Huge advances in technology over the past couple of decades mean it is now easier than ever to be a global worker. From video-conferencing into important meetings from anywhere in the world to sharing vital company documents with colleagues on deadline in London from the comfort of a hotel in Beijing, staff mobility has been completely transformed. With the number of mobile workers set to hit 1.75 billion in the next couple of years, companies are now faced with issues they did not previously encounter when the workforce all kept the same hours and operated under one roof.
One such threat that is keeping CIOs up at night is mobile security, in particular, the security issues posed by employee use of unsecured public Wi-Fi hotspots. In a recent iPass survey, more than 80% of CIOs said they had experienced Wi-Fi related security issues over the last 12 months and almost all agreed that the rise of Bring Your Own Device policies has contributed to these increased mobile risks.
Remote working – daylight data robbery!
IT teams are facing something of a perfect storm: a rapidly growing mobile workforce, the explosion of free public Wi-Fi and more sophisticated attackers. In response, they are largely having to tackle these new problems on the spot, adopting speedy fixes or policies to protect systems and data. While maintaining high levels of security is important, it shouldn’t have to come at the expense of the seamless, constant mobility demanded by the modern employee.
Wi-Fi hotspots in public spaces such as cafés, hotels and airports are understandably vital to mobile workers looking to stay connected. However, these public places have come under fire, with CIOs identifying these three locations as the top sites for Wi-Fi related security incidents. In fact, 57% of organisations suspect that one or more of their mobile workers have been hacked or caused a mobile security issue in the last 12 months, so it’s no surprise that they are looking for ways to address this problem.
Is banning public Wi-Fi the solution?
In response to security concerns around public Wi-Fi usage, many of the CIOs in the recent iPass survey have taken a somewhat radical stance: outright banning their remote workers from using public Wi-Fi hotspots. Overall, just over two thirds of CIOs had enacted some kind of Wi-Fi hotspot ban, with a further 16% expected to do so in the future. While this measure can help IT decision makers feel as though they have cut the risk of data breaches, this is not necessarily the case. A blanket ban only protects against one specific connectivity issue, and while making the decision to limit use of public Wi-Fi hotspots may help in the short-term, it does not promote understanding of the wider security threat.
Mobile workers may not have consistent access to secure networks, but will always have important tasks to complete that require on-the-go connectivity. Whether it is using either a personal or a corporate-issued device, users will find a way to get connected. Businesses need to have company-wide procedures in place to enable this to happen without risking security breaches.
Employees aren’t always using VPNs
One way that businesses can strike this delicate balance is by encouraging employees to use corporate VPNs when they work remotely. VPN services can provide businesses with a protective bubble that helps secure the mobile workforce when using public Wi-Fi, regardless of location or device. The benefits of this are clear, as VPNs can help to overcome the issue of using Wi-Fi hotspots in vulnerable public locations, extending a private network over the unsecured internet connections offered in cafés and hotels.
Though VPN use is on the rise, less than half of CIOs are fully confident that mobile workers use a VPN every time they go online, calling into question the protection that they deliver. One of the issues holding back widespread use of VPNs is, thankfully, rectifiable. Businesses looking to increase the numbers of mobile workers using VPNs when they go online need to properly educate staff on the potentially detrimental impact not using them can have on the business, making sure that their implementation and use is as seamless for the end user as possible.
Mobility and security can go hand-in-hand
The decision by some companies to ban the use of public Wi-Fi hotspots is an extremely short-sighted one. It does not address the wider business implications of reduced employee mobility, nor the simple fact that many employees do not want to feel restricted by IT policies.
So, what can be done? A multi-pronged approach is the most effective way to strike a balance between security and mobility; rather than blocking Wi-Fi access at popular remote working venues such as cafés, airports and hotels, enterprises need to educate their workforces on the various threats to their business from open Wi-Fi networks. Only then can users be taught how to identify risky networks and learn best practices to avoid them in the first place. From a technology standpoint, businesses need to protect their mobile workers as they would any other key asset. This means developing an appropriate data and identity security strategy that does not drive their users to alternative, less manageable and certainly less productive methods of handling corporate data. The tools to achieve this are already available.
In today’s digital information economy, banning the use of Wi-Fi is simply not a practical means to protect mobile workers, user identities and corporate data. Wireless connectivity is essential to employee productivity and is a cost-effective means to keep mobile workers productive both at home and abroad. Companies should combine employee education and secure connectivity technologies to ensure their workforce is both productive and secure, regardless of their physical location.
Mato Petrusic, Vice President EMEA, iPass