How to use a public WiFi without risk?
Many hotels, airports and cities offer public WiFi. Some are free and others charge a small fee. However, many users are unaware of the dangers of unprotected WiFi services:
- 67% think public WiFi is fully or partially safe – 43% of public WiFi users have had their online security compromised
More than 50% of all cyber attacks target SMEs – 60% go bankrupt within 6 months of being attacked
Does the use of public WiFi have on an ISMS?
When users travel they often try to catch up with emails and other work. In order to log into company systems they will often use public WiFi networks such as the WiFi of a business lounge at the airport. If an organisation has implemented an ISMS they need to write policies in order to protect data and systems when unsecure networks are used. During a certifiction audit an auditor might realize that the workforce is accessing public networks while the leadership has not enacted any security measures and policies. This would lead to a minor nonconformity.
As the audit day progresses, the audit team might hit on other areas of the ISMS which show no security considerations in regards to teleworking, home office or remote working. Collecting too many minor nonconformities will lead to a major nonconformity. Such a major deviation from the requirement of the ISO 27001:2022 standard may prevent the certification body from issueing or expanding a certificate.
What can be done to protect users in public WiFi scenarios?
It is advisable to write policies for remote working. They should address the risks and precautions to mitigate the organisations risk exposire. Staff needs to be trained appropriately, so that an understanding of potential risks exists. This kind of awareness training should be conducted annually. All notebooks regulalry exposed to public Wifi Networks shuld be equiped with antivirus and firewall protection tools. The IT team would be well adviced to do an annual servicing of such mobile devices to make sure they are still safe to use.
