By now, you probably know that thanks to hackers, you can’t always trust public WiFi networks. If you connect to a shady access point, your data, credentials, or device could be compromised. The threat is very scary in theory, but how dangerous is using public WiFi in the real world? And how much do IT departments need to worry about data security when users and devices venture outside the corporate firewall?
To get the answers to these questions and more, Spiceworks surveyed more than 500 IT pros from North America and Europe who work in organizations of various sizes. Respondents to this survey represented a wide variety of industries, including manufacturing, healthcare, government, and education.
According to our research, 61% of organizations surveyed said employees connect company-owned devices to public WiFi networks when working outside of the office in places such as hotels, airports, and cafes. The same research revealed that on average, 13% of employees work remotely a majority of the time.
So employees are definitely using public WiFi to varying degrees, but how many are encountering security threats? In a separate Spiceworks poll, 12% of IT pros said their organization had experienced a security incident involving employees on public WiFi. One IT pro elaborated: “Many hotels in my area have been the target of man-in-the-middle WiFi attacks.”
Additionally, 34% of IT professionals can’t say for sure whether or not a security incident has occurred, because incidents such as unauthorized attempts to log into a WiFi enabled laptop may go undetected or unreported. As one IT pro explained: “The problem is you are most likely to never hear about such incidents from your users. How would they know if someone has been trying to gain unauthorized access to their device? An 'unwanted' denial of service is more likely to be put down to a flaky signal.”
Bottom line: When it comes to protecting corporate data and devices on public WiFi, IT pros are quite worried. According to Spiceworks' data, 92% of IT pros have concerns about the security risks associated with using public WiFi on company-owned devices.
Also according to the research, 68% of IT professionals are confident their businesses leaders are informed about the dangers of connecting to public WiFi, compared to 64% of employees. However, only about half of IT pros can confidently say their organization’s data is adequately protected when employees use public WiFi networks.
Additionally, many IT pros doubt whether members of their organizations follow security best practices. For example, 63% of IT pros are confident that employees use a VPN connection when using company-owned devices on public WiFi, which suggests that many others could be vulnerable if they end up sending sensitive, unencrypted data through public channels.
Despite the grim numbers mentioned above, some organizations are making efforts to mitigate the dangers of using public WiFi by providing access to wireless data services for remote employees. After all, using a dedicated mobile hotspot connection to a trusted wireless provider’s network is more secure than a random connection to a coffee shop’s shared WiFi.
According the data, 45% of organizations equip remote workers with mobile hotspot technology, so at least some employees have the option of staying connected without joining public WiFi networks.
WPA3: A glimmer of hope
To address current vulnerabilities and improve the current state of security, the Wi-Fi Alliance, the organization that develops WiFi standards, earlier this year announced plans for a new WPA3 security protocol. The new protocol is expected to offer enhanced encryption functionality and use a new handshake authentication process that will be harder to compromise. Last year, security researchers discovered vulnerabilities in WPA2, known as KRACK
In a recent Spiceworks poll, 53% of IT pros said they’re confident that the WPA3 protocol will make WiFi networks more secure. This shows there’s hope that connecting to public WiFi networks will be a less risky endeavor in the near future.
But at the same time, it’s highly unlikely that WPA3 will be the answer to all WiFi woes. Hackers will not rest, and the world can be sure that malicious actors will always be looking for ways to defeat new security technologies. Thus continues the development of ever-more sophisticated threats to counter evolving security defenses.