Employees are used to being connected 24/7. When a data signal is low, or a device is not connected to a data plan, most people don’t hesitate to scan for open WiFi networks, connecting to public or even unsecured private networks. Stop in any major coffee shop and you’re likely to find someone with a tablet or laptop open, working remotely, likely from a public WiFi connection. Go to any airport or hotel and you’ll see even more people using public WiFi. Remote work offers great productivity advantages, but that public WiFi is putting corporate data at risk.
To see how insecure public WiFi is, take this example of a social experiment. A hacker goes into a cafe and, in 20 minutes, knows where everyone was born, what schools they attended and the last few things they Googled. He knows their passwords and could easily steal their identity. The data on their devices? Completely exposed. All thanks to a discreet device that was able to mask itself as a trusted WiFi network to all the smartphones, laptops and tablets in the cafe. The same data could be exposed by anyone using simple freeware.
Although this instance focused on the impact to the individual, let’s look at how that creates corporate risk. Corporate data stored on that device would be breached. If connected to the corporate network, that access could be exploited. Shared password would be exposed, giving hackers future access to the corporate network. Data on the device could be successfully exploited for phishing schemes to the many corporate contacts stored on that device. All from using Public WiFi.
Our own survey results show that at least 27% of Millennial employees (age 18-34), who are beginning to make up the bulk of the workforce, are most likely to be cavalier in device use, doing things like accessing personal email on corporate devices or using public WiFi. Yes, some public WiFi networks are better than others, but none are infallible.
Organizations can also take steps to protect corporate data on the endpoint with:
With the proper training and IT support, backed with Persistence technology, organizations can make strides to offset the kinds of employee behaviour that put corporate data at risk.