Employees are exposing personal and professional information unknowingly as they log onto public WiFi hot spots at hotels, airports and coffee shops, experts say.

Ryan Crum, former director of information security at PricewaterhouseCoopers Advisory Services, said he has observed unprotected Social Security numbers, corporate financial data and information about mergers and acquisitions circulating on public WiFi networks, particularly in emails.

Security experts recommend that IT managers take the following steps to protect corporate data from hot spot dangers:

  • Establish and enforce strong authentication policies for devices trying to access corporate networks.
  • Require employees to use a corporate VPN and encryption when making connections and exchanging data. Better still, set up computers and other mobile devices so that they automatically connect to the VPN and encrypt data, after it has been determined that the device hasn't been lost or stolen.
  • Make sure all devices and software applications are configured properly and have the latest patches.
  • Ensure that corporate security policies prohibit people from transferring sensitive data to mobile devices or unauthorised computers.
  • Provide workers with broadband air cards, which require a service plan, so employees don't have to use public hot spots for wireless connections.