managing public wifi risks: a cybersecurity guide for finance professionals in singapore.

tl;dr / summary;

• Convenience vs. security: Routine tasks on public wifi can expose sensitive client data and treasury credentials.
• The "evil twin": Hackers use rogue hotspots to mimic legitimate networks and intercept financial traffic.
• VPN limitations: While essential for encryption, a VPN is not a silver bullet against phishing or physical threats.
• Physical risks: Shoulder surfing in cafes and on the MRT or bus remains a significant but overlooked threat.
• Safe protocols: Tethering via mobile hotspots and enforcing multi-factor authentication (MFA) are non-negotiable for remote finance work.

For years, cybersecurity was viewed as a technical skirmish fought in the server rooms by the IT department. If the firewall was up and the antivirus was green, you would assume the fortress was secure. But the landscape has shifted dramatically. Today, the most sophisticated cyber attack does not target a software vulnerability. Instead, it targets the person with the keys to the treasury: you.

As a finance professional in Singapore, you sit at the intersection of liquidity and authority. This makes you, your department, and your organisation the primary target for modern cybercriminals. These threats are not just random spam, but rather precision-engineered whaling attacks and CEO fraud designed to bypass every technical layer of your security stack by exploiting human trust.

In this article, we explore why CFOs and finance teams are critical to safeguarding corporate trust, how to establish a robust human firewall, and why cybersecurity should become a cornerstone of your 2026 strategy.

why public wifi is riskier than you think.

We often hear that public networks are "unsecured," but what does that actually mean for a finance professional like yourself? Unlike your office network, which uses enterprise-grade encryption and monitoring, most public hotspots send data over the air in a way that is surprisingly easy to "sniff."

According to the Cyber Security Agency of Singapore (CSA), financial fraud and data breaches remain a top priority for national security. For financial institutions, the risk associated with unsecured networks are even more pronounced:

• Access to client data: You are not just browsing the news. You may be accessing PDPA-protected personal data, confidential records, and sensitive account numbers.
• Treasury platforms: Logging into payment systems (like MEPS+ or SWIFT) over an open network provides a golden opportunity for credential theft.
• Regulatory fallout: A breach originating from a coffee shop is not just an IT headache. It could potentially breach the  MAS Technology Risk Management (TRM) Guidelines, raising operational and compliance implications.

what is an “evil twin” attack?

One of the most insidious threats to remote work cybersecurity is the evil twin attack. In a typical scenario, a hacker sits in a café in the Central Business District (CBD) or Orchard Road and sets up a wifi hotspot on their own laptop, naming it "Starbucks_Free_WiFi_HighSpeed."

Because your device is programmed to look for familiar-sounding networks, you connect. To you, the internet works perfectly. Behind the scenes, every piece of data you send (passwords, wire instructions, internal memos) is passing through the hacker’s device first.

the "man-in-the-middle" scenario.

This is a classic "man-in-the-middle" (MITM) attack. In the context of financial services cybersecurity, this allows an attacker to capture login tokens for your ERP or banking portal. By the time you have finished your coffee, they could have enough information to impersonate you and authorise a fraudulent transfer via FAST or PayNow for Business.

does a VPN protect you on public wifi?

We are often told that a VPN (Virtual Private Network) is the ultimate shield. While it is a critical tool, we need to be realistic about what it does and what it does not do.

A VPN creates an encrypted "tunnel" for your data, protecting the data transmitted between your device and the network. If a hacker intercepts your traffic while the VPN is active, the information appears unreadable rather than exposing sensitive financial data such as client records or internal documents.. However, a VPN will not protect you if:

• You click on a phishing link: While the connection itself is encrypted, you may still unknowingly enter your credentials on a fraudulent website.
• The VPN connection drops: If your connection flickers and the VPN does not have a "kill switch," your device might automatically revert to the unsecured public network without you noticing.

A VPN remains an essential tool, but it should be used alongside other security measures such as multi-factor authentication (MFA), secure networks, and strong awareness of phishing risks.

shoulder surfing: the overlooked physical threat.

In our focus on digital encryption, we often forget about the person sitting in the seat behind us on the MRT or the bus. Shoulder surfing may seem like the low-tech cousin of hacking, yet in the crowded spaces where we often engage in remote work, it is surprisingly effective.

If you are reviewing a confidential M&A spreadsheet or an investment dashboard while commuting, you are one smartphone camera away from a massive confidentiality breach. In Singapore’s financial sector, visual data exposure can be just as damaging to client trust as a server hack.

Protect your physical workspace in public by:

• Installing privacy screens: These "blackout" filters ensure that only you can view your screen. If you do not have one on your laptop, you should not be opening sensitive documents in public.
• Choosing your seat wisely: Sit with your back to a wall to minimise the chances of prying eyes.
• Enabling auto-lock for your device: Set your screen to lock after one minute of inactivity to prevent accidental exposure.

the “tethering rule” for finance professionals.

If you take only one piece of advice from this article, let it be this: avoid using public wifi for work. Modern 4G and 5G cellular connections in Singapore provide much stronger encryption than the average hotel or café router. By using your phone as a mobile hotspot, you are effectively bringing your own private, secure network with you wherever you go.

Tethering gives you complete control over the connection between your devices, significantly lowering the risk of wifi spoofing and MITM attacks. For finance professionals working remotely, your mobile data is one of your most reliable tools in keeping client and corporate information safe.

remote work security best practices checklist.

To transform your remote setup into a fortress, follow this checklist every time you leave the office:

1. Prioritise tethering: Use your mobile hotspot instead of connecting to the "Free Guest Wi-Fi."
2. Always use a VPN: If you must use public wifi, ensure your corporate VPN is active before opening any apps or documents.
3. Enforce multi-factor authentication (MFA): Multi-factor authentication is the most effective way to stop a hacker, even if your password is compromised.
4. Audit your connections: Remove or "forget" public networks from your device settings to prevent automatic reconnection.

Protect visual privacy: Use a physical screen filter and be mindful of who is looking over your shoulder.

security as a professional discipline.

In financial services, we pride ourselves on our attention to detail and our commitment to client trust. In 2026, cybersecurity is simply the natural extension of that professional discipline. A "quick login" from a hotel lobby is not just a convenience. It is a risk calculation.

Remote work offers great flexibility and supports talent retention, but it also requires you to be more vigilant than ever. By moving away from public hotspots and prioritising secure connections, you are doing more than just following IT policy – you are safeguarding the integrity of Singapore’s entire financial ecosystem.

frequently asked questions.