What are the business risks of unencrypted online communications?
According to a global research report by Symantec, a global leader in next-generation cyber security, a considerable number of people are still unaware of the risks of using an unsecure public WiFi network. Many believe that their personal information is ‘safe’ when using unsecure public WiFi (60%) and 75% don’t use a virtual private network (VPN) to secure their connections.
These statistics paint a powerful picture. It’s clear that many of these consumers – some of whom are no doubt business professionals – are unaware of just how important it is to have security in data communications.
In this blog, we’ll highlight the risks of unsecured data communications, as well as why businesses need to ensure that they – and their employees – have some form of encrypted online communication.
What are the risks of unsecured data communication?
- Loss of sensitive and confidential business data
Sharing confidential business data over unsecured networks, such as public WiFi, can result in that information being copied and stolen via man-in-the-middle attack (where a hacker positions themselves between a user’s device and the connection point). Over unsecured networks, even the most inexperienced cyber criminal – armed with the right tools – can monitor connected devices, intercept traffic between them, and obtain sensitive information, all because the data is unencrypted and therefore visible to anyone on the network.
Also, with GDPR in effect, businesses need to take a more proactive approach to encrypted online communication, especially if they store or share the personal data of individuals within the EU. If employees routinely use unsecured networks to access, manage and transfer such data, that data could be stolen, modified, copied, deleted and/or used – all of which could put the business in breach of GDPR.
- Unauthorised monitoring
As mentioned previously, even the most inexperienced cyber criminal can monitor connected devices on an unsecured network by positioning themselves between a user’s device and the server (such as a website). The user believes they are communicating directly with the server, but in reality the cyber criminal is intercepting the information, without the user knowing, and relaying it to the server.
By positioning themselves between a user’s device and the target server, cyber criminals have access to every piece of information being sent across the connection.
- Rogue access and data interception
As unsecured WiFi networks are open and require no username or password to access, cyber criminals can easily set up what’s called a ‘rogue access point’. A rogue access point – or hotspot – is a wireless point that has been installed on a network without explicit authorisation from the network administrator, allowing cyber criminals to eavesdrop on unsuspecting users of the connection and collect their data.
One such rogue access point is an ‘evil twin’ (also known as a ‘honeypot’). An evil twin is a fraudulent WiFi access point that has been set up to appear legitimate – typically using the same Service Set Identifier (SSID) and radio frequency as a nearby network, as well as positioning themselves close to it physically. To the end-user, the fraudulent WiFi network just looks like a hotspot with a strong signal.
The cyber criminal then waits for users to connect to the ‘seemingly legitimate’ network they have set up. Once a user connects and the cyber criminal has their device ID, the cyber criminal can intercept sensitive data in transit with ease, from important business documents and log in details, to business emails and transactions.
When you consider that, according to Symantec, 53% of its report’s respondents couldn’t tell the difference between a secure and unsecure public WiFi connection, it’s critical that businesses educate their employees on the risks of fraudulent networks.
It’s not difficult to protect your business’ online privacy and sensitive information
The fact is that more and more businesses and business professionals are working remotely; using wireless devices and connecting to unsecured public WiFi connections to check emails, send important documents, and access sensitive business data.
Connectivity to the Internet has come to be expected in the digital era, but businesses and business professionals should not forgo privacy and security just to access the Internet.
With the tools available to cyber criminals, it’s not at all difficult for them to monitor and access devices on public WiFi networks and commit crimes. On that basis, it’s essential that businesses and their employees have a business virtual private network (VPN) solution to deliver encrypted online communication.
Using a business VPN service, businesses can ensure that when remote employees connect to unsecured public WiFi networks, activities online and data in transit are encrypted and therefore private. VPNs achieve online privacy by creating a secure tunnel between the user’s device and a server run by the VPN provider. All the data that travels between the device and the VPN server is encrypted, ensuring no-one else can read it.
If you want to find out more about the online security risks businesses are exposed to and how they can be combated – download our free eBook, Dispelling the cyber security delusion in small businesses.