Over the past few years, users have become increasingly aware of the inherent dangers of connecting to unsecured Wi-Fi networks. Unfortunately, existing security vulnerabilities in the underlying network hardware may still open a user’s computer to security issues.
Recently, Wired reported that security firm Cylance discovered a vulnerability in a specific brand of network routers deployed throughout many hotel chains throughout the world that could allow someone to install malware on guest’ computers, analyze and record data transferred over the network, and possibly access the hotel’s reservation and keycard systems. Researchers were able to locate 277 vulnerable routers in 29 different countries across and over 100 of them were located within the United States.
This vulnerability was not exclusively limited to hotel chains, but also was discovered at conference centers and other facilities. It is critical that users continue to question and consider how they are connecting to the internet, especially when they are doing so on public networks or in public places, such as at coffee shops, restaurants, libraries, or even on airplanes. Any unknown access point could potentially allow an attacker to analyze and obtain sensitive information, including personal, banking, or health data. Further, additional software may be used to impersonate another person through intercepting and hijacking those transmissions. For example, an extension for the Firefox browser named Firesheep can allow an attacker to view unencrypted information from certain social media websites sent over their local network and can even allow the attacker to easily impersonate their victim on those websites. Even when information providers fix security holes that would allow Firesheep-type software to operate, hackers are quickly on their tail, attempting to exploit other weaknesses.
There are a number of effective method of protecting yourself while using public or unencrypted networks. The first is to use a Virtual Private Network, or VPN, which creates a secure connection between a user’s computer and a private network in order to ensure that their communications are protected from other users on the public network. Many companies employ VPNs in order to protect their employees’ connections while they are abroad, but there are many VPN providers that provide this service for a small fee. Alternatively, the prevalence of aircards and mobile hotspots through cellular phones can allow users to bypass public Wi-Fi networks entirely through the use of their own cellular networks.
The inherent risks when using unsecured networks is not limited to the theft of personal information, but can extend to the theft of corporate and proprietary data that can subject an employee or company to substantial legal risks or liability through the theft of trade secrets. However, one of the key factors that must be shown in order to recover under trade secret law is that reasonable precautions were taken to prevent disclosure or release of the allegedly secret information. With widespread instances of data breaches and theft, as well as the increasing availability of VPN networks and other security measures that can be employed to protect against those threats, taking no protection steps may not rise to the level of “reasonable precautions” that are necessary.
Finally, even though the most common threats can occur while a public network is being used, that may only be the first step in an attacker’s plan. If an attacker compromises the security of a user’s workstation, they may wait until it connected to a corporate network before deploying any malicious software or extracting sensitive data. Although corporate security measures may be able to identify and neutralize any such threat, the potential for damage once connected to a corporate network is substantially greater.
In some instances, the use of public networks is inevitable, but users should all be aware of the communications and associated information that are being transferred while connected to such a network. The possibility of legal risk increases dramatically when standard security measures are not followed. Employers should seek advise on how to develop a proactive plan to mitigate risks to employees, the company itself, and its business associates and customers.