For Apple-using workers on the go, especially if you frequent shared co-working spaces or public places, don’t assume you’re as secure as you think you are.
Co-working spaces are particularly under threat, in part because criminals have already figured out that the people using them are good targets for data theft, ransomware, and more.
They’ve also realized that at least some of those working from such spaces might well be part of, or connected with, larger corporate entities — meaning a successful data heist could unlock the gates to greater and more profitable kingdoms. There are useful resources from government and industry aimed at helping workers lock down their devices and data. In the US, for instance, the National Institute of Standards and Technology has published a useful guide to explain some of the risks, while the US Office of Personnel Management offered up even more useful advice.
The scale of the threat seems high
Beyond Identity recently published its own data showing that as many as one in five professionals using co-working spaces have seen their data stolen. In most cases, these thefts were made easier by the usual culprits that cause the worst security challenges:
- Failure to encrypt sensitive data — 60% of remote workers fail to do this.
- Reused passwords — 53% of people impacted also reuse passwords.
- Not using a VPN — astonishingly, 40% of remote workers still don’t use a VPN when in public/semi-public working spaces.
- Trusting cr itical information to public Wi-Fi. This has always been a no-no, but 36% of people continue to do this.
- Failure to keep devices updated — 27% of remote workers fail to do so.
- And failing to do data backups, not using 2FA, sharing passwords with others, and ignoring security warnings.
What makes these weaknesses unfortunate is that most can easily be remediated by adopting a more security-aware approach. When it comes to enterprise data, it makes sense for businesses to equip employees with VPN access and encryption tools to protect data in transit and on the device.
Another approach is to use modern device management protections to manage these remote endpoints. These let IT limit the use of public Wi-Fi, force the use of VPN, and automate remote installation of device software updates. These three steps alone go a long way toward improving security, as do the new breed of endpoint security solutions emerging from the likes of Jamf and others.
Be secure aware
Training is essential. When it comes to password reuse and poor security awareness when using public Wi-Fi, IT needs to redouble efforts to explain why these practices pose such a risk. That’s why it’s a shame that just 51% of remote workers in the survey say they received any security training; otherwise, they might recognize that even when using a VPN, it is still a bad idea to access sensitive information over public wireless networks — and never while using a network that has no password protection.
If you are using spaces like these to work, you should heed these warnings. Use a VPN, encrypt data in transit, put 2FA protection in place, and never share or re-use passwords across multiple sites. If using a Mac, enable a firewall (an extra barrier to help protect against attacks) in System Settings>Network.
Is the place safe?
Of course, when you use a shared working space, you are to some extent putting your security in the hands of a third party — the location owner. That’s why you should take time to vet the security protections at the location you use, look for multiple forms of authentication and regularly reset network passcodes, for instance. How are printers made available on the network? Has the location/router got firewall protection in place?
When using a public Wi-Fi network, check the network name carefully to ensure you’ve not accidentally jumped aboard some bright spark’s spoof network-cum-data harvesting play. Turn off auto-connect for public networks and delete them once you’ve finished using them to, and double check your Sharing settings (on Mac) to ensure none of your data or service are shared.
You should also use a VPN or at least Apple’s iCloud+ Private Relay service.
Develop good habits
Good data habits help. We’ve mentioned strong passwords and encryption, but a couple of other tips include not clicking on links in emails you aren’t certain of and denying any request to install any software when accessing a network. While much maligned on the Mac, it makes sense to run a virus checker when in public places, just to toughen your protection a little bit more.
One more point: When working in public places, be sure to shorten the automatic lockout period. I accept that needing to unlock your Mac or iDevice frequently can get annoying, but you’ll be grateful if you ever need to walk away from your computer for a few moments just as some nefarious person in the same room is searching for a target to attack. An unlocked Mac or device is a golden goose for such people.
Complacency is dangerous
Apple products are secure, right? While they are, mistakes such as those noted above also happen on iPhones, iPads, and Macs. The platforms themselves may be robust, but this has made some users a little less security conscious than they need to be.
The impact of this, according to the Beyond Identity report, is that 16% of Macs get breached, and 17% of iPhones are hacked. Even Apple has warned that attacks against personal data are shooting up.
While I confess that seems high, if remote workers improve their approach to security when working in shared spaces, the number of successful attacks should fall. With a little diligence, this short guide should help you work where you want safely (and this may help optimize your work habits).
Be safe!
Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.