Tuesday, 15 November 2016

Mobile Workers Still Using Insecure Free Wi-Fi

Two-thirds of mobile workers are worried about the security implications of using free Wi-Fi hotspots, yet nearly half (42%) still access corporate networks via them, according to iPass.
The mobile connectivity firm polled over 1,700 business travelers to better gauge their technology habits, preferences and expectations on the road.
It revealed several mobile security trends which should concern CISOs.
Aside from the use of insecure free Wi-Fi, half said they’re allowed to use a personal device to access the corporate network, while over a third (38%) claimed they’d never used a VPN to protect data and comms.
Around three-quarters (72%) said they use free Wi-Fi at airports if it is available, exposing them to the risk of data theft and corporate espionage.
Patricia Hume, chief commercial officer at iPass, told Infosecurity the survey shows that corporate and employee data security priorities are worlds apart.
She added that banning access to free Wi-Fi on the road isn’t the answer.
“It is important that mobile workers are educated about how to find secure connectivity while on the move rather than using insecure Wi-Fi hotspots, as this can help to keep both mobile workers and enterprise security safe,” argued Hume.
“Businesses need to ensure they are making the effort to develop and implement a robust safe mobile usage policy and educating mobile workers on the importance of security while on the go.”
Although many IT departments mandate the use of corporate VPNs, low technical expertise may mean employees look for alternative ways to get online.
“Businesses need to take a clear step forward and ensure that corporate VPNs are used by employees when secure connectivity isn’t guaranteed,” concluded Hume.


A lobbying organization that includes some of the Internet’s most valuable entities made a plea to President-Elect Donald Trump to support the expansion of strong encryption and reform government surveillance activities. The Internet Association on Monday sent a letter to Trump’s transition team that included a number of policy suggestions beyond the realms of security and privacy in the name of online innovation and economic growth.

The letter supports an open Internet and asks Trump to prioritize security and privacy among other ideals in order to preserve online commerce. “From standardizing data security and breach notification, to protecting encryption standards across digital technologies, leaders in public office must recognize the importance of the internet as a place where people can share their information and ideas and start and grow their businesses from anywhere in the United States,” said Michael Beckerman, president and CEO of the Internet Association, which counts Amazon, Facebook, Google, Netflix, PayPal, Twitter and Uber among its members.

The privacy and data security section of the letter is predicated on preserving the secure collection of business-related data and how analytics drives economic growth. The organization points out that companies reliant on data analytics are more productive and profitable, and that Americans benefit via lower prices and improved services. 

The letter highlights regulatory proposals that threaten the value of data and urges Trump to champion what it calls “data innovation.” This includes taking a harms-based approach to consumer privacy, instead of a collection-based approach, and stopping data minimization efforts or other proposals that would inhibit innovation,” the letter states. “In addition, federal enforcement agencies should focus on data security, partner with consumer groups to drive security best practices, and commit more resources to fight identity theft. Finally, policies should enable teachers to use online tech to boost educational outcomes for students.”

 Trump’s rambling stance on cybersecurity during the debates did little to inspire confidence in his understanding of the issues. “The security aspect of cyber is very, very tough,” Trump said during the third debate. “And maybe it’s hardly doable. But I will say we are not doing the job we should be doing. But that’s true throughout our whole governmental society. We have so many things that we have to do better, and certainly cyber is one of them.”

Trump’s cybersecurity website explains his vision, which starts with a review of cyber defenses and vulnerabilities by a Cyber Review Team made up of public and private sector experts. Trump’s site also says the Justice Department will create task forces to coordinate local and government responses to threats. On the offensive side, Trump is looking for enhancements to U.S. Cyber Command from the Secretary of Defense and the Joint Chiefs that will allow the U.S. to respond to state and non-state actors if necessary. Experts are also concerned about Trump’s views on the FBI’s ongoing struggle with strong encryption and what it calls Going Dark. The Internet Association urged him to support strong encryption as a plus to national security and individuals’ rights. 

“Laws that require companies to engineer vulnerabilities into products and services harm personal privacy and endanger national security,” the letter states. “Support for strong encryption makes America more secure.” The letter also asks Trump to consider reforms to Section 702 of the FISA Act, as well as Executive Order 12333, which allows the government to use secret court orders to obtain data from service providers and technology companies. The Internet Association also asked Trump to consider reforms to the outdated Electronic Communications Privacy Act governing stored communication. “Internet users must have the same protections for their inbox as they do for their mailbox. 

Updating ECPA to include a warrant for content stored across technologies, regardless of where it is stored or for how long, is overdue,” the letter states. “ECPA must be updated to reflect the significant role that internet commerce plays in global commerce.”