Hackers Hot for Hotspots: Protect Your Remote Workforce
Your remote workforce is only as strong as its weakest link — which, believe it or not, may be a public WiFi hotspot. Insecure networks have been at the forefront of a recent spike in business-impacting cyber attacks, namely among organizations that have deployed a remote workforce who accessed malicious WiFi networks or hacker-enabled hotspots.
Have we become so dependent on the ubiquity and convenience of connectivity that remote employees will connect to any nearby network, so long as it looks legit? The answer is yes, and it’s the reason why 80% of security and business leaders said their organizations were more exposed to risk as a result of remote work.
Though remote work enables employees to work from anywhere, these harmful hotspots are everywhere, and many employees are simply none the wiser to the risks. The vulnerability of the remote workforce to these cyber attacks can no longer be ignored. Learn how to protect your remote workforce (and organization) from the harmful effects of network-induced cybercrime.
The Remote Workforce is Here to Stay
If 2020 was the year of remote work, 2021 was the year of the remote workforce — and recent data suggests it’s not going anywhere any time soon. While 70% of full-time workers were forced to switch to remote work in 2020, 69% still voluntarily worked remotely throughout 2021. Today, a whopping 81% would prefer a hybrid or remote working style indefinitely, even post-pandemic.
Plus, it’s not just employees who favor a permanently remote workforce. According to the 2021 State of Remote Work, 26% of employers have voluntarily chosen to maintain a fully remote workforce and 20% have opted for a hybrid work model. Not to mention, approximately 40% of employers have either reduced or closed their physical office spaces.
All signs point to an ongoing remote workforce. But if employers weren’t prepared for their teams to work from home in 2020, are they actually prepared now? Or will the risk of cybercrime dampen the otherwise fantastic benefits of remote work? Recent statistics suggest there’s still work to be done to protect both employees and organizations.
But Are Remote Workers Safe from Cyber Crime?
Are you familiar with the phrase, “One bad apple spoils the barrel?” Well, that’s a pretty accurate way to view public WiFi and free hotspots in relation to remote work. Though employees have the freedom and autonomy to dial in from anywhere in the world, they almost always require an internet connection to access company servers or internal databases.
98% of remote workers use a personal device for work daily, yet 71% of security leaders lack high or complete visibility into remote employee home networks — which could explain why 67% of cyber-attacks directly targeted remote workers. From the local café to a hotel across the globe, it’s far too easy for employees to unintentionally connect to an unsecured network.
A recent study, Cybersecurity in the New World of Work, found that 74% of organizations attribute recent business-impacting cyberattacks to vulnerabilities in technology put in place during the pandemic, namely migrating business-critical functions to the cloud. Two-thirds of security leaders plan to increase cybersecurity investments over the next two years, but what about right now?
So, Is Public WiFi a Trap Door for Hackers?
While security leaders scramble to implement better network practices for remote workers, this remote-work expert will let you in on a secret: Using free public WiFi is like licking the grade-school water fountain while you’re taking a drink. Sure, you get what you need out of the deal, but you open yourself up to a lot of nastiness… like, next-level gross. The same can be said for public WiFi.
Though a public, insecure internet connection allows remote employees to access whatever they need for work, it also provides cybercriminals with access to business-sensitive or customer-centric data. A hacker can examine every piece of information a worker enters on the network, from important emails to security credentials for your corporate network.
Unfortunately, many people consider tethering their laptop to their phone as too technical or lack the appropriate data plan, so they default to a local hotspot. These hotspots are often unencrypted and require no login or password — that’s like open season for hackers! And with slim chances of tracking a cybercrime to the hotspot (or hacker) in question, they continue to be a blind problem.
Why Public WiFi Makes a Hacker’s Job a Breeze
We as a society have become so dependent on connectivity, whether for remote work or pleasure, that the average person will connect to a random nearby network as long as it is named in a manner consistent with their place on the map. Near a café? FreeCafeWiFi it is! But why is it so easy for cybercriminals to create these malicious networks in the first place?
First and foremost, it’s because you don’t have to hack a public network, you just have to imitate one. With an average iPhone, anyone can set up an “evil twin” WiFi network at the nearest café, airport, or hotel, and sniff any unsecured traffic that passes through. Most people don’t know the difference between the various WiFi or tethering symbols on their phone, so they’re in the dark about the inherent risks.
With slightly more sophisticated equipment and the right software, a true “evil twin” can be set up in a matter of seconds. In fact, when I’m in the field as a cybersecurity speaker, I often rename my iPhone to the name of the hotel or conference center hosting the event, like !SECUREMarriotWiFi. This naming convention makes the hotspot rise to the top of the list, and I regularly have attendees joining my hotspot to collect their email, log in to work, and more.
It’s that easy, friends. And it’s not always criminals doing the involuntary data grab: Retailers have been known to offer free WiFi with the specific purpose of learning more about their customers, meaning even “legitimate WiFi” can be a risk. The average café or retailer doesn’t actually care about the safety of your data, they are just keeping expenses low and connections convenient.
Cybersecurity Expert Tips to Protect Your Remote Workforce
Would you trust and inject a vaccine someone handed you at your favorite Starbucks? Don’t delude yourself. Working on free WiFi with sensitive material will never be as safe as using a secure hotspot or WiFi connection you own. If your remote workforce is spread across the city, state, or country, there’s no way they can all access a company-backed Internet connection.
So, you must do the next-best thing — educate your team on how to safely work remotely. Here are five tips, as told by a cybersecurity expert who has seen behind the curtain, to improve your Wi-Fi safety and protect your business.
1. Connect (Work Remotely) via Cellular Data
When remote employees are working on something sensitive or confidential (read: internal data), it’s best to connect to the internet via cellular data connection whenever possible. Connection from a smartphone to a personal device is encrypted and far more secure than any free WiFi.
If they don’t have a dedicated hotspot, tether a smartphone to a laptop and use that to communicate instead. In many cases, an available 5G network is faster than what the free WiFi will be.
2. Utilize a Virtual Private Network (VPN)
A Virtual Private Network (VPN) extends access to a private network across a public network, so a user can send and receive data across a public network as if their personal device was directly connected to the private network. In layman’s terms, it’s like having a private tunnel between your device and your destination. If you haven’t already, install a VPN on every worker’s device to cyber secure your virtual office.
For the remote workforce, a VPN is an excellent method to add security to employee communication, especially when leveraging an insecure connection like public WiFi. Even if a hacker accesses an employee’s device, the data will be strongly encrypted and is more likely to be discarded than run through a lengthy decryption process.
3. Always Use HTTPS
Take a look at your browser bar. Right now, the current web address should begin with https:// — that’s on purpose. HTTPS (Hypertext Transfer Protocol Secure) is an extension used for secure communication over a computer network. The majority of trustworthy sites will leverage HTTPS to encrypt communication, especially those that require log-in credentials.
Entering those credentials in an unencrypted manner could open the door to a hacker, who can then repurpose those details to access your corporate or client network. So, be sure to personally enable (and encourage employees to enable) the “Always Use HTTPS” option of frequently-visited sites. Alternatively, install a web extension like HTTPS Everywhere for Chrome, Firefox, and Opera to essentially force each website you visit to connect using HTTPS.
4. Safeguard All Settings
The settings on a personal device are the difference between leaving the backdoor wide open for cybercriminals or dead-bolting that door shut. When your remote workforce connects to the internet at a public place, be sure their settings have been optimized to prevent a cyber attack as much as possible.
For one, turn off sharing from the system preferences or Control Panel. It’s unlikely your team has anything to share with the other patrons of a café, save the hacker lurking in the corner. Secondly, turn off Auto Connect for WiFi networks and log out of the WiFi when you leave, as many of today’s devices will automatically connect to the closest available network, without regard for safety.
5. Verify Legitimacy Whenever Possible
Lastly, if you or your remote workforce ever find the dire need to use public WiFi, make sure to verify with the business that any WiFi hotspot you join is the legitimate one — not the “evil twin” — and make sure it requires a password to join. Confirm details such as the connection’s name and IP address before connecting any personal devices to the business’s network.
Stay Protected with a Cybersecurity Overhaul
Even a remote workforce that takes every possible precaution against third-party networks can encounter a cybercriminal. That’s just a risk of doing business in this increasingly digital age. As cybercriminals continue to evolve, cybersecurity best practices will also progress; and it’s up to business leaders to continue to upgrade their security practices to remain protected.
Don’t let the threat of cybercrime impact the longevity or productivity of the remote workforce. Take action today by empowering your remote workforce with the tools they need to remain safe, even when dialing in from halfway around the globe. Now is the time to invest in a cybersecurity crash course, if not for the safety of your business, for the protection of your employees and customers.