Evil twins! Man-in-the-middle attacks! Sniffers, monkey-jacks, and airsnarf!
There’s a lot more lurking in that café hotspot than extra calories from a decaf macchiato with a double pump of hazelnut.
More businesses than ever before are un-tethering their staff to work from the road, the problem is “the road” is typically a very public, very vulnerable place to access into the company’s very private, very proprietary network.
According to JiWire, a mobile ad networking company that tracks Wi-Fi trends and information, there are more than 50,000 so-called public hotspots in the United States and more than 140,000 worldwide. Hotspots are typically located at places like cafes, airport waiting areas and hotels, and offer paid or free Internet access to people on the go.
If your employees are counted among the many that drop in to log in, then taking precautions to safeguard company data needs to be a priority. “It’s potentially a big hole in your network,” says Todd Carter, author of The Wireless All-in-One Desk Reference for Dummies. Carter advises mobile workers to be protected from the moment they log in using either the company virtual private network (VPN) or some sort of encryption software. “Bottom line: encrypt everything,” says Carter.
“A secure sockets layer (SSL) VPN is ideal because it’s encrypted,” agrees Mark Tauschek, a senior research analyst from InfoTech based in London, Ontario. “You must mandate VPN usage for all employees. Just tell them if they’re going to log on from a public hotspot, they must log onto the company VPN first. There are literally hundreds of kinds of attacks launched against hotspot users.”
Here’s a roundup of the most popular methods of attack and the best way to protect your business.
Evil twin (similar to airsnarf)
“It’s become one of the most frequent kinds of attacks in this area. It’s typically launched from someone on a laptop as close as the table next to you or as far away as the apartment across the street,” says Tauschek.
This is why you need to log on using the company VPN or use encryption software.
The hacker eavesdrops on traffic coming and going while cherry picking any information that may seem valuable.
Denial of service
With this kind of attack, it’s not the company data that’s at risk. Typically, it’s the user’s patience.
Of course, the greatest security risk for road warriors doesn’t come from online hackers. It’s usually comes from a lapse in vigilance resulting in a lost or stolen laptop or other mobile device. Employees also need to be reminded to beware of curious onlookers as they work with sensitive files in public. An open notebook left unattended while waiting for that macchiato could prove to be the most devastating security breach of all for the home office.