Disable Auto Connections

To learn how to disable auto-join Wi-Fi on iPhone, navigate to Settings > Wi-Fi. Tap the 'i' icon next to the network name and toggle 'Auto-Join' to the off position. You should also set 'Ask to Join Networks' to 'Ask' or 'Notify' to prevent the device from silently linking to unknown open Wi-Fi networks.

To understand how to stop Android from auto connecting to open Wi-Fi, go to Settings > Network & internet > Wi-Fi > Wi-Fi preferences. Toggle off 'Connect to public networks' or 'Turn on Wi-Fi automatically' depending on your specific Android version to prevent devices connecting to open Wi-Fi networks.

The primary risks of auto connecting to open Wi-Fi (evil twin hotspots) include data interception, man-in-the-middle attacks, and malware injection. Threat actors can easily set up rogue access points mimicking legitimate open networks to capture unencrypted corporate data from connected mobile devices.

Organizations can use Mobile Device Management solutions to push configuration profiles that restrict network connections. For example, using Intune disable auto connect to public Wi-Fi settings or MDM restrict Wi-Fi networks iOS Android policies allows IT to centrally prevent corporate devices from joining untrusted open networks.

A robust employee policy for public Wi-Fi and mobile devices should explicitly forbid connecting to unencrypted open networks for business tasks. It should outline instructions to disable auto connect Wi-Fi, mandate the use of a corporate VPN when off-site, and require reporting of suspected malicious network activity. Tools like WatchDog Security's Policy Management can help maintain the approved policy version and track employee acknowledgements as audit evidence.

Yes, the CyberSecure Canada mobile device requirements in Section 6.1.2.1(a) mandate that organizations must educate users to disable automatic connections to open networks. At Level 2 (Section 6.1.3.2e), organizations are required to technically enforce these connection restrictions.

Users should receive security awareness training covering the CyberSecure Canada requirements for public Wi-Fi use. This includes recognizing the dangers of open Wi-Fi, understanding how rogue hotspots operate, and learning how to manually disable auto-connect features on their personal or corporate mobile devices. Tools like WatchDog Security's Security Awareness Training can deliver this content in short modules and track completion across teams.

Yes, employees should always use a VPN when accessing corporate resources from untrusted networks. Organizations should document this in their VPN policy for employees using public Wi-Fi and ensure it is paired with the mobile device security policy requiring users to disable auto connect Wi-Fi.

For BYOD environments, organizations rely on security awareness training logs and policy acknowledgments to verify compliance. In COPE (Corporate-Owned, Personally-Enabled) environments, compliance is verified technically through MDM dashboards that confirm secure mobile device security policy profiles are successfully applied. Tools like WatchDog Security's Compliance Center can centralize acknowledgements, training records, and linked MDM evidence for easier audit preparation.

While traveling employees may occasionally need to use public Wi-Fi (such as at airports or hotels), they must never use auto-connect. Compensating controls include manually verifying the network name, utilizing cellular data hotspots whenever possible, and immediately establishing a secure VPN connection upon joining the network.

Training is only effective if you can show it was delivered, understood, and repeated over time. Tools like WatchDog Security's Security Awareness Training can assign role-based micro-courses on public Wi-Fi and rogue hotspots, track completion, and produce audit-ready records aligned to CSC-06-001.

Auditors typically want to see a current policy, proof of user acknowledgement, and supporting training records or enforcement evidence. Tools like WatchDog Security's Policy Management can manage policy versions and acceptance tracking, while WatchDog Security's Compliance Center can centralize those artifacts as mapped evidence for this control.