Stephen Finn -

A latte and a breach?

Coffee shops and hotels can be places where wifi can be compromised and Billy MacInnes has been looking into the issue over a brew

Coffee shops and cafés can be dangerous places.

I’m not talking about the damage they can do to your wallet or the potential detrimental health effects of drinking too much coffee. I’m not even commenting on the disposable plastic cups and the long-term danger they pose to the environment.

What I’m talking about here is Wi-Fi security.

Or rather the lack of it.

According to a recent survey of 500 CIOs and IT decision makers in the UK, US, Germany and France, coffee shops and cafés were top of the list of venues for Wi-Fi security incidents. The 2018 Mobile Security Report from iPass also found airports were perilous locations and hotels weren’t that far behind.

When you consider those locations, it’s not hard to see the correlation between the riskiest venues for using Wi-Fi and the places where mobile workers are most likely to log on to Wi-Fi hotspots with their devices.

What was most worrying was that 57% of organisations taking part in the survey believed their mobile workers had been hacked or caused a mobile security issue and 81% of respondents said they had witnessed Wi-Fi related security incidents in the last 12 months.

It’s probably not surprising that mobile security threats are increasing as more organisations are moving to an increasingly mobile workforce. According to the survey, 94% of organisations believe that the introduction of Bring Your Own Device (BYOD) policies has dramatically increased their mobile security risks.

As Raghu Konka, vice president of engineering at iPass, puts it, enterprises face a conundrum: “how can they keep their mobile workers secure while providing them with the flexibility to get connected anywhere using their device of choice”?

One flippant response would be to make them travel by train as the ranking for Wi-Fi security incidents is much lower in railway stations. However, that’s probably because there may be less mobile workers using Wi-Fi hotspots in railway stations. Or there might be less Wi-Fi hotspots in train stations.

VPN appears to be the preferred method for countering these concerns. According to the report, 46% of organisations were confident their mobile workers were using a VPN whenever they went online. Only 54% more to go.

Related to that could be a policy of banning the use of public Wi-Fi hotspots by mobile employees. The vast majority of organisations (around 90%)  in Germany, France and the US plan to do so, although the figure for the UK is quite a bit lower at 58%.

Even if businesses choose the banning option, how do they discover mobile workers have broken it? How do they enforce it? And what measures do they have to put in place to deal with those who, for whatever reason, flout the ban? 

Short of making them immobile, how could organisations prevent mobile workers from going online in public places? Somehow, I don’t think banning employees from drinking coffee and eating pastries sounds that impressive as an IT security measure even if, to all intents and purposes, it would probably reduce the risk to a degree.

It would make better sense to get them connecting through a VPN as a matter of course. And it really shouldn’t be that hard to adopt the habit, especially for people who have already managed to negotiate the coffee and pastry/sandwich menus in today’s major coffee chains.

Read more on Wireless Networks