Take these two steps immediately to stay safe on public and home WiFi networks
By Peter Bookman, CTO and CMO of Guard Dog Solutions
Keeping ourselves secure on WiFi has only grown in importance with the recent need to bring the “unmanaged” and virtually unknown home networks underneath the corporate umbrella of management and accountability.
Prior to recent events, IT Network Administrators could manage networks fully within their control and set policies we all adhered to, with much less worry about the mobile workforce and public WiFi. Even in those circumstances, though, we had gray areas of understanding where end users needed to hold some accountability for the environments they ventured into and the use of their devices and the corporate information they held.
One of the most common pieces of advice for public WiFi situations (such as a hotel or restaurant) is to utilize a VPN to ensure your communications on the network are not at risk to whatever the privacy policies or potential security vulnerabilities the network might have. IT network admins might offer a tunneling VPN to get back to the home network, to at least keep corporate communications private as well as allow for full access to resources within the safe haven maintained by corporate IT.
However, having every person utilize a VPN tunnel for privacy is both inefficient and costly because it doubles the amount of bandwidth required.
The average breach costs even small companies $172,000 or more, in addition to the loss of trust, time and reputation.Peter Bookman, CTO and CMO of Guard Dog Solutions
Consumer VPN is a Start
Enter consumer VPN products, where the focus is on the “P” portion of the VPN (privacy), but generally makes it a non-issue where the other end of the tunnel terminates, because it only needs to assure privacy on the network you’re on.
Consumer VPN lacks the auditability and manageability of corporate IT VPN products but offers significant advantages for the now nearly entirely teleworking workforce. Their biggest advantage is the simplicity of terminating somewhere in the cloud. They can mitigate potential exploits on Wi-Fi networks by having all of the traffic going out of a device be encrypted as opposed to only the traffic meant for corporate resources.
Here’s an example. It happened to a close associate of mine who managed a family named firm that had been run for multiple generations. Upon taking his family on a trip to Mexico and utilizing a well-known brand’s WiFi environment, he was hacked. Client information was compromised and the family firm ran into serious issues. To put this in perspective, the average breach costs even small companies $172,000 or more, in addition to the loss of trust, time and reputation.
In an ideal world, networks, devices and end-to-end protection would be so simple that security would be built in and “just work.” But until then, I suggest two ways to make things simpler as well as get enough education to keep yourselves and those around you safe:
1. It is fairly simple and very important that the privacy tools that come with any network (including a home network) not be relied upon and some sort of VPN technology be standard operating procedure for all of the traffic on any device.
While WiFi has had privacy, features built in such as WEP or WPA (two very common encryption technologies built into most wireless solutions) they need to be configured correctly to work well and are often the victim of exploits that make them less than useful. Despite the perceived encryption, they can be eavesdropped.
At the time of this writing, more than 1 billion routers can be exploited and eavesdropped using an exploit called Kr00k. Customer VPN software protects you from the vulnerabilities of the home or outside network you may use for remote business. However, the router you use could be vulnerable as well. Perhaps for another blog, I can share some simple management tips on setting up your home WiFi network to be more secure, which leads to the next concern.
2. It is worth considering the inherent vulnerabilities of the devices themselves even with software privacy protection in place.
Even when networks offer some level of privacy; and even if you deploy a privacy solution such as a consumer VPN, your devices remain vulnerable to any exploits they may contain at any given time. Ideally, a solution that offers some sort of overlay protection on a network could cover the gap. Without a solution like this, you can assume your devices will need to fend for themselves.
Some simple fixes for your devices would be virus protection and firewall protection. Corporate IT generally use centrally based device management solutions due to the number of devices and people they have to manage. As for us, we can just be sure we have some sort of firewall and virus protection on our personal devices as we bring them online. We can also be vigilant about updating each device when the alerts suggest that we do so. The updates will generally include the fixes for the newest known exploits that would allow would be attackers to get around the firewall and virus protection or the private connection.
Whether you’re a traveler who (like most of us) ventures among numerous WiFi networks on any given day, or a new teleworker who could benefit from knowing how to keep yourself safe and which tools are essential, my hope is to make it simple and easy to keep your devices safe.
This is just a starting point, but a digestible place to start. In additional posts I’ll suggest the training and tools you can use for things like password safety and keeping our personal information safe.
In summary, I encourage everyone to take these two steps on the path to accountability for your online actions. Take privacy and security into your own hands by ensuring your devices are up to date and have the ability to keep potential exploits at bay.