More than half (57%) of global IT leaders believe their mobile workers have been hacked over the past 12 months, with public Wi-Fi hotspots the prime location, according to iPass.
The connectivity solutions provider polled CIO and IT decision makers from the UK, US, Germany and France to compile its iPass Mobile Security Report 2018.
Almost all respondents (94%) believe BYOD has introduced greater security risk to the organization, with 81% noting Wi-Fi security incidents over the past year – in locations like cafes (64%), airports (60%) and hotels (52%).
These unsecured hotspots represent a goldmine for hackers to launch covert man-in-the-middle and other attacks designed to spread malware and harvest user log-ins.
Many of these security holes will be plugged by the forthcoming WPA3 standard, which will support individual data encryption tunnels, but there are caveats, according to Raghu Konka, iPass VP of engineering.
“As with any new standard, it will take some time before WPA3 becomes mainstream,” he told Infosecurity.
“For starters, the onus will be on every hotspot owner to make sure access points are WPA3 compatible. Even now there is no guarantee that every hotspot is using the latest level of encryption and that is unlikely to change even with WPA3.”
VPNs are the only sure-fire way to stay secure whilst on public Wi-Fi, he claimed.
However, UK IT leaders were least confident (38%) that their mobile workers are using a VPN every time they go online.
Despite this, almost half (42%) of them claimed to have no plans to ban the use of free Wi-Fi hotspots by employees – much higher than their counterparts in the US (9%), Germany (10%) and France (12%).
“UK organizations seemingly have no problem embracing mobile working, but when it comes to implementing a corporate policy around it they seem to be more laissez-faire. With heightened mobile security risks, they need to do a better job of enforcing secure mobile working policies,” continued Konka.
“Employees remain one of the biggest mobile security threats, so it is imperative organizations continually educate their mobile workforce about the dangers of free Wi-Fi, and encourage them to use measures such as corporate VPNs as second nature.”