From San Francisco to New York, cities across the country are giving makeovers to old phone booths. This month New York City began replacing thousands of pay phones with free Wi-Fi hot spots. According to The Wall Street Journal, “The city expects to have 500 hot spots installed by July, and eventually, about 7,500 units will be replaced.” While this 21st century technological upgrade is great for consumers, it poses security risks for the enterprise.
Tyler Cohen Wood, cyber security adviser to Inspired eLearning, said there are several reasons for concern. In addition to Wi-Fi hotspots opening up the possibility of hackers stealing valuable information, the city will also have the ability to collect information. Each booth will be equipped with a tablet for free calls and web browsing, but this opens the doors for complete strangers to access information and receive passwords if not protected.
Cohen Wood warned, “It is possible a hacker could put key loggers on tablets, so be cognizant, and don’t enter private info onto the tablets provided.”
As more cities hop on board with these implementations, enterprises could fall victim to even more human error if security teams don’t educate their employees on how to secure their devices and their sensitive information. More than ever, security awareness training for end users is critical to securing the extended network of the enterprise. What people don’t know can hurt them and result in a breach.
Here are some tips Cohen Wood recommends including in an awareness training program:
- If people are going to use these hotspots, make sure they are using a virtual private network (VPN), and encrypting what they are sending.
- Make sure users understand that what they're sending or putting on a tablet could be viewed by anyone else on the network if it is not secured, which means it could be viewable by the next person who comes along, viewable by Google, or viewable by the city of New York or whoever else is watching.
- If not secured, people can sniff your traffic.
- Don't do anything that is company business or includes private information, unless using secured things like VPN, (still not recommended).
- If users have their phone set up to automatically connect to Wi-Fi, they may think they're on secure network -- but they'are not.
- Do not access bank information, company information, or other private/sensitive data unless they have manually disconnected from the free network.
Security professionals need to make sure that end users understand the implications and risks involved in sending a work email through a public network, so don’t underestimate the power of continuously educating all employees from entry-level folks all the way up to executives.
The reality, Cohen Wood noted, is that “If you’re using this network and encryption, they have the keys to view the traffic. If you have sensitive info or work info, I would highly recommend that you use your own encryption. Even if they were able to pull out metadata, if you’re using a VPN through your company, they can’t get anything.”
In today’s world where we are relying more and more on these devices and IoT is coming out faster, Cohen Wood said, “The best way to protect yourself is by having an education program in place. I’m not talking about learning about all the bits and bytes about what is going on, but what you can do to protect yourself, your company, and your family.”
This article is published as part of the IDG Contributor Network. Want to Join?