Confining the Enterprise Wi-Fi Cyber Mess

Dror Liwer Blog

When companies develop Wi-Fi policies, they factor from the outset that everyone from the top executives down to the newest intern will need internet access in all places and all times, even in-flight. Furthermore, if Wi-Fi is for some reason inaccessible, all smartphones have hotspot options, meaning that Wi-Fi surrounds us like the air we breathe. While this constant internet connectivity is convenient and can be great for business, it is a nightmare for the CISOs and the cyber-security team. What are some of the security risks involved and what should a CISO be looking out for?

Numbers Don’t Lie

Xirrus Wi-Fi Networks recently published a poll revealing that although 91% of business internet users understand that public Wi-Fi is not safe, 89% use it in any event. Connecting to Wi-Fi at a local Starbucks to review a proposal might be convenient, but is it at all safe?  The problem is that public networks are not in the business of protecting data. True, many public Wi-Fi providers implement basic WPA-2 personal encryption, but that is easily hackable. Additionally, when you login to public Wi-Fi, you are sharing the same password with everyone around you.  Simply, the password is exposed, the data is barely encrypted (if at all) and your company’s’ data is open for the taking.

Beware of the Portable Hotspot

So, you are sitting in the hotel’s executive lounge waiting for your client, when the unexpected happens and the internet goes down. No problem, you will pull out your smartphone and hook up your laptop to its portable hotspot, because hey, you have the unlimited plan. You may have forgotten that your hotspot is just as vulnerable, as another Wi-Fi, so what can you do to protect yourself? True, there is a default WPA-PSK encryption with a default SSID and network key. While the configuration might be available, it may also be outdated thus leaving it insecure.  Those choosing to use portable hotspots might consider enabling WPA2, which is more secure at least for now. Additionally, you should change the SSID as hackers keep precomputed hash tables for common passphrases. It goes without saying that you should devise a strong non-dictionary based password and change it often.

Wi-Fi for guests

Of course, you want your clients or visitors to feel welcome in your office and that means allowing them to sign in to the corporate Wi-Fi. When an outside device hooks into your system you could be compromising your entire system, and risking sensitive data, as well. It’s safe to say that most businesses already understand the need to use  SSID to create a separate point of access for customers, while maintaining a business-grade secure access point for employees. This isolates your companies’ devices and locks out any possible intruder.  There are also a few obvious house items that security teams should remember to get around to like updating the default router passphrase, changing passwords at least once a quarter and after employees leave the company.

How to Reduce the Wi-Fi Risks?

We have identified some Wi-Fi danger zones, but practically what can the IT department do to keep data safe? The first thing to remember that you must provide a convenient solution that is just as effective as a standard Wi-Fi network. Employees want to login online quickly and get down to business. The company might consider a VPN option, which permits access to public Wi-Fi, but via a secure tunnel. Furthermore, look for providers who provide DNS leak protection, as this will aid against malicious look alike websites.

Hermetically secured personal hotspots are also another option. While providing all executives and employees an unlimited service will be expensive, it could be a safer and faster option than even the VPN. There is no point in fighting with your employees about Wi-Fi access, just provide them the education and tools that will keep them and your data safe.

You can also contact Coronet to secure your Wi-Fi users today!