Almost every minute of every day someone in an organization is connecting a device to a public Wi-Fi network, a significant percentage of which are unwittingly being employed to distribute malware to whoever comes along.
A new survey published the week by SpiceWorks, which manages an online IT community. A total of 61 percent of organizations surveyed said their employees connect company-owned devices to public Wi-Fi networks when working outside of the office. The rest are either ignorant of how employees behave outside the office or are willfully ignoring the issue. Nor does the survey address the number of time employees might be using their personal devices to access corporate applications over a public network.
Naturally, not all public WiFi networks are created equal. The WiFi service provided by Starbucks, for example, are actively managed by a large corporate IT staff. The wireless network that a doctor makes available to patients in their waiting room is likely to be completely infected.
Providing access to Wi-Fi services enhances the customer experience; especially in any environment where people need to wait for some service to be performed. The problem is no one seems to care that many of these networks are pathways for malware that then gets distributed on to corporate networks the next time an individual gets back to the office. Much of that malware gets eventually discovered, but usually not before it inflicts some level of damage.
Most corporations do a good job of securing their own internal wireless networks. The survey finds 94 percent of organizations have implemented standard Wi-Fi security protocols, such as WEP, WPA, and WPA2. Additionally, 77 percent of companies have a separate guest Wi-Fi network for visitors, and 75 percent enforce the use of strong administrator passwords on wireless networking devices.Of the corporations that deploy internal #wifi, less than half require strong passwords and only 29% enforce #authentication on a per-user basis. Click To Tweet
At the same time, however, just half (53%) use strong SSID names, while less than half (48 percent) enforce the use of strong Wi-Fi passwords. Only 29 percent enforce Wi-Fi authentication on a per-user basis. Less popular security measures include restricting Wi-Fi access with Group Policy (21%); disabling SSID broadcast (20%); using MAC address filtering (19%); and setting up a DMZ to segregate traffic (18%). Furthermore, only 17 percent encrypt data beyond what standard security protocols enable.
Containing malware is much like a public health issue. If we told people that half the water supply was infected with a norovirus that was making people sick, there would be much hue and cry about the need to make sure the water supply was secure. But when it comes to malware that is being employed to compromise systems in ways that can ruin lives, we all continue to blithely go about our business.
It’s clear some level of regulation needs to be imposed on public WiFi services to make sure they meet at the very least a minimum level of security. Most of the customers of the organizations providing free WiFi services would be a lot better off if organizations were required to make those services available through some third-party entity responsible for maintaining security. That won’t ever eliminate the problem completely. But it would go a long way towards containing the potential spread of malware. However well meaning provides of public WiFi services may be, there’s no getting around the fact that many of them have inadvertently become complicit in the distribution of malware. The issue now is deciding as a matter of public policy how much longer we are willing to tolerate a convenience that all too often does us more harm than good.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.