If you’re like most people, you don’t think twice when you go into a public place like Starbucks with your laptop and jump on to the free wireless connection to do a little work. Free WiFi is a godsend when you’re waiting for your flight at the airport, doing research at the library, shopping online in the hotel lobby, checking your bank statement in the lounge, whatever.
You jump on the first free WiFi network that pops up on the list, and you’re good to go, right?
You share files and printers at work, so your settings allow you to discover networks and send print jobs remotely. You probably didn’t go to your settings and turn off sharing when you left the office.
Did you know that if you are on a free public WiFi connection and you accept a software update prompt that you have probably just downloaded malware? Probably not. You click “OK” just to make the box disappear and get on with what you are doing.
Then you get to work and use the same phone, tablet or computer you used while traveling to access your company’s network. Your WiFi is always on, looking for an available network – preferably a familiar one. You have malware on your device and valid credentials to log onto the company computer, so now you have infected your business and colleagues with malware. It may take months for anyone to discover it, but it is there – accessing information assets for use by the criminals who planted it.
Using our own devices coming and going for a combination of work and personal activities is the norm. We are so busy with the task at hand that it doesn’t occur to us that someone at the next table may be waiting for us to give them access to our device by making one small mistake.
Most IT departments are aware of threats to internal networks and have precautions in place, but the more you know about how you can help your IT department prevent network intrusions the better. A little paranoia is better than a huge breach any day.
A comprehensive network security plan requires user education and participation and a strong, agile combination of expert analysis and next-generation automated security technology.