[BreachExchange] How Free Public Internet is Turning Remote Employees Into Prime Targets for Hackers

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 15 21:50:32 EDT 2018


Any remote employee working out of a coffee shop has probably asked this
question before. As work becomes increasingly mobile and employees hop on
free public Wi-Fi networks, it also leaves businesses vulnerable to
damaging cyberattacks.

Hackers love public Wi-Fi — it’s an unencrypted, often poorly protected
connection that can be easily exploited by hackers who identify network
security flaws to intercept data. For companies with remote employees,
these unprotected networks pose a significant security risk, leaving
sensitive information ready for the taking.

Small Businesses Have No Idea Who Is Eavesdropping on Their Free Wi-fi

Free Wi-Fi has turned cafes and hotel lobbies into shared workspaces where
employees can access their work email and other sensitive documents. An
astounding 75 percent of Americans have admitted to accessing their
personal email on an open network. While free Wi-Fi has transformed where
remote employees can work, it also makes public spaces a prime target for
hackers looking to get their hands on profitable information.

The DarkHotel spear-phishing campaign is one example of how hackers
leveraged public Wi-Fi networks to target business executives working in
luxury hotels. Attackers waited until victims connected to their hotel’s
Wi-Fi before prompting users to install counterfeit software updates,
infecting a guest’s computer with keyloggers and other forms of malware.
Once installed, the malware monitored guests’ passwords and communications,
putting both their personal information and their company’s data at risk
for exploitation.

Attacks like this are all too common when unsuspecting customers hop on a
business’ public Wi-Fi, regardless if they are accessing work documents or
their personal bank accounts. While small businesses tend to offer free
internet to draw more customers into their stores, it also makes data and
user identities vulnerable to hackers. Luckily, there are several
strategies end users and providers can implement to safely transmit
information across public internet networks.

Why a VPN Is the Best First Line of Defense When Connecting to a Public

If employees are going to continue working at coffee shops and other public
spaces, businesses should consider offering a virtual private network
service to keep their information safe.

Using a VPN is one of the best ways to keep browser information under wraps
as it encrypts traffic between devices (like laptops and mobile phones) and
a VPN server. VPNs utilize a combination of dedicated connections and
encryption protocols to insulate devices from public Wi-Fi. As an added
bonus, users with a VPN can spoof their physical location and make it
harder for hackers to pinpoint a computer’s actual address.

When deployed correctly, VPNs create a secure tunnel through which remote
employees can access company servers for work. This tunnel connects
employees, wherever they may be, directly to their company’s internal
network and prevents hackers from spying on a business’ remote server. A
VPN also protects data from packet sniffing, a common network attack that
intercepts and logs any traffic passing through a digital network, by
encrypting files so hackers can’t read what’s inside. It’s clear that a
VPNs handle multiple use cases for small business all the way to large
enterprises, but they are for more than protecting business documents. A
coffee shop patron who connects to his or her social media accounts should
strongly consider using  VPN to keep prying eyes away from any personally
identifiable information. With so much data in transit to and from devices
in coffee shops, airports, hotels or public spaces, VPNs are applicable for
both businesses and consumers.

Small businesses will likely continue offering free internet to attract and
retain paying customers, but securing their Wi-Fi router is low on their
list of priorities. If companies don’t have a secure VPN to offer its
remote workforce, employees should consider using a public VPN service to
aid their computer’s antivirus software. Above all, remote employees and
anyone trying to get online will need to exercise common sense and caution
before connecting to a free Wi-Fi hotspot. A VPN is not a silver bullet,
and is unlikely to protect sensitive information if an employee’s computer
is already infected with a virus.

Public Wi-Fi offerings can attract some shady characters, but that doesn’t
mean employees should shy away from working in coffee shops and public
workspaces. With a VPN in place, supported by antivirus software,
businesses can encourage employees to keep working on a free hotspot
wherever they may be.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180515/7c33813b/attachment.html>

More information about the BreachExchange mailing list