2) Risk Description: Employees using work devices on public Wi-Fi networks can expose sensitive data to potential interception by malicious actors due to insecure network connections. (Second Priority) Likelihood: Possible - employees frequently use work devices in public spaces without considering network security Consequence: Major - Intercepted communications could lead to data breaches and financial loss Risk Rating/Severity: High Risk - due to the combination of medium likelihood and high consequence Priority: Second priority, significant impact and fairly likely occurrence Best Fit: Avoid is the most suitable response. Since public Wi-Fi presents a significant risk, the ideal approach would be to prohibit the use of work devices on such networks entirely to eliminate the exposure of those risks. Mitigation Strategies: 1) Policy to Restrict Usage: Implement a clear policy that discourages or prohibits the use of work devices on public Wi-Fi 2) VPN Usage: Encourage or require employees to use virtual private networks (VPNs) to encrypt data being transmitted over public networks 3) Employee Training: Educate employees about the risks associated with public Wi-Fi and promote safer browsing practices 4) Data Protection Measures: Implement additional security measures, such as endpoint protection and firewalls, to mitigate potential threats Both of these risks highlight critical weaknesses that could result in unauthorized access to data and possible security incidents