IT IQ: Coffee, Tea, Security?

Working in coffee shops or other off-site casual spaces

The java monkey has got your employees in its clutches. Every day, they disappear for hours, laptops in tow, and go off to one of the coffee shops that are popping up on every city block. This is great for companies because a caffeinated employee is a happy employee. Employees would cite their reasons as giving them an opportunity to network, to avoid cubicle cramp, and to have a change of scenery that can lubricate their creativity flow. The bottom line for coffee companies is this: No free Wi-Fi, no customers. So coffee shops have gone out of their way to make connectivity easy, fast, and free, often with electrical outlets at nearly every table. These spaces have in fact become almost remote offices for many people (employed or not) because of their convenience, their almost club-like atmosphere, and with the encouragement of the coffee companies.

Our question is what, if any, security concerns might there be in using these venues for work. The cost-free perk of a change of scenery and free “coffee network” access is a good thing. Or is it? When you read the extensive fine print in any coffee shop, tea lounge, or the many edgy alternatives, terms to which you agree simply by using the service, you state that you understand that you are jumping on a public, shared, and unsecured network, joining hordes of similarly caffeinated customers, and accept the risk. But what risk?

First the coffee network is, to repeat: public, shared and unsecured. Anyone can use it, all users share the network to send and receive network data, and network traffic is not encrypted, so it is accessible to all the users and can be intercepted (snooped). The other computers on the coffee network may have been hacked and infected, putting your computer at greater risk. Even the hotspot itself may be spoofed, not set up by the coffee shop at all but by a malicious attacker. Unsuspecting or inattentive customers can fall easily into the trap and have their information intercepted or even their computer compromised, costing your company exposure, embarrassment, time and money.

So here in simple terms, is what to do to protect yourself and your employees working on the coffee network. First verify with the coffee shop the specific name of the hotspot and connect only to that. Second, make sure your computer is updated to the latest software releases. Consider using a privacy screen that allows for viewing the laptop screen only from directly in front. Finally, and most important, use a VPN to encrypt all your computer’s internet traffic over the public network. VPN’s should be used for ANY location outside the company or a network you know is secure.

VPN stands for “Virtual Private Network”. Your computer runs a VPN client that connects to a remote VPN server attached to a trusted network. The VPN technology encrypts *everthing* sent from and received by your computer, to be forwarded on to the Internet by the VPN server. So anyone snooping the “coffee network” would see only encrypted gibberish.

Key takeaway: Verify the hotspot you use is safe, and use a VPN. VPN’s are easy to acquire, set up and use. See the Links of Technical Interest page for more information.