It has been estimated that 63% of the Internet traffic worldwide will be sent by Wi-Fi by 2019. So is your Wi-Fi Secure?
So what are the drivers for more Wi-Fi?
- Increased workplace productivity – Wi-Fi allows your business users to work in any location at any time.
- Cost – in smaller businesses it is cheaper to install a couple of Wireless Access Points than it is to install structured cables.
- Customer satisfaction – you now expect every place of leisure, coffee shops, bars, restaurants, hotels, gyms etc to have Wi-Fi and if they don’t, people don’t go back or score them down on Websites such as Trip Advisor.
- Marketing – Wi-Fi is probably the best way to capture customer data, because to use the system they have to provide personal details.
- The Internet of Things (IoT) – We are now moving into the era of connected devices, from Toaster, Fridges, Washing machines, door entry systems and even your cars management systems. It is estimated these types of devices will triple in number by 2020. And, they all need one common denominator – Wi-Fi!
However, as with everything, Wi-Fi is also one of the easiest devices for Cyber Criminals to attack and if they can get access to the hotspot, they can get access to your device and through that, access into your business network.
The top threats to Wi-Fi
- Password cracking – a lot of wireless access points still use older security protocols, such as WEP, which is easy to crack. Particularly on cheaper devices.
- Rogue Hotspots – Let’s be honest, wireless users will connect to any hotspot that allows them Internet access, they don’t care. This means it is easy for cyber criminals to spoof a legitimate hotspot for their own and once you connect – they have got you and are free to inject malicious code to your device.
- Planting Malware – Similar to above but even legitimate hotspots are susceptible to you unknowingly getting infected with Malware or Ransomware. One tactic they use, is planting a backdoor into your device so they can return at a later date to steal your information, which could include your bank details.
- Eavesdropping – Cyber criminals love this, particularly on unprotected wireless networks.
- Data Theft – This is one major area of concern, if you join an unprotected Wi-Fi network then you are susceptible to hackers stealing corporate or personal data from your device.
- Inappropriate use – This is an area often overlooked and something we like to point out to our customers. If you provide Wi-Fi you are responsible for what your customers are browsing and you have to be able to block them using adult or offensive sites. You may even want to block streaming of video or music. Without proper controls, the person streaming is taking all of your bandwidth meaning other customers get a poor experience.
- Infected Devices – If an already infected device joins the network, it can quickly spread to other devices on that network.
Along with Wi-Fi threats listed above there are also additional problems that key industries have, and you should be aware of:
- Retail – Any retail outlet that accepts credit card payments has a responsibility to its customers to protect your data. All Point of Sale devices must be PCI (Payment Card Industries) compliant – if in doubt ask and if you are not happy with the answer, don’t use your card.
- Healthcare – If retail is covered by PCI then Healthcare is governed by HIPPA (Health Insurance Portability and Accountability Act). If you access Wi-Fi in a hospital or medical centre, they must be HIPPA compliant and similar to the IoT, lots of medical devices are now connected by Wi-Fi.
- Education – This is another area of high concern, mobile devices in schools and colleges is at an all-time high, most school children and students have Smart Phones and Tablets and they expect Wi-Fi. This is giving IT administrators sleepless nights, because how do you give free access and make it secure from the people praying on children?
So, if you provide free Wi-Fi, what can you do to help your security?
- If you are still using WEP authentication, you need to move to the latest security protocol – WPA2.
- Implement a strong password policy – your password should not be the default or a name or password. You should have at least 10 digits and a mixture of uppercase, lower case, numbers and special character and you should refrain from sequential numbers. Example zLeYB1zGf0.
- Administrators, know your network, can for rogue access points and whitelist MAC addresses. If you spot any anomalies, blacklist immediately and remove.
- Narrow the range of your network so it only covers the area of operation you want covered
- Most important, ensure you have the latest patches, fixes and firmware on your device. This means keeping a support contract from the manufacturer.
At Unleashed we are fanatical about cyber security so we would always recommend, as a business, you should have enterprise grade security, not just the password on your broadband router – you should have a separate Firewall with some or all of the following security services running.
Most of these services would normally come under the heading Unified Threat Protection.
- Application Control – Enables IT administrators to monitor and control access to web and business applications to enforce policy, and protect productivity and network bandwidth.
- Intrusion Prevention Service – Works hand-in-hand with your WatchGuard firewall’s application layer content inspection to provide real-time protection from threats, including spyware, SQL injections, cross-site scripting, and buffer overflows.
- Web Blocker – Content and URL filtering subscription helps eliminate legal liabilities resulting from inappropriate web surfing, while increasing employee productivity and protection from web-based attacks.
- Gateway AntiVirus – Is a fully integrated, heuristic and signature-based security subscription that identifies and blocks known spyware, viruses, trojans, and blended threats in real time.
- Spam Blocker –Cloud managed spam blocking solution for low footprint UTM appliances. Up to 4 billion messages per day reviewed.
- Reputation Enabled Defence – Delivers a powerful, cloud-based URL reputation service that protects web users from malicious web pages, while dramatically improving web processing overhead.
- Advanced Persistent Threat Blocker – Works in conjunction with signature-based antivirus to detect and block advanced malware and zero day attacks, using a cloud-based sandbox with full system emulation – For attacks such as CryptoLocker.
- Data Loss Prevention – Prevents data breaches by scanning text and common file types to detect sensitive information. A predefined library of over 200 rules for 18 countries makes creating and updating corporate data policies as easy as point and click.
- High Availability (HA) – For larger organisations we would recommend failover. It means you would have two firewalls and one would sit dormant in HA mode. In the event of a failure, all licenses would automatically be transferred to the HA device and you would have no loss of service.
For further information about anything in the blog then please visit our website: www.weareunleashed.com or call us on 0333 240 0565 and we will be happy to give you the benefit of our experience.
Our thanks go to our security partner WatchGuard for help with the content for this blog.