Companies Believe Coffee Shops Present Biggest Threat To Be Hacked
A report found businesses in the United States and throughout Europe have growing concerns about the possibility of getting hacked and are particularly worried about remote workers being compromised while on public Wi-Fi in places like coffee shops.
Mobile security firm iPass surveyed 500 technology companies in the U.S., U.K., Germany and France for its annual Mobile Security Report and found 93 percent of those surveyed were concerned about growing security challenges—including nearly half that said they were “very concerned,” up significantly from 2016.
U.S. companies led the world in worry according to the survey, with 98 percent worrying about the increasing number of mobile security challenges.
The UK, France and Germany all hovered closer to 90 percent. Nearly one in 10 companies in the UK said they had no significant security concerns at all, while no other country had more than two percent of companies surveyed express zero concern.
Raghu Konka, vice president of engineering at iPass, told International Business Times security concerns in the U.S. are so high because “the U.S. as a nation adheres to lot of ‘privacy laws’ and there are dire consequences for a corporation or individual who is responsible for any data breaches that happen. So, securing critical information is an absolute necessity.”
The biggest threat perceived by companies, especially those with mobile workers, is public Wi-Fi. Seven in 10 respondents identified connecting to a public network as a top concern for security, followed by lack of encryption, hotspot spoofing and unpatched operating systems.
It is worth noting the survey was taken prior to the spread of the WannaCry ransomware, which infected more than 300,000 computers across 150 countries, including computer systems at hospitals and major corporations. That attack spread due primarily to a vulnerability in Windows that Microsoft has offered a patch for but many people had yet to download and install.
While major malware attacks present a threat, many companies worry workers on public internet connections present a more constant one, especially man-in-the-middle attacks where an attacker can intercept communications from a person’s device without the person knowing.
“Man in the middle attacks are of such great concern because they’re so easy to perpetrate,” Konka said. “Enterprises that deal with the personal and financial data of their customers are at even greater risk of these attacks. At public Wi-Fi locations, the airwaves are open and any attacker with a simple antenna can mount an attack.”
Businesses are most worried about CEOs and other executives being compromised, though any level employee with access to sensitive files can lead to larger issues. A recent hack of restaurant search engine Zomato occurred because an employee account was compromised and provided access to one of the company’s servers.
Coffee shops top the list of highest risk for most businesses, with 42 percent of respondents saying are concerned when employees work from cafes, where networks are often unprotected and ripe for attack. Thirty percent of businesses were concerned about employees working at airports, 16 percent said hotels, seven percent said exhibition centers and four percent said airplanes.
In response to the security risks associated with being connected to unsecured Wi-Fi networks, many businesses reported they considered banning work from public hotspots. Sixty-eight percent have put some restrictions on employee access to public Wi-Fi, including 33 percent of companies that have banned its use entirely.
These restrictions create problems for employees who work outside of the standard 9-5 hours or work remotely—an option that the Harvard Business Review found increases worker productivity and saves the company money.
“Organizations need to understand that people working remote want, need and expect to work wherever they are and however they can,” Konka explained. “Because you can’t enforce a blanket ban on public Wi-Fi, education becomes essential. Businesses need to enforce security solutions with as close to zero user input as possible, so that they don’t detrimentally impact productivity nor get circumvented as a result.”
Konka advised businesses encourage employees to only connect to secured sites when on public Wi-Fi and to always use a virtual private network, or VPN, to protect and encrypt activity. VPNs create a secure connection between a user’s device and a remote server that handles all traffic to and from the user, preventing the network—or anyone else on it—from seeing the activity.
He also recommended following best security practices like never initiating financial transactions over public networks, keeping machines up to date, and being cautious about opening emails from suspicious sources.
Konka also noted much of the protection comes from companies educating their workforce about threats and providing them the necessary tools to combat them.