Industry Voice: The dangers of airport Wi-Fi for business travellers
Claudia Gualdi, Travel Intelligence Data Team Lead at Riskline, talks to ITIJ about the cyber risks associated with public Wi-Fi networks in airports, and what business travellers and their employers should be doing to protect against them
Nowadays, much of businesses’ critical information is saved and worked on employees’ personal laptops and phones. Thus, it’s not surprising that companies are among the many targets of hackers. Cyberattacks can occur on a massive scale to disrupt specific services, but sometimes they just result from employees’ basic inattention when they work outside the security system of a company, namely offices. While, at the workplace, cybersecurity is wider thanks to the use of intranet, Wi-Fi networks configured with the highest security levels, and devices that are kept up-to-date with security software, work from public venues is not subject to such precautions.
Public Wi-Fi exposes data and devices to a higher level of vulnerability, making it easier to corrupt or steal information. Public free networks at cafeterias, hotels, train stations and airports seem convenient for business travellers needing to work everywhere especially as over two-thirds (67 per cent) of business travellers were ‘very willing’ to travel in the next 12 months, according to the the SAP Concur Global Business Travel Survey. As more international conferences and business events are taking place, mobility between different hubs, offices, and headquarters results in more people travelling, therefore there is a higher possibility that they’ll work outside of the company venues.
Sometimes cyberattacks just result from employees’ inattention when they work outside the security system of a company
High risks
Business travellers are mostly exposed to risks such as the theft of data relevant to critical business information, but they’re also victims of unauthorised access to work emails, password theft, or malware from infected downloads, among other types of attack. These can be executed by the introduction of hackers into the device through tactics like ‘man-in-the-middle attacks’, which allow hackers to eavesdrop on communications, or ‘sniffing attacks’, which can extract unprotected data. One of the most common tactics is the ‘evil-twin attack’, where hackers set up a false hotspot using the name of an airport, for example, but making slight orthographic changes, with the purpose of deceiving the victim and stealing information.
Companies should prioritise cybersecurity when it comes to duty of care. Mitigation of cyber risks is crucial. Employers must ensure that business travellers’ devices are protected with all possible measures such as antivirus software, password management, or limited access privileges. On the other hand, employees should be aware of the risks coming from working outside of their workplaces, and the necessary steps to take to protect against being targeted. There is a higher risk for senior executives, who may have a more well-known public image, thus making them a more attractive target for hackers.
Employers must ensure that business travellers’ devices are protected with all possible measures such as antivirus software, password management, or limited access privileges
Red flags
Free Wi-Fi at airports or even in-flight may represent a great advantage for communications and for working in a time-efficient manner. However, these networks may bring certain risks that can jeopardise the critical information handled by business travellers. When it comes to public Wi-Fi networks or hotspots, it is not always easy to verify their safety. Fortunately, there are tips you can follow to identify risky networks. For example, when the Wi-Fi doesn’t require any authentication steps, like a subscription or a password, consider it a red flag.
Using a virtual private network (VPN), especially when travelling abroad, can protect sensitive data sent or received over the internet, such as critical information or flight itineraries and passport numbers. The VPN can be installed on both cell phones and laptops.
Turning off Wi-Fi and Bluetooth scanning is imperative too, as it could automatically connect to an insecure network without your knowledge. Or even to another electronic device through which hackers could access the information.
Returning to the issue of ‘evil-twin attacks’, in order to avoid this, be sure to connect to the official and authorised network. When using airport Wi-Fi, it’s important to double-check the name of the official Wi-Fi network, either by looking for it at information points or by asking an airport worker.
Nevertheless, risks for a business traveller can arise not only from cyberspace, but also physically while being at an airport, so it is critical that passwords for all devices be strengthened and devices are not left alone or are turned off when passing through airport security checkpoints. device for the presence of malicious software can also help.
Following these recommendations and making cybersecurity part of the company culture reduces the likelihood of becoming a victim and suffering serious information loss, which might severely impact a company’s operations.