Firms urged to tackle Wi-Fi hotspot risks

Failure to assess the security risks of public hotspots could result in legal problems, lawyers warn

Firms need to do more to ensure the security of mobile devices used by staff in Wi-Fi hotspots provided by wireless internet service providers (Wisps) or other third parties, according to a new report. Failure to do so could result in legal problems if, for example, data is stolen.

The report, compiled by law firm Charles Russell in association with managed Wisp iBahn, says that although there have so far been no such legal actions in the UK, the dangers are increasing, which may push more companies to promote enforceable security policies.

Robin Bynoe, a partner at Charles Russell, said, "If somebody is stupid enough not to protect their laptops then it comes down to who has got their small print in place [to avoid liability] – the Wi-Fi provider, the venue for Wi-Fi provision or the corporate. It's also important to educate users – if you don't tell people why [security is] important, they won't take any notice."

Graeme Powell, iBahn's managing director for Europe, the Middle East and Africa, commented, "One of the things that we've found through our user surveys is that security is important, so we rolled out Wi-Fi Protected Access [WPA] on top of our service and we think that one of the things corporates should be doing is to enable WPA on their systems."

WPA encrypts wireless traffic with 256bit Advanced Encryption Standard (AES) ciphers, denying data access to hackers who use wireless sniffer tools.

Powell added, "I've been in situations in hotels where it's been possible for users to see files on laptops prior to purchasing Wi-Fi access on the system, and to actually copy the files over to their laptop."