Unsecured Wi-Fi hotspots and troubling browsing behaviors

As adoption of cloud and mobile continues to rise, common employee practices inside and outside the workplace create risk for enterprises. To uncover the risks posed by users’ data-related habits, Bitglass tested real-world scenarios – frequency of connections to unsecured Wi-Fi hotspots, rate of external sharing in cloud applications, and the volume of corporate credentials already exposed.


With Wi-Fi hotspots set up in random public spaces, researchers were able to capture and analyze user traffic. In the 10-hour sample period, one-in-five people connected to the unsecured hotspots. Had a malicious hacker done the same, more data could easily have been captured. While public Wi-Fi is a known risk, the study demonstrates the frequency with which employees put data and credentials at risk.

The Wi-Fi experiment

The Bitglass Wi-Fi experiment found that:

  • One in five individuals connected to Bitglass’ unsecured Wi-Fi over the 10-hour sample period; a slightly longer time frame than a typical work day.
  • 21 people accessed enterprise cloud applications over the unsecured Wi-Fi hotspot, including Office 365, Salesforce, Adobe Marketing Cloud, ADP, Slack, and Asana – putting corporate data at risk.
  • Two connected devices navigated to known malware hosts, creating additional risk for data compromise.


Shared cloud data

Separately, the Bitglass team analyzed the cloud applications of its enterprise customers to uncover the volume of shared cloud data. These cloud applications, designed to enable sharing and collaboration, have become a major risk and one of the top drivers of enterprise data leakage.

Bitglass found that:

  • 51 percent of data stored in Google Drive is shared with individuals outside of the enterprise – significantly more than data in other apps.
  • Roughly 19 percent of corporate data stored in Dropbox is publicly available.
  • In organizations with Office 365 deployed, 69.5 percent of OneDrive data is shared internally on average.

Don't miss