Wi-Fi hot spot horrors

Laptops are the main business tool for most mobile workers, and connecting those devices to the Internet via free public Wi-Fi hot spots has become common practice. So how well do your mobile workers follow security guidelines for safe mobile computing?

Slideshow: 10 hot spot safety tips.
Podcast: James Gaskin talks about his adventure.

To find out, we went directly to the source. We visited airports, restaurants and coffee shops and asked people about the security measures they were taking to protect their laptops.

We asked whether the laptop was personal property or provided by work, whether it was being used for personal or work projects, what kind of security training the users had been given, and other details about Wi-Fi use and general laptop safety. Because we tracked no personal details beyond the user's first names, people seemed open and fairly honest with their answers.

Click to see: Wi-Fi security tips

The results should scare any security professional. Many users have little idea what security features their laptop has, and only vague notions of safe computing practices. Before we get to the real horror stories, let's start with the end users who exhibited the best Wi-Fi behavior.

Timothy: B+

Every IT exec who has laptop users on the road would be happy to hold Timothy up as an example of smart laptop use. Sitting in the Los Angeles airport, plugging his laptop into his cell phone, Timothy did most of the right things to protect laptop safety.

"All the company field service engineers have to be A+ certified," says Timothy, a technician for a medical device manufacturer. "IT installs security software and we get occasional memos about safety, but we all understand security and are pretty careful."

Because the Los Angeles airport doesn't offer free Wi-Fi, Timothy uses the Sprint cellular data network through his cell phone. But when free Wi-Fi is available, in the Denver airport for example, he takes advantage of it.

Checking his company e-mail, Timothy says he has access to a VPN for connecting back to the company network, but wasn't using it at the time. His employer provided the Dell Latitude D520 running Microsoft Windows XP, but Timothy admitted using it for personal business as well.

Timothy's laptop had a password that appeared before Windows loaded. He wasn't sure if that was for a system-level password or a full disk encryption product.

Kurt: B

Then there's Kurt, CFO for a regional restaurant chain. Kurt loves free Wi-Fi if he can get it, and refuses to consider paying for any type of cellular data network plan for himself or any of his users. "If I can get by with free Wi-Fi as much as I travel, so can everyone else," he says.

Sitting in the Dallas Ft. Worth airport, Kurt was buying a single day pass for T-Mobile Wi-Fi access. His Dell Latitude 630, company equipment, was running Windows XP.

"We use a Blackberry or a smart phone for our e-mail, so laptop connections aren't that critical," says Kurt. He does use his company laptop for personal projects, but answered with a quick emphatic "no" when asked about online banking over public Wi-Fi. "I can start a VPN to our company accounting server if I need to, but that's all the connections I have to work," Kurt says.