Motorola’s Sinha offers these best practices for securing Wi-Fi in airports and other hotspots:
Use hotspots only for Internet surfing. Enter passwords only into websites that include an SSL key on the bottom right. Disable/remove the wireless card if you are not actively using a hotspot. Ensure that a laptop is updated with the latest security patches. Avoid hotspots where it is difficult to tell who’s connected (hotels, airport clubs, conferences, large facilities). If the hotspot is not working properly, assume your password has been compromised, report to hotspot service provider and change your password at the next immediate opportunity. Read all pop-up windows in their entirety. Do not use insecure applications such as non-encrypted email or instant messaging while at hotspots.
Virtual private networks (VPN) remain the best defense to date for connecting to the Internet from hotspots. A VPN forces a computer to connect to the corporate network first and from there to the Internet. This way the data is completely encrypted. According to Itzik Kotler, security researcher for Radware, “this is the best and most secure way to avoid data leaks while on the road.”
That is not to say, however, that VPNs are invulnerable. Sinha warns that “firewalls and VPNs provide only limited protection to wireless devices from the rising threat of Layer 2 attacks.”
Encryption, Encryption, Encryption
Another often overlooked security problem is the lack of encryption of hard disks and flash drives on mobile employee laptops and removable devices. Brush recommends free programs such as TrueCrypt that can easily be deployed and preserve sensitive information and meet regulatory (SarbOx, HIPPA, etc.) concerns.
Remember mobile device use is not limited to road travel. Be sure to extend your wireless security policies to employees that remain on the premises, as well. CIOs must remain vigilant against intruding Wi-Fi that employees can accidentally connect to from their desks.
“Explicitly disable municipal Wi-Fi access from within the enterprise,” he said. “And enforce regular password change-ups.”
A prolific and versatile writer, Pam Baker’s published credits include numerous cover stories for international, national and regional media from women’s and general interest to finance, business and technology magazines, online content and newspapers; analytical studies on technology; and, six books. She is a member National Press Club and Avant Guild/Mediabistro.com. She was 2004 nominee for the Templeton Cambridge Journalism Fellowship in Science and Relgion (UK) and wrote and produced an award-winning documentary on paper-making.