IoT devices are the most vulnerable to Wi-Fi attacks, according to IT professionals polled in a new Spiceworks survey.

The firm quizzed 527 IT pros from North America and Europe to examine how businesses are securing their data and devices on Wi-Fi networks.

The research found that 52% of respondents believe workplace IoT devices such as smart lights and thermostats are ‘extremely vulnerable’ to Wi-Fi-based attacks, with IP-enabled appliances (49%), video equipment (42%) and electronic peripherals (40%) just as exposed.

Conversely, the perceived Wi-Fi risks associated with traditional computing devices was noticeably lower, particularly with regards to Apple products. Just 19% of respondents classed Apple laptops, tablets and smartphones as ‘very to extremely’ vulnerable to Wi-Fi-based attacks, whilst that figure was 30% when it came to Windows and Android devices.

“While adoption of IoT devices is increasing in the workplace, many IT professionals are still wary of connecting these often un-patchable devices to corporate Wi-Fi networks,” said Peter Tsai, senior technology analyst at Spiceworks. “As a result, some organizations are delaying the adoption of IoT devices and holding out hope that the forthcoming WPA3 protocol might improve Wi-Fi security.”

Risks surrounding public Wi-Fi use were of clear concern too, with 92% of IT pros worried about company-owned devices connecting to public Wi-Fi networks. In fact, only slightly more than half of respondents had confidence their company’s data is adequately protected when employees connect to public Wi-Fi and more than a third doubted workers use a VPN to do so.

Speaking to Infosecurity, Mark James, security specialist at ESET, said that using public Wi-Fi can be very dangerous, and just because there’s an option to connect to ‘Free café Wi-Fi’ that does not mean it’s the right network to use.

“If it’s the wrong one, you could literally be sending every single piece of traffic through a man-in-the-middle attack scenario,” he explained. “There could be all manner of information sent back and forth that could enable them to compromise your corporation networks with your credentials. Every business should have rules and policies in place to ensure all staff understand the potential dangers of using public Wi-Fi.”

James added that whilst his advice would be to avoid using public Wi-Fi on corporate devices altogether, if that isn’t possible, there are some precautions users should prioritize to reduce the risks.

“First and foremost should be the use of VPN’s; any traffic sent from your business device through a public Wi-Fi should be encrypted using a VPN. Try, where possible, to use SSL connections on websites that allow it, and ensure you have a good regularly updating internet security package installed on all devices. It won’t protect you 100%, but it will do most of the work for you in the daily defense."