the potential financial impact of the resulting data breach.
How to Stay Safe from Device Theft
Unfortunately, it’s not possible to reliably prevent device theft and loss. What’s possible, however, is to minimize their negative consequences by encrypting all employee devices to ensure they can be used only as paperweights.
The good news is that laptops running Windows and macOS and mobile devices running Android and iOS support full-disk or file-based encryption out of the box. Once encrypted, their content can be accessed only after the correct password is entered.
To keep track of employees’ devices, organizations can deploy a mobile device management (MDM) solution like Microsoft Intune, a cloud-based management tool for mobile devices with support for Windows, macOS, Android, and iOS.
With Intune, it’s possible to remotely see all enrolled devices from one place, configure their security settings (including encryption), and remove organization data if a device is lost, stolen, or not used anymore.
Shoulder Surfing
Shoulder surfing is a frequently underestimated security risk that all employees working in public places need to keep in mind. It describes a situation where the attacker is physically so close to the victim that they can obtain sensitive information just by looking at their device screen and/or keyboard.
One example of shoulder surfing is if an employee is doing work at a coffee shop and someone sitting right next to them sees their email address and password. The opportunistic criminal can then simply write the password down and later use it to access the victim’s inbox.
Of course, shoulder surfing attacks can also be deliberate. For example, a determined criminal could set their sights on a specific employee, such as someone who regularly visits the same public place to do work, and shoulder surf them for hours and hours.
How to Stay Safe from Shoulder Surfers
Shoulder surfing is one of those cybersecurity threats that are best addressed with cybersecurity awareness training—just like phishing.
Employees need to understand not just that the threat exists, but they also need to know how little it takes for it to result in a major data breach. To protect themselves, they need to:
- Always be aware of their surroundings.
- Avoid sitting with their backs to other people.
- Find a private place whenever possible.
- Lock their devices when leaving them unattended.
- Be extra careful when entering passwords.
It’s also worth mentioning that special privacy screen protectors and filters for laptops, tablets, and smartphones can be purchased online and installed in minutes to darken the screen at a certain viewing angle, making it nearly impossible for strangers to steal sensitive information.
It’s Time to Take Remote Work Security Seriously
These days, work happens from many locations and devices…
The problem is that some locations, such as airport lounges, coffee shops, and co-working spaces come with their own security risks, and it’s important to take them seriously to minimize security risks while using public Wi-Fi, otherwise they could lead to a costly cybersecurity incident.
If you’re interested in implementing the solutions described in this article to improve the cybersecurity posture of your organization, schedule a meeting with us at OSIbeyond.