WavebreakMediaMicro - Fotolia
Improve mobile hotspot security in 5 steps
Users may not hesitate to connect to a mobile hotspot, but that doesn't mean IT should always allow it. Learn the threats these hotspots pose and how to handle them.
If remote users want to connect to mobile hotspots, IT must make sure it has a plan for added security.
Mobile hotspot tethering, a standard feature on smartphones, enables a Wi-Fi-enabled device to access the internet by connecting to another device's cellular data network. The most common way to connect to a mobile hotspot is tethering a compatible device, such as a laptop or tablet, to a phone -- for instance, via Bluetooth.
When users are in a jam working remotely or in transit, mobile hotspots are sometimes necessary to establish a network connection. If users aren't near a secure network or if their own network isn't functioning properly, a mobile hotpot may be the best option. These users can quickly establish a network connection on a work device; access the software, data or whatever work materials they need to resolve an urgent issue; and then turn off the hotspot once they have completed the work.
Mobile hotspot tethering is not that common anymore due to the slow speed of mobile data connection, the increased data usage and the high battery usage users see when in hotspot mode. Still, some users may want to access hotspots when they're outside the office.
Users may be accustomed to this feature on mobile devices, especially smartphones, and it's a straightforward way to establish a network connection in a place without any secure Wi-Fi, such as a train or a bus. The problem is that mobile hotspots can be vulnerable to someone stealing bandwidth or, worse, to breaches and hacking.
Potential dangers of mobile hotspot tethering
IT admins have many concerns about the use of mobile hotspot tethering because they lose control of what could be streaming over the internet connection. Hackers normally use a packet sniffer to intercept wireless communications, so a hotspot could expose a user's corporate login credentials. With this information, hackers could breach the corporate network and access sensitive or regulated internal data, trade secrets or financial information about employees.
It can also be dangerous when a hacker is the one with the host device, using a mobile hotspot to perform W-Fi phishing. A hacker could also create a hotspot that has the same or a similar name to an actual Wi-Fi hotspot, usually in a public place. Plus, if the attacker tethers to a company paying for the cellular data, the organization could end up spending a lot of money for users who stream videos or perform other activities that require a large amount of bandwidth.
While this issue of outside actors harnessing an employee's data signal for their own personal use is far less of an issue than hackers stealing corporate credentials, organizations should still prepare for this potential situation. Users that have an eligible phone on a company data plan need mobile device governance from mobile admins to prevent any of these outcomes.
There are some notable dangers that come with connecting to a mobile hotspot, but there are five key steps to ensure that these network connections remain secure.
1. Enable WPA2 and set a strong password
When employees set up a mobile hotspot, there are a few ways to improve the network's security. First, they can select the Wi-Fi Protected Access 2 (WPA2) option, which is the modern standard for wireless networks, for their hotspot. The WPA2 standard is more secure than the Wi-Fi Protected Access and Wired Equivalent Privacy standards. This has long been the preeminent standard for networking, but IT should ensure employees are using it nonetheless.
Additionally, employees can set the network service set identifier -- or name -- and password to the hotspot. Like any password, hotspot users should set a strong password. IT admins should make sure that any users that are running a mobile hotspot meet a certain standard of password complexity by requiring a minimum number of characters and special characters.
2. Use a VPN
While WPA2 encryption and a strong password are a good start for mobile hotspot security, a VPN can add another crucial layer of security for enterprise employees using a hotspot. This will encrypt users' traffic while it is in transit, in addition to providing users with access to corporate services that users may need for basic work processes.
Users could even consider using a public network with the right VPN, although this is not recommended unless there is an emergency need for internet access.
3. Set up guest networks
One way for IT admins at medium and large companies to circumvent issues with mobile hotspots is to offer individual employee and guest Wi-Fi networks. Or IT can provide remote or contract users with the email and password of a sponsoring employee to access the network -- with the employee's approval, of course.
This step ensures that the right people access company data from the right cellular network.
4. Make sure device antivirus is up to date
Many organizations have antivirus software on their business endpoints, but these platforms aren't nearly as useful if they don't have the latest updates. Before IT allows users to work from a mobile hotspot connection, they must ensure that the antivirus agent on the device has the newest updates.
IT can push out these updates via a unified endpoint management platform and even mandate that the endpoint must have the latest antivirus updates during the authentication process for corporate systems.
5. Disallow mobile hotspots on company devices
Organizations should establish policies that limit the use of mobile hotspots and connecting to company VPNs and enterprise mail services from remote networks. IT departments could even disallow mobile hotspot tethering completely on company-owned or managed devices running both Android and iOS. With these steps, organizations can limit the risks presented with the use of mobile hotspots.
Organizations could opt to restrict mobile hotspot tethering entirely, but this could lead to users encountering issues while on the road. It's up to IT departments to determine the best administrative option for the organization's security and UX needs.
