Is Wi-Fi Security Your Biggest Vulnerability?
Not too long ago, I was interviewed for a Comcast Business blog post and Inc.com article about Wi-Fi security. As long as the Wi-Fi is up and running, the security of it isn’t something the average person gives a lot of thought to, but improperly secured Wi-Fi networks present a number of unique vulnerabilities hackers can exploit to gain access to sensitive data. To understand Wi-Fi security, it helps to know about these strategies that hackers use.
Network sniffing is when a program or piece of hardware secretly monitors all traffic and activity over a network. It enables hackers to sit back and gather logins, bank account numbers, and all sorts of valuable information as it’s transmitted over the network without users ever knowing their data has been compromised.
Evil Twin Networks
If your employees use Wi-Fi networks at hotels, coffee shops, restaurants, and airports, they could easily be giving up company data to hackers. LTE networks are the safest way for employees to transmit data from the road (despite recent revelations that LTE may not be as secure as once thought). Networks that appear to come from organizations you trust, such as a hotel, can be susceptible to evil twin attacks in which hackers set up a network that looks legitimate and functions normally, but it is actually being used to gather information that can be exploited or sold.
To demonstrate how easy this is, we will sometimes set up our own evil twin network at conferences. The network may be called "Hotel Free Wi-Fi" or something similar and even have a sign in page with the hotel’s brand. During our presentation, we’ll ask for a show of hands of who logged into the network. Inevitably, about half the people in the room have.
Wardriving is the practice of driving around looking for unsecured networks. This is precisely why secure networks are a must for every home and business. You may think that you’re in a location where no one is likely to access your network, but almost every network reaches a road. Plus, hackers can use special tech to pick up weaker signals than an average device, so an unsecured network really is an invitation to a data breach.
Additional Wi-Fi Security Concerns for Businesses
Many businesses allow visiting guests to connect to their Wi-Fi. If it’s not a segregated guest Wi-Fi, then they could be allowing an infected guest PC to infect users on their network. The same vector can introduce malware that can steal data over days, months or years. TJ Maxx’s parent company was breached to the tune of $94 million because it didn’t separate its public Wi-Fi from its payment systems. (As a result, we named unsegregated Wi-Fi one of our 7 Deadly Security Sins.)
Wi-Fi is also frequently the medium used to connect IoT devices such as a security system or internet thermostat. Each IoT device on your primary Wi-Fi can potentially be a way for a hacker to connect to your network and compromise confidential data. For optimal Wi-Fi security, it's best to have a separate network for IoT devices that nothing but those devices is ever connected to.
Finally, businesses often don’t realize that their network can be a tool to prevent non-Wi-Fi based attacks such as phishing. Cisco Umbrella, for instance, adds a DNS layer of security that double checks every URL accessed to make sure it’s not malicious. In fact, we have a post specifically about Protecting Your IoT Devices and Wired or Wireless Networks.
Breakthroughs in Wi-Fi Security
Have you ever noticed how Wi-Fi networks tend to ask for a “WPA2” password? What the heck does that mean? It stands for “Wi-Fi Protected Access 2,” which has been the standard for Wi-Fi security since—get this—2006.
While it takes some sustained effort from a hacker, WPA2 passwords are beatable, which is scary because the alternatives, WPA or WEP are woefully outdated and vulnerable, though still widely used. (I know, we can’t sleep at night over this, either.)
However—this just in—WPA3 is here! It’s not commercially available yet, but it will be soon. When it is, your Wi-Fi password probably will be the most secure it’s ever been in your lifetime, even if you choose a very easy to guess password. In the meantime, the best defense is a Wi-Fi password that’s difficult to break. Here’s our guide to creating stong(er) passwords.
Turn the Tables
What if you could reverse the Wi-Fi Security paradigm and instead of your greatest weakness, your network could become the strongest layer in your defense? Artificial intelligence is making this possible with tools like OpenDNS.
OpenDNS is a technology available to both consumers and businesses that has an intelligent filter for all internet traffic. All traffic on the network runs through OpenDNS which blocks websites that are known to be malicious. Users don’t experience a lag or know that OpenDNS is active until they click on a link they shouldn’t. The best part is that OpenDNS learns as it goes. If a domain is not yet a known threat, OpenDNS can detect other suspicious characteristics and block it.
Rather than a vulnerability, your network can become a safeguard against users who may unknowingly click spoof links that subtly change a single letter of legitimate URL to lure in victims. OpenDNS stops this in its tracks for anyone on your network.
Tips to Improve Your Wi-Fi Security
Like so many topics in the cybersecurity space, Wi-Fi security can get overwhelming. Here’s a quick recap of steps to take to secure your network.
- Familiarize yourself with possible Wi-Fi vulnerabilities such as evil twin networks
- Use LTE on the road
- Segregate your network so that guests and IoT devices are on separate networks
- Have a strong Wi-Fi password
- Use OpenDNS to make your network a means of protecting your devices and data, rather than a danger to them