Keeping Corporate Data Protected in the Age of the Mobile Worker

The technological advances that have occurred over the past couple of decades have made it easier than ever to be a mobile worker; with developments like video-conferencing and WiFi allowing staff to be in important meetings and share vital company documents from anywhere in the world.

The number of mobile workers is set to hit 1.75 billion in the next couple of years, and companies are now having to deal with issues they did not previously encounter when their whole workforce kept the same hours and operated in one central location.

One of the issues keeping CIOs up at night is mobile security, particularly the security issues that could arise from employees using unsecured public WiFi hotspots. In a recent surveyfrom iPass, more than 80% of CIOs said they had experienced WiFi-related security issues over the last 12 months, with almost all agreeing the rise of "bring your own device" policies has been a huge contributing factor.

Many coffee shops, supermarkets, and buses or trains now have freely available public WiFi. (Image: Bernard Hermant, Unsplash)

Buy a coffee, get a hack free
The combination of the explosion of free public WiFi, an increasingly mobile workforce and sophisticated cyber attacks are creating something of a perfect storm for IT teams. In response, they are having to tackle these new problems on the spot, adopting speedy solutions and implementing policies to protect systems and data. However, while it is very important to maintain high levels of security, the seamless and constant mobility needed by the modern employee should not be negatively impacted as a result.

Understandably, WiFi hotspots in public places like cafés, hotels and airports are essential to mobile workers looking to stay connected. However, these three locations are a hotbed for WiFi-related security incidents, with CIOs identifying them as the sites where this most frequently occurs. Indeed, 57% of CIOs suspect one or more of their mobile workers have been hacked or experienced a mobile security issue in the last 12 months, so it really is no surprise that organizations are looking for ways to address the problem. 

Is a blanket ban on public WiFi the answer?
When addressing the security concerns arising from public WiFi usage, many of the CIOs in the iPass survey have taken somewhat radical measures, including a blanket ban on remote workers using public WiFi hotspots. At the time of the study, just over two thirds of CIOs have already implemented some form of WiFi hotspot ban, with a further 16% expecting to do so in the future.

While this policy may help IT decision makers feel like they have reduced the risk of data breaches, this is not necessarily true. An outright ban will only protect against one specific connectivity issue, and while the decision to limit use of public WiFi hotspots can work in the short term, it fails to promote understanding of wider security threats.

Mobile workers will always have urgent tasks to complete, regardless of whether they have consistent access to secure networks. Users require on-the-go connectivity, be that on a personal or a corporate-issued device and will find a way to get connected. Companies must have procedures in place throughout the business to enable this connectivity, without risking security breaches.

VPNs are not being universally used
One way to strike this delicate balance is promoting the use of corporate VPNs when employees work remotely. VPN services work somewhat like a protective bubble for businesses, helping to secure the mobile workforce when using public WiFi, regardless of location or device. There are clear benefits to this, as VPNs can help to solve the issue of WiFi hotspot use in vulnerable public locations, by extending a private network over the unsecured internet connections offered in cafés and hotels.

Despite VPN use being on the rise, less than half of CIOs are fully confident mobile workers use a VPN each time they go online, impacting the protection they can deliver. One of the problems hindering widespread use of VPNs is, thankfully, easily fixed. Businesses looking to increase numbers of mobile workers using VPNs when they go online must educate staff on the potentially damaging impact not using them can have, making sure their implementation and use is as easy for the end user as possible.

A growing number of 'remote' employees now work from coffee shops, using public WiFi for multiple hours a day. (Image: Brooke Cagle, Unsplash)

Mobility and security should not be exclusive
The decision to ban the use of public WiFi hotspots is a very short-sighted solution for businesses. It does not solve the wider knock-on effect of reduced employee mobility, nor the fact that many employees do not wish to be restricted by IT policies.

So, what is the answer? A multi-pronged approach is the best way to strike the balance between security and mobility; instead of blocking WiFi hotspot use at popular venues for remote workers like cafés, airports and hotels, businesses should educate employees on the various threats open WiFi networks can have. Only then can users be aware of how to identify dangerous networks and learn best practices to avoid them altogether.

From a technology point of view, mobile workers must be protected by businesses like any other key asset. This means developing appropriate data and identity security strategies that do not drive users to alternative, less manageable and less productive ways of handling corporate data.

In today's digital economy, banning employees from using WiFi is simply not a practical way to protect mobile workers, user identities and corporate data. Connectivity is a vital, cost-effective way for employees to stay productive both at home and abroad. Businesses should combine employee education and secure connectivity technologies to ensure the workforce is able to remain productive, but in a secure manner, regardless of their physical location.

— Mato Petrusic, VP EMEA, iPass