Avoid Untrusted Wi-Fi

Generally, no. Public WiFi security is inherently weak because these networks are often unencrypted and open to anyone. For secure remote work on public Wi-Fi, employees must always use a corporate VPN or alternative secure connections to prevent interception of sensitive corporate email and data.

The CyberSecure Canada public Wi-Fi requirement under Section 6.1.2.1(b) mandates that organizations must educate their users to actively avoid connecting to untrusted Wi-Fi networks on their mobile devices. This forms a core part of the organization's security awareness training.

To learn how to spot a fake Wi-Fi hotspot, employees should verify the exact network name (SSID) with the venue staff. Attackers often create evil twin networks with names slightly misspelled or identical to legitimate ones. If a network doesn't require a password or asks for unusual personal information to connect, it is likely an untrusted Wi-Fi network.

Yes, using a VPN for public WiFi is an essential security measure. It creates an encrypted tunnel for data, ensuring public Wi-Fi man-in-the-middle attack prevention. A company policy public Wi-Fi VPN should require its use whenever an employee must connect to any network outside the trusted corporate office.

To disable auto connect to open Wi-Fi, employees should check their device's Wi-Fi settings and turn off Auto-Join or Connect to public networks. Organizations should include avoid untrusted Wi-Fi networks training that shows users exactly how to disable these settings on iOS, Android, and laptops.

The biggest risks include packet sniffing, man-in-the-middle attacks, and malware distribution. When users connect to an untrusted Wi-Fi network, attackers on the same network can potentially intercept unencrypted data, steal login credentials, or inject malicious code into the traffic.

While HTTPS encrypts the content of the traffic, attackers can still see which websites are being visited. Furthermore, advanced attackers can attempt SSL stripping attacks or exploit misconfigurations to downgrade the connection to HTTP, allowing them to intercept passwords if work laptop public Wi-Fi best practices are not followed.

Using a cellular mobile hotspot instead of public Wi-Fi is significantly safer. Cellular networks use strong encryption that is much harder for local attackers to intercept. Educating employees to use their corporate smartphone's tethering feature is a highly recommended practice for avoiding untrusted Wi-Fi.

A strong company policy public Wi-Fi VPN should explicitly prohibit accessing sensitive corporate data over open networks, mandate the use of a corporate VPN if public access is unavoidable, require devices to disable automatic connections, and define exactly what is an untrusted Wi-Fi network.

Security awareness training should cover avoid untrusted Wi-Fi networks training at least annually. For employees who travel frequently, it is a best practice to provide a brief refresher on mobile device security and public Wi-Fi risks before major business trips.

Auditors typically expect evidence that users were trained and that key policies were acknowledged. Tools like WatchDog Security's Compliance Center can map this control to required evidence (e.g., training completion records and policy attestations), highlight gaps by team or role, and keep an audit-ready history of who completed training and when.

Training programs often fail when completion tracking and follow-ups are manual. Tools like WatchDog Security's Security Awareness Training can assign role-based micro-courses on public Wi-Fi risks, track completion and overdue training, and generate reports that support compliance reviews and internal governance.