WavebreakMediaMicro - Fotolia


Improve mobile hotspot security in 5 steps

Users might not hesitate to connect to a mobile hotspot, but that doesn't mean IT should always allow it. Learn the threats these hotspots pose and how to handle them.

If remote users want to connect to mobile hotspots, IT must make sure it has a plan for added security.

Mobile hotspot tethering, a standard feature on smartphones, enables a Wi-Fi-enabled device to access the internet by connecting to another device's cellular data network. The most common way to connect to a mobile hotspot is tethering a compatible device, such as a laptop or tablet, to a phone -- for instance, via Bluetooth.

When users are in a jam working remotely or in transit, mobile hotspots are sometimes necessary to establish a network connection. If users aren't near a secure network or if their own network isn't functioning properly, a mobile hotpot might be the best option. These users can quickly establish a network connection on a work device; access the software, data or whatever work materials they need to resolve an urgent issue; and then turn off the hotspot once they have completed the work.

Mobile hotspot tethering is not that common anymore due to the slow speed of mobile data connection, the increased data usage and the high battery usage users see when in hotspot mode. Still, some users might want to access hotspots when they're outside the office.

Users might be accustomed to this feature on mobile devices -- especially in the form of personal hotspots on smartphones -- and it's a straightforward way to establish a network connection in a place without any secure Wi-Fi, such as a train or a bus. The problem is that mobile hotspots can be vulnerable to someone stealing bandwidth or, worse, to breaches and hacking.

Potential dangers of mobile hotspot tethering

IT admins have many concerns about the use of mobile hotspot tethering because they lose control of what could be streaming over the internet connection. Hackers normally use a packet sniffer to intercept wireless communications, so a hotspot could expose a user's corporate login credentials. With this information, hackers could breach the corporate network and access sensitive or regulated internal data, trade secrets or financial information about employees.

It can also be dangerous when a hacker is the one with the host device, using a mobile hotspot to perform Wi-Fi phishing. A hacker could also create a hotspot that has the same or a similar name to an actual Wi-Fi hotspot, usually in a public place. Plus, if the attacker tethers to a company paying for the cellular data, the organization could end up spending a lot of money for users who stream videos or perform other activities that require a large amount of bandwidth.

Chart showing methods to prevent endpoint security threats
Mobile hotspots pose several security risks, so IT teams must implement several security measures to protect endpoints.

While this issue of outside actors harnessing an employee's data signal for their own personal use is far less of an issue than hackers stealing corporate credentials, organizations should still prepare for this potential situation. Users that have an eligible phone on a company data plan need mobile device governance from mobile admins to prevent any of these outcomes.

There are some notable dangers that come with connecting to a mobile hotspot, but there are five key steps to ensure that these network connections remain secure.

While WPA2 encryption and a strong password are a good start for mobile hotspot security, a VPN can add another crucial layer of security for enterprise employees using a hotspot.

1. Enable WPA2 or WPA3 and set a strong password

When employees set up a mobile hotspot, there are a few ways to improve the network's security. First, they can select either the Wi-Fi Protected Access 2 (WPA2) or, if available, the WPA3 option for their hotspot. The WPA2 standard is more secure than the WPA and Wired Equivalent Privacy standards. This has long been the preeminent standard for wireless networks, but IT should ensure employees are using it nonetheless. WPA3 is even more secure than WPA2, but not every device will offer this option.

Additionally, employees can set the network service set identifier -- or name -- and password to the hotspot. Like any password, hotspot users should set a strong password. IT admins should make sure that any users that are running a mobile hotspot meet a certain standard of password complexity by requiring a minimum number of characters and special characters.

2. Use a VPN

While WPA2 encryption and a strong password are a good start for mobile hotspot security, a VPN can add another crucial layer of security for enterprise employees using a hotspot. This will encrypt users' traffic while it is in transit, in addition to providing users with access to corporate services that users might need for basic work processes.

Users could even consider using a public network with the right VPN, although this is not recommended unless there is an emergency need for internet access.

3. Set up guest networks

One way for IT admins at medium and large companies to circumvent issues with mobile hotspots is to offer individual employee and guest Wi-Fi networks. Or IT can provide remote or contract users with the email and password of a sponsoring employee to access the network -- with the employee's approval, of course.

This step ensures that the right people access company data from the right cellular network.

4. Make sure device antivirus is up to date

Many organizations have antivirus software on their corporate endpoints, but these platforms aren't nearly as useful if they don't have the latest updates. Before IT allows users to work from a mobile hotspot connection, they must ensure that the antivirus agent on the device has the newest updates.

IT can push out these updates via a unified endpoint management platform and even mandate that the endpoint must have the latest antivirus updates during the authentication process for corporate systems.

5. Disallow mobile hotspots on corporate devices

Organizations should establish mobile policies that limit the use of hotspots and control whether employees can connect to corporate VPNs and enterprise mail services from remote networks. IT departments could even disallow mobile hotspot tethering completely on corporate-owned or managed devices running both Android and iOS. With these steps, organizations can limit the risks presented with the use of mobile hotspots.

Organizations could opt to restrict mobile hotspot tethering entirely, but this could lead to users encountering issues while on the road. It's up to IT departments to determine the best administrative option for the organization's security and UX needs.

Editor's note: This article was updated in December 2023 by Katie Fenton to reflect changes in wireless networking standards and improve the reader experience.

Matt Schulz is a former contributor to TechTarget's Mobile Computing site.

John Powers is senior site editor for TechTarget's Enterprise Desktop, Virtual Desktop and Mobile Computing sites. He graduated from the Philip Merrill College of Journalism at the University of Maryland.

Next Steps

The history of USB: What you need to know

Dig Deeper on Mobile security

Unified Communications