This story at USA Today does a good job of laying out for lay audiences -- perhaps including corporate decision-makers -- a problem that clearly has not gone away: Public hot spots aren't secure.
Just because it is an old problem doesn't mean it has no teeth. IT departments must continue to pay attention. Indeed, it could be said that the most familiar problems, not the flashiest or most innovative, cause the biggest headaches. This is especially true if the reason the problem persists is that people don't use common sense. This certainly is the case when folks use public Wi-Fi to traffic sensitive data.
At the recent Black Hat conference in Las Vegas, according to this CIO Today report, research was presented that demonstrated how to crack Webmail accounts from MySpace, Facebook, Yahoo, Gmail and Hotmail running over unencrypted hotspots. These, of course, are not enterprise-grade e-mail platforms, but plenty of people do use them for business when they are on the go.
Being in a major urban area doesn't necessarily mean that data is safer. Contractor UK reports that Kaspersky Labs found spotty security in business districts of London and Paris, though the situation in the former has improved to some degree. There is no reason to believe that the situation is much different on this side of the Atlantic.
The bottom line is that corporations have to maintain and enforce stringent policies. There are technical ways to mitigate the problem. Life on the Road - Trucking News Blog makes a strong case for mobile virtual private networks. These electronic overlays obviate concerns about the native security of the hot spot. The writer gives glowing reviews to the company he uses, JiWire. He also mentions HotSpotVPN. This is the most expensive -- but a good value for health care workers, since it features Health Insurance Portability and Accountability Act (HIPAA)-compliant encryption. A third provider is WiTopia, which the blogger calls "a great company." The final company mentioned, Hotspot Shield, has an important asset: It is free.
Encryption is an important step, but not the only way to stay safe when using a public hot spot. The blog computing offers 10 steps to safe Wi-Fi: Disable Wi-Fi ad hoc mode; use a wireless VPN, an encrypted USB flash drive and a personal firewall; turn off file sharing; make sure the hot spot is legitimate; remove or disable the wireless adapter when working offline; encrypt e-mail; make sure nobody is physically spying as passwords are typed in; and, finally, take the machine to the counter when buying another latte.
This post at IT Consulting Through Convergence makes many of the same points. It adds another, which is quite obvious: It may be a good idea to simply not do the most sensitive of tasks at public hot spots. Clearly, that could be interpreted to mean that the crackers and hackers win. But, especially when dealing with high-value corporate data, it is better to be safe than sorry.