Man-in-the-middle attacks, malware distribution, snooping and spoofing, malicious hotspots – public WiFi networks are full of security risks and a prime hangout for cyber criminals.
So great is the threat presented by cyber criminals lurking on these networks that some businesses have resorted to banning use of public WiFi by employees, according to the 2018 Mobile Security Report by iPass, a global WiFi service. Many businesses are doing this simply to protect business data and avoid data breaches.
But even banning the use of these networks doesn’t deter some employees. In a recent report, Symantec, a global leader in next-generation cyber security, found that 60% of survey respondents felt that their information was safe on public WiFi – despite 53% stating they can’t tell the difference between a secure or unsecure public WiFi network.
The fact is that businesses are not only ill-equipped to deal with the security risks presented by employees connecting to public WiFi connections, they also have no idea of what it is they need.
If businesses – and their employees – are to use these networks, they need some form of online encryption. With cyber criminals using increasingly complex methods of attack, the importance of a VPN (or online encryption solution) for small businesses cannot be understated.
If yes, it’s important to understand that most public WiFi networks or hotspots (such as those found at airports, cafes or train stations) are inherently insecure. According to the 2018 Mobile Security Report by iPass, 81% of the organisations reviewed experienced WiFi related security issues in the last 12 months.
Typically, public WiFi networks are unencrypted and therefore not protected by WEP (Wired Equivalent Privacy), WPA (WiFi Protected Access) or WPA2 (WiFi Protected Access II).
The result is that anyone can connect to these networks and (with the right tools) potentially monitor the information being transmitted from devices on it. Business data, employee credentials, bank details, address information – any sensitive or important data can be seen and stolen with ease on these networks.
Another important element to consider is if employees travel frequently and/or work internationally. Most mobile networks provide 4G internet connectivity across the UK but in some areas coverage can be limited. To avoid this employees will use public WiFi networks or hotspots to ensure a consistent and fast connection – unwittingly putting themselves and business data at risk whilst they work.
Similarly, if employees work abroad on a regular basis, they will want to avoid the excessive roaming charges associated with using mobile data in another country. The easiest solution is to just connect to public WiFi or use the WiFi at the hotel they are staying at – putting their data at risk once again.
A VPN for small businesses is important not only because it encrypts information and keeps it private, it also provide employees with a way to connect to the business’ secure network without having to resort to using public WiFi.
In our recent independent research report, we uncovered that of the IT decision makers in small businesses we reviewed, 49% felt that flexible and remote working policies had increased the chance of cyber attack against their business.
If no, the next step is to ensure employees have some form of online encryption installed to their device when they (eventually) do connect to public WiFi networks. An online encryption solution – such as a small business VPN – will ensure that any information transferred over these networks is encrypted and private.
Our independent research report found that the adoption of VPN solutions often comes down to cost, complexity or businesses not understanding the need for it. But the fact is that without online encryption, businesses (and their employees) will be putting their data at risk. A small business VPN solution is no longer a nice to have but a business essential and integral to any cyber security strategy.
An interim solution could be to train your employees and educate them on the dangers of using public WiFi, as this would encourage them to keep security in mind and avoid sending important information over unsecured networks. Employees are often a business’ greatest cyber security threat, so extensive training could make the difference.
If yes, then, at a minimum, employees should have installed to their personal device:
Well, the problem is that for many small businesses today, only the basics are considered and few understand the importance of a VPN for their small business.
Instead, every business rushes to deploy anti-virus, anti-malware and firewalls into their environment, mistakenly believing that this is all they need to protect themselves, not realising that they are leaving holes in their business’ cyber security for cyber criminals to exploit.
In addition to leaving gaps in their defences, these businesses have also failed to consider BYOD security. Most businesses have BYOD policies that allow employees to use their own devices to connect to the business’ office network (allowing them to save costs) but few businesses encourage employees to install or use security solutions on their personal devices.
Without some form of online encryption or VPN solution on these devices, the moment employees connect to the business’ office network using an unsecured WiFi connection, any data on their device or in transit can be accessed, stolen, damaged or modified through the installation of malware or rootkits (hidden programs that allow unauthorised access to a computer or device).
The fact is that if employees’ personal devices do not have any of the above solutions (at a minimum), the moment they connect to the business’ office network they open it up to cyber threats.
It’s abundantly clear that small businesses – whether working regionally or internationally – need a VPN solution and yet, in our independent research report, little over a third (33%) believe it to be necessary or beneficial to cyber security efforts, overlooking the importance of a VPN for their small business.
If no, then we would advise acquiring the relevant security solutions anyway. To actually keep your business’ network and data safe, an ongoing and multi-layered approach to online security is essential. Simply having a firewall and anti-virus solution is no longer enough – and your business’ cyber security infrastructure should constantly be growing and updated. In an ideal world, businesses should have intrusion detection, password management software, web filtering, disk encryption, two-factor authentication, online encryption, anti-phishing and encrypted email in addition to anti-virus, anti-malware and a firewall. All of this should be installed alongside a business VPN service specifically for small businesses.
A VPN is a key component in any business’ multi-layered security strategy, especially as more and more business professionals bring their own devices into the workplace and use them to connect to the business’ office network.
If yes, and your employees work with or send sensitive data (especially if they are use their own devices to do it over unsecured networks), protecting that data in transit and at rest is crucial.
As mentioned previously, cyber criminals can monitor devices on unsecured networks and readily siphon data from them, with the right tools of course, all without the device owner knowing. Furthermore, cyber criminals can also ‘listen in’ on devices (allowing them to see what data is being transferred) and intercept data before it arrives at a target server.
If sensitive information is being transferred over such networks, you need to equip your employees with online encryption (to protect data in transit), file encryption (for data at rest), a firewall (to prevent unwanted connections) and an anti-virus/anti-malware solution to prevent cyber criminals deploying malware or a rootkit.
It’s also important to note that data breaches, especially under the General Data Protection Regulation, come with massive fines and can be damaging to businesses, particularly small and medium-sized businesses. Uncover the GDPR data security risks SMBs face here.
The inclusion of a VPN for your small business is absolutely important as it formulates a key part of your online security.
If you don’t handle, manage or send sensitive data, it’s still important to protect the data you have regardless. What you might perceive to be unimportant, a hacker could potentially leverage to do damage to your business. Any and all business information should be protected where possible online, and that starts with online encryption.
The problem is that many believe that their data is perfectly fine on unsecure networks. Wrong – and it’s precisely where a small business VPN solution would prove handy.
Research from Symantec, a global leader in next-generation cyber security, revealed that of those they reviewed, 60% believed their information was “safe” whilst using public WiFi – and that 53% couldn’t tell the difference between a secure or unsecure public WiFi network.
If yes, a small business VPN can hide your employees’ information and activities online from other prying eyes. Cyber criminals often look for user credentials – such as addresses, passwords, emails and the like and use this information to gain access to bank accounts, business networks and others.
It will also ensure that any and all online activity is encrypted (so it is almost impossible to decipher) and will also hide the user’s location (as their device is assigned a different IP address), this makes it difficult to discover just where the end user is and no one will be able to track their activity.
If no, a small business VPN is worth considering regardless. Nowadays, it’s relatively easy for cyber criminals to access devices connected to public WiFi hotspots or create their own with the intention of siphoning data or listening in on online activities.
With all the above considered, it’s absolutely important that small businesses have a VPN to keep information private and secure.
As your business incorporates new devices and software, its attack vector – the path of means by which a cyber criminal can gain access to your network – expands. Having a simple anti-virus or firewall solution is no longer enough. To combat modern cyber security threats, threats diverse and complex, a multi-layered security strategy that incorporates tools for every kind of cyber attack is key
The importance of a VPN for small businesses is clear – but, in truth, it’s just one part of a multi-layered online security strategy and you must endeavour to grow and add to your suite of cyber security solutions over time.
Just how exposed are small and medium-sized businesses (SMBs) to cyber attack? What threats do they face? Are they even protected? In our independent market research report, ‘Under Attack: Assessing the struggle of UK SMBs against cyber criminals’, we take a look at just how exposed SMBs are, as well as how senior IT decision makers in SMBs feel about the current cyber security landscape.