The line between personal and corporate mobility is frequently blurred. Whether your company has adopted a BYOD, CYOD or some other mobile device policy, chances are your employees use their smartphones, tablets and laptops to catch up on work in public spaces such as coffee shops and airports.
Unfortunately, the ubiquitous use of free Wi-Fi and hotspots outside of home and work areas can create significant BYOD security issues. If your employees are like most Wi-Fi users, they typically connect through default settings, increasing the risk for Wi-Fi attacks.
While there are numerous threats, here’s a look at some of the main BYOD security risks when using free Wi-Fi and hotspots, and what you can do to reduce your vulnerability.
Default settings that allow users to connect to Wi-Fi in public places leave users vulnerable to connecting to an unencrypted or rogue access point. Similarly, because hotspots are typically open for access, they’re also not encrypted. When users connect to an unencrypted Wi-Fi or hotspot, they may leave themselves open to snooping.
Similar to having a public conversation, unencrypted Wi-Fi access means that the information users send out is accessible to anyone else on the network. Using readily available software, hackers can glean users’ passwords, email addresses and other critical information.
Tip: Have employees change their device settings so they’re not set up to automatically connect to unknown Wi-Fi networks. Alternatively, users can have their device ask before connecting, so they’re aware when their devices are connecting to a network and can verify that they want to connect.
Another potential threat is what’s known as a honeypot. In this scenario, attackers set up their own Wi-Fi hotspots with names like “Public Wi-Fi” or “Free Wi-Fi.” Or, they may set up a fake SSID that’s similar to a legitimate one by inserting a hyphen or changing the case. Once a user connects, the hacker can collect data packets from the connected device for as long as it’s connected. Once again, this leaves users vulnerable to having passwords, emails and other private information accessed by hackers.
Tip: Ask employees to avoid connecting to any free Wi-Fi that doesn’t reflect the name of the location or seems to have a strange name.
There are a number of different types of session hijacking that users need to be aware of:
- Man-in-the-Middle (MITM): This type of attack occurs when hackers insert themselves between two parties, impersonating both parties and gaining access to the information they were trying to send each other, such as financial account information.
- Sidejacking: In this type of attack, hackers “sniff” data packets to steal session cookies and hijack a user’s session. Even if a site is secure, the cookies may contain unencrypted login information.
- Evil Twin: This technique is designed to make illegitimate access points look identical to legitimate ones, making it difficult for users to determine which one is correct. For example, at a coffee shop, you may see two connection points: “TheCoffeePot” and “TheCoffeePotGuest.” Since both of these reflect the name of the location and both have free Wi-Fi, users may choose either one to connect to. Once users join the rogue network, the hacker can launch a man-in-the-middle attack and intercept information between the user and another party.
Tip: Create a company VPN and have employees use it when connecting in public locations. The VPN will ensure that the entire network connection is encrypted, regardless of how secure specific websites or apps are. Also look for the “s” in the HTTPs address, which connotes security.
Safeguard Against Wi-Fi Attacks
To increase BYOD security and reduce the threat of Wi-Fi attacks, start with employee education as your first line of defense. Make sure that your employees are aware of the threats when they use free Wi-Fi and know how to best avoid becoming targets. Educate them on how to update their privacy and security settings and their anti-virus software, or prohibit the automatic connection to wireless networks. Encourage employees to look for the lock icon and for an HTTPs address to verify security.
Additionally, if you’re using a CYOD, CLEO or COPE mobile policy, consider configuring devices with these security measures before handing over devices to employees. Keep anti-virus software up to date even once the devices are in employees’ hands through automatic updates.
For mobile devices, the best way to address BYOD security is through a multilayered approach, using a platform such as Samsung Knox, which has security built into both the hardware and software levels. The more recommended security measures you can incorporate into your mobile security strategy and BYOD policies, the more likely you are to avoid malicious Wi-Fi attacks.