Over 90% of enterprises see free Wi-Fi hotspots as a significant threat to their mobile security, and 62% actively enforce bans on employees using them, according to the latest Mobile Security Report compiled by Vanson Bourne for Wi-Fi service aggregator iPass.
The report set out to examine how enterprises were dealing with the trade-off between maintaining security and enabling people to work where and when they like.
“Wi-Fi is a disruptive technology that has changed the way people work but, in recent times, it has also introduced formidable mobile security concerns,” said iPass engineering vice-president Keith Waldorf.
While being connected was a basic requirement for most mobile workers, the growing number of businesses falling victim to major and often embarrassing security breaches was clearly playing on the minds of many, he said.
“The use of free and insecure Wi-Fi hotspots in particular is a growing concern, as organisations balance the need for low-cost and convenient connectivity against the threat posed by hackers,” said Waldorf.
Respondents to the survey were asked to identify their biggest mobile security threat. Overall, 37% said this was use of free Wi-Fi hotspots.
Read more about mobile security
- Experts told the CW500 Security Club how mobility brings new challenges to security departments and an opportunity to go beyond building walls around the enterprise.
- Mobile devices are rife with security holes. The right knowledge and tools, including encryption and containerisation, can help organisations fill in those holes and protect mobile data.
- Attackers could already be exploiting the fact that most mobile apps are ‘leaving the door wide open’ through poor and insecure coding practices, says security researcher James Lyn.
Consumers unconcerned about security
Such hotspots are typically provided in public places – such as pubs and cafes – without encryption, and offer immediate access to the internet with either no, or minimal checks, such as passwords.
These networks can be very easily monitored using another device, and data in transit across the network observed and captured in a so-called "man in the middle" attack.
According to UK comms regulator Ofcom – which published statistics on consumer attitudes to wireless security in 2014 – 77% of people were generally not worried about their personal security when accessing free Wi-Fi hotspots outside the home.
Respondents to iPass’s survey cited employees' lack of attention to security and the devices they used, as potential threats.
With more organisations implementing bring-your-own device policies, the sheer number of devices that IT departments have to keep up with – as well as how well they are maintained and patched by their owners – remains a major challenge. Indeed, said iPass, 88% of enterprises said they struggled to consistently enforce a safe mobile usage policy.
While most said they provided mobile workers with a virtual private network (VPN), iPass found only a quarter were confident their users were accessing critical enterprise systems over the VPN.
It also found that British CISOs were the most lenient when it came to banning free Wi-Fi hotspots. Nearly half said they did not actively stop their users from using them but, according to iPass, this is not necessarily a bad thing.
“Simply banning access to free Wi-Fi hotspots is a heavy-handed approach and is not the solution,” said Waldorf.
“In today’s ‘Wi-Fi’-first’ world, it is imperative that organisations educate their mobile workers about the dangers of insecure free Wi-Fi, and equip them with the requisite tools to access a secure internet connection and remain productive.”