While public Wi-FI can be very convenient, both for users and providers, it also introduces a number of security challenges. Unsecured or under-secured public Wi-Fi networks can expose users to cyber threats like identity theft, financial fraud and data breaches. Once they are connected, attackers can monitor all traffic, extract sensitive data, and even inject and spread malware.
DNS queries are fundamental to the functionality of the internet; every time you access a website, you’re sending a DNS query. Some of these can be malicious. In fact, an average internet user might access as many as 5,000 DNS queries a day and up to five of those might be malicious. That’s equivalent to 1,825 incidents per year. A malicious query can be a wide range of activities, from phishing to ransomware to cryptojacking. Often, these queries take the form of redirecting traffic from a legitimate website to a similarly named malicious website.
This brings up a quandary: Today, offering public Wi-Fi is table stakes for places like hotels, airports and even restaurants. For these businesses, providing this service is part of the customer experience. Going to a hotel and discovering they don’t offer free public Wi-Fi is almost shocking. However, it comes with risks. Research from OnePoll found that public Wi-Fi at restaurants and cafes accounted for 25% of all personal data compromise, with airports at 23% and hotels at 20%.
The easy solution is to just not offer this service, but from a business standpoint, that’s not realistic. Ensuring you can provide safe, secure public Wi-Fi can protect your company and your customers. It can even become a competitive differentiator.
How do you do this? It starts with understanding the threats to these networks, with enough context that you can understand the most effective and affordable solution. It’s also key to understand some of the best practices to follow to keep public Wi-Fi use safe for your business and your end-users.
Exploiting public Wi-Fi vulnerabilities
Public Wi-Fi networks have vulnerabilities that leave organizations open to many threats that can result in data breaches, theft of customer data and possible financial losses. To make these networks secure, organizations need to understand their many risks.
These are some of the biggest public Wi-Fi network threats:
- Malware: Malicious software comes in many varieties; its aim is to sneak onto or damage a network.
- Ransomware: This kind of malware encrypts an organization’s files and requires a ransom to decrypt that data.
- Man-in-the-Middle (MitM) attacks: Hackers tap into two parties’ communication and either listen in or change the data they are transmitting.
- Advanced Persistent Threats (APTs): APTs occur when attackers sneak onto a network and exfiltrate data over time. They get into a device while a user is accessing a public network and then persist their access when the user gets back on the corporate network to expand their undetected access.
Five best practices for Wi-Fi security
There are proactive steps organizations can take to secure their public Wi-Fi. These steps create the foundation for a holistic security strategy to keep the network resistant to data breaches and an array of cyberattacks, and to keep customer data safe.
One step is to implement encryption standards.Use WPA3 for Wi-Fi networks or other robust encryption protocols to make sure that data sent via the network is encrypted. That makes data interception difficult for attackers.
Another step is web content filtering, which is crucial in blocking access to malicious content and sites that might jeopardize the Wi-Fi network’s security. Organizations can substantially lower their risk of breaches introduced via web browsing by filtering out phishing URLs and other known malicious sites and categories of sites that usually disseminate malware.
Installing firewalls is important, too, because they form a barricade between the internet and the public Wi-Fi network. They use predetermined security rules to observe traffic in both directions. If they are configured right, firewalls are good at preventing unauthorized access and some kinds of attacks.
Another step is to disable file sharing. This feature can be highly risky on public networks because it could let attackers directly access sensitive data or install malware. It involves turning off Bluetooth discovery and anything else that’s not essential. This helps make the attack surface as small as possible.
Finally, useVirtual Private Networks.They make encrypted tunnels that enable data to securely and privately pass between the network and the user. Mandating use of VPNs for those using public Wi-Fi will help safeguard data from hackers trying to grab sensitive data.
A secure experience for all
Public and guest Wi-Fi is a key service for today’s businesses (and other institutions) but these services represent massive risk as well. Public Wi-Fi must meet the same cybersecurity standards of any other business system. Many network threats lie in wait, and attacks continue to increase in sophistication and volume. Check the list of Wi-Fi security best practices noted above against your current practices, adjust and upgrade as needed. This will ensure a safe experience for your users and your network.