The UK economy loses about £27bn a year due to cybercrime.
And of all the online threats facing businesses (large and small), ransomware is by far the biggest, according to the chief executive of the National Cyber Security Centre.
Ransomware is a form of cyber attack when criminals access a company’s network, encrypt all the data and demand money (hold it for ransom) in exchange for releasing the information.
It’s a type of attack that’s becoming more professionalised.
Gangs of online criminals will target large numbers of businesses at once.
One of the reasons they’re able to launch these attacks is many business owners and employees simply aren’t aware of the risks they’re taking in some situations.
A common security risk is using public wifi (like that found in coffee shops, train stations and airports) for business.
Employees often think nothing of connecting to any free wifi network (particularly if they’re low on data or have a weak mobile connection).
They’ll log into company systems, or send sensitive commercial information over emails.
This is incredibly risky.
Unlike a dedicated company network or a home broadband connection (which you need a password to get into), these public wifi connections aren’t secure.
Anyone within range of the signal can connect.
There are several ways relying on public wifi can put your company devices and sensitive information at risk.
In this blog, business mobile phone specialists Communications Plus outline the main threats to be wary of.
‘Rogue’ wifi networks
Things are not always what they seem when it comes to public wifi networks.
Criminals will often trick users by setting up their own wifi network, making it look similar to an ‘official’ network in the hope users will log into it.
The names of these fake networks will look the same as the official network, for example:
- The official network could be called: Coffeeshop_network
- The fake network would be coffeeshopnetwork1
If an employee isn’t concentrating, it would be easy to use the compromised network.
Criminals will also often try to entice users by adding the word free to their network, which catches the eye.
For example, the rogue network could be called freepublicwifi.
Logging into this network allows criminals to monitor what employees are doing on their devices, and gain access to sensitive information.
Man in the middle scams
One thing many people who use public wifi aren’t aware of is that because there’s no password or ID security, it’s technically possible for anyone logged into the network to see what other people on the network are doing.
They just need the know-how, which cybercriminals have.
And because there’s no security, data and information sent over public wifi isn’t encrypted.
This means it can be intercepted and read.
‘Man in the middle’ attacks happen when cybercriminals position themselves between a user’s device and the wifi network.
Once they’re ‘in the middle’, criminals can read information sent over the network, including passwords or sensitive commercial and personal data.
Infecting devices on public wifi with malware
Malware (malicious software) is a file or code that infects a device and allows criminals to virtually monitor or take control of it.
It’s a common threat when using public wifi because the network will usually have a large number of devices connected to it, and has no security.
This allows criminals to send the malware over the network easily, infecting any connected device.
Once criminals have access, they can corrupt or steal data, often without the user realising until it’s too late.
Using snoop attacks
As we’ve mentioned, one of the biggest problems with public wifi is that anyone on the network can monitor what everyone else on the network is doing if they know how.
These snoop attacks are a simple form of cyber attack.
Criminals simply use the unsecure public wifi to piggyback into an employee’s device.
Then they sit in the background and watch what your employee is doing.
Criminals can monitor keystrokes and steal passwords or access sensitive commercial and personal information being shared.
Often the user won’t even know this is happening, and it can be months – sometimes years – before the breach is identified.
Using ‘discover new networks’ features
If employees are becoming overly reliant on public wifi, they may set their connection preference to ‘discover new networks’.
This automatically scans for available wifi networks in range so the employee can connect to them.
They might not know this discovery feature makes their device visible to anyone els within range of their phone’s signal.
Any criminals within range could connect to their devices and then steal or corrupt data.
Protecting business mobile phones from attacks
While software is constantly advancing to protect devices and data from attacks, this doesn’t account for the human element.
And this is where much of the problem is.
More than 80% of data breaches in organisations are linked to a ‘human-related vulnerability’, according to a 2022 Data Breach Investigations Report (DBIR).
If employees are going to be using business phones, or any mobile device when working remotely, it’s crucial you have guidance in place, so they understand the risks of using unsecure wifi networks.
Failing to bridge the human knowledge gap around cybersecurity already poses a considerable threat to companies.
Passionate Writer, Blogger and Amazon Affiliate Expert since 2014.