Is it dangerous to log on to a public WiFi network?

In December 2014, Australian police arrested 50 members of a criminal syndicate that stole more than $6 million with identities they hacked from people’s phones through a free WiFi network.

In another incident, hackers launched fake¹ public WiFi hotspots during the Olympic games in Rio de Janeiro in 2016 to harvest confidential data from unsuspecting users. No one knows for sure what data was stolen but it likely included passwords, credit card numbers and other information that thieves later used to commit identity theft or other types of fraud.

So, if you’re accessing company servers or the corporate email from a public WiFi connection, then you and your company are at considerable risk.

Coupled with demands for hybrid work practices post-pandemic, mobile devices are now also integral to the way we work. The average employee today is a mobile-first user, connecting ‘anywhere, anytime’, accessing more data, collaborating with coworkers, completing business transactions, and using a myriad of apps with their smartphones.

In fact, nearly 76%² of employees use their mobile devices to communicate with the office with seven in 10 individuals using their smartphones to send work emails. Protecting such mobile-first enterprises is difficult because using unmanaged mobile devices increases your company’s vulnerability to mobile threats as apps are often the front door to risk.

And with over two-million² unique mobile malware discovered in 2021, it’s easy to see why connecting remotely to your office via an unsecured or public WiFi network poses significant risks to your staff and organisation.

Public WiFi risks that could endanger your organisation

Logging on to an unsecured public WiFi network is akin to driving without your safety belt strapped in. Without the necessary protection, you risk lasting damage. For the unsuspecting employee, that could be theft of personal and company data, confidential financial information, passwords, and other critical login credentials.

If your employees work from cafés, on trains, or in airports, you should be mindful of the following hidden dangers of public WiFi:

Evil Twin

A rogue WiFi network or ‘evil twin’ is designed to fool the user by approximating the look and access of a legitimately secure WiFi network. For example, a network offering "Free WiFi" and named after a nearby cafe is an obvious example of an evil twin attack. After the network is set up, it's easy for victims to mistake the fake, evil twin network for a real one, because the network's name looks legitimate.

Man-in-the-middle (MITM)

Another common hack is MITM attacks. Hackers position themselves between your employees who are using the WiFi and the connection point so they can intercept and harvest company data.

Malware distribution

An unsecured WiFi connection is the perfect conduit to distribute malware. Having infected software on your computers and devices can be financially crippling to your organisation.

Eavesdropping on WiFi signals

Another public WiFi risk are the use of special software kits to eavesdrop on WiFi signals. A hacker can retrieve employee login credentials and even hijack their accounts unnoticed, giving them access to everything your remote workers are doing online.

How to protect your organisation on public WiFi networks

The challenge with using public WiFi networks is the lack of information about what level of encryption is available (if any) and who controls and monitors the data traffic. While WPA2 is the strongest WiFi encryption currently available, many public WiFi network operators have not upgraded. WPA, a less secure predecessor, and WEP (the weakest) are still widely used and easily hacked. According to a report by Kapersky Security Network, approximately 24.7% of public WiFi hotspots across the world do not use any encryption at all.³

Here are several practical steps you and your employees can take to protect yourselves:

Be extra vigilant

Verify the actual name of the network you’re connecting to. Just because it includes the name of the shop or café in the network ID, doesn’t mean they actually own it. Also, be wary of networks that ask for sign-in information because hackers often create sign-in pages to harvest your login credentials. But most of all, don’t treat the public WiFi like your home connection. Stay off all online shopping and banking until you get to a secure network and don’t use your credit card for anything on the public network.

Check your device settings

Update your operating system and ensure your applications are up to date. Check that your device settings don’t automatically connect to a WiFi network. Enable ‘always use https’ on frequently visited websites that require login credentials. Https sites are encrypted.

Use a cellular connection instead of the public WiFi service

With more than 60%² of global web traffic going through mobile phones, the temptation to connect to an unsecured public network is often too difficult to resist. In a survey⁴ of more than 15,000 respondents, 80% admitted to using their smartphones to access unsecured public networks and transmit sensitive data such as email or online banking.

It’s easy to understand the appeal. Public WiFi networks are quick and easy to log on to, there’s no need to setup any encryption or VPNs on devices, it’s zero maintenance, low hassle and more importantly, zero or low cost.

In fact, mobile users with restricted data (less than 4GB a month) were more likely to log into available public WiFi networks to conserve data once it dropped below 40%⁵.

A StarHub Enterprise Mobile plan with large data bundles and secured with Mobile Threat Defence could be the ideal solution to address this issue.

Designed to help employees mitigate security risks with inexpensive, ‘anywhere, anytime’ secure WiFi access, StarHub Enterprise Mobile plans are contracted subscriptions to companies, not employees. They offer higher talk times and generous data allowances to enhance staff collaboration and efficiency while boosting productivity.

When employees use mobile devices to connect over StarHub’s cellular network, there is a direct 1:1 connection between the device and the cellular provider. Their identities are authenticated via the device’s SIM chip, among other things, and the connection between the mobile device and the provider is encrypted, ensuring enterprise data accessed on the mobile device are not exposed to the threats listed above.

To ensure the most comprehensive mobile security for employee mobile devices, StarHub also offers Mobile Threat Defence (MTD) available to all Enterprise Mobile plan subscribers. MTD delivers persistent monitoring of threats across secure and unsecured network connections to prevent, detect and remediate cyber-attacks in real-time. These include phishing attacks on mobile devices, networks, and applications.

StarHub MTD uses billions of data points to understand mobile risks by employing machine learning algorithms to train threat models and secure mobile endpoints against known and unknown threats.

Take Your First Step to Secure WiFi Access

While public WiFi is a widely used convenience, it’s also associated with risks that can compromise an employee’s personal information and expose critical enterprise information. The more you take your chances with a free network connection, the greater the likelihood your company will suffer a security breach. A StarHub Enterprise Mobile plan and Mobile Threat Defence can help your company navigate security challenges even as you look to accelerating business growth in the digital age.

Check out our mobile solutions for your enterprise.

¹ Internet Minefield: Beware of fake WiFi spots in Rio stealing user data

² 2022 Zimperium Global Threat Report 2022)

³ Research on unsecured Wi-Fi networks across the world, Kapersky Security Network.

⁴ Norton Global Wifi Risks report, 2017.

⁵ Factors influencing users to use unsecured wi-fi networks: evidence in the wild, University College London, 2019.