More than half of CIOs (57 percent) believe that their mobile workers have either been hacked or have “caused a security incident” in the last 12 months, according to a new report from mobile connectivity company, iPass.
The report reveals that rising numbers now believe banning employee use of public hotspots is the only solution to protect their organisations.
The iPass Mobile Security Report 2018, researched by Vanson Bourne, surveyed CIOs and IT decision makers in 500 organisations from the US, the UK, Germany, and France.
It found that the majority of CIOs (81 percent) said their organisations had experienced Wi-Fi related security incidents in the last 12 months, with cafes and coffee shops (62 percent), airports (60 percent), and hotels (52 percent) being the most common locations for problems.
Putting the why in Wi-Fi
Risks include the use of insecure hotel or cafe networks, hacking attempts, shared data or systems access, divulging login credentials, or the receipt of malware. In some hotels, for example, Wi-Fi users may be able to see other devices on the network and, if those devices have sharing enabled, be able to access private files.
The problem appears to be most acute in the UK, where 81 percent of respondents said workers had experienced security problems using the free hotspot in cafes, in particular. Many cafes require users to register devices or credentials, and access is offered in return for marketing data.
The surveys’ respondents also reported security incidents in other public spaces, such as train stations (30 percent), exhibition centres (26 percent), and on planes in flight (26 percent).
“Mobile professionals are taking matters into their own hands, frequently taking security risks in their pursuit of staying connected,” says the report.
Mobile working is becoming the norm for many enterprises, with industry analysts Strategy Analytics predicting that there will be 1.75 billion mobile workers by 2020 – one quarter of the entire global population.
At the same time, mobile security threats are on the rise too: according to the McAfee Mobile Threat Report Q1 2018, 16 million users were hit with mobile malware in the third quarter of 2017 alone.
BYOD: Bring Your Own Danger?
Despite bring your own device (BYOD) schemes now being a mainstream IT policy, an overwhelming 94 percent of IT decision makers said BYOD had increased mobile security risks, while 92 percent said they were concerned that their growing mobile workforce presented significant security challenges.
“Despite the large number of people working remotely, Gartner says fewer than a quarter (23 percent) have been supplied with a mobile device by their employer,” says the report. “This leaves enterprises open to security risks, as they do not have control over the security settings or capabilities of devices that are being used.
“Enterprises are in a Catch-22 situation when it comes BYOD. Many enterprises realise it can improve not only employee productivity, but also wider job satisfaction. However, there is a trade-off with potential security risks.”
The mobile conundrum
“Given the amount of high-profile security breaches in recent years, it’s not surprising that this issue is on the radar of CIOs,” said Raghu Konka, VP of engineering at iPass.
“The conundrum remains: how can they keep their mobile workers secure while providing them with the flexibility to get connected anywhere using their device of choice?”
One solution is to ban employee use of free hotspots entirely; more than one-quarter (27 percent) of organisations are taking this hardline approach, while 40 percent ban their use sometimes. A further 16 percent plan to introduce a ban on public Wi-Fi in the future.
This suggests that some aspects of the mobile working culture may be on the wane.
However, with many employees working remotely or flexibly via their own devices at least some of the time, such bans may be impossible to enforce or police. This is particularly the case if organisations still expect to see productivity gains from flexible working, and still demand access to their employees while they are travelling or out of the office.
“As most electronic devices only have a Wi-Fi connection, banning mobile workers from accessing free-Wi-Fi connections at coffee shops, hotels, and airports is akin to cutting off your nose to spite your face,” says the report.
Virtual privacy
A better approach is to use virtual private networks (VPNs). In 2016, iPass found that 26 percent of companies were confident that mobile workers were using a VPN every time they went online, and this has jumped to 46 percent in 2018. However, that still means more than half of organisations (54 percent) aren’t confident about mobile VPN usage.
“While putting a blanket ban on accessing public Wi-Fi hotspots could initially appear to stop the security problem at source, the fact of the matter is that mobile workers will stop at nothing to get themselves online. There’s no point in putting roadblocks in their way without also providing a solution,” said Konka.
“With a secure connection through a VPN, enterprises can have confidence that Wi-Fi hotspot usage will have a positive, rather than negative, impact on their business.
“The key for organisations is to educate mobile workers about today’s security threats, and to provide them with the tools to remain productive and secure,” he added.
But is it that simple?
The report adds, “There are several barriers preventing mobile workers from connecting to VPNs, including the fact that mobile workers might not want personal data to run over the corporate network, and connecting to VPNs can take extra time.
“[Therefore] the challenge lies in building employee knowledge of the importance of using VPNs every time they go online, and how to connect to one in a quick manner.”
Internet of Business says
The key with mobile security is not to regard it primarily as a technology problem demanding a technology solution, but to see it first and foremost as a matter of common sense and enforceable policy.
Assume everyone is watching or listening and proceed from that point. After all, hackers – and journalists – are well aware of people’s lack of common sense in public spaces.
Then add technology, and mix to taste.
Read more: GDPR: Consumers demand more data privacy from the IoT
Read more: IoT Security: How to fight attacks on health, energy, and transport
Read more: Reports reveal critical need for IoT cybersecurity upgrade
Read more: IIoT security: How to secure the ‘Internet of Threats’, by IBM