Securing Wireless Devices in Public Settings
As telework becomes an essential component of the “new normal” for businesses, many are teleworking from home or during travel. While working from public networks, additional steps must be taken to ensure that they are secure. Protecting personal and corporate data is essential at all times, but especially when teleworking in public settings.
Cybersecurity is crucial for users and businesses to ensure that data, devices, and login credentials remain secure and uncompromised. Identifying higher-risk public networks and implementing security best practices in public settings are important pieces of cybersecurity as a whole.
Accessing public Wi-Fi hotspots may be convenient, but public Wi-Fi is often not configured securely. Using these networks may make users’ data and devices more vulnerable to compromise, as cyber actors employ malicious access points, redirect to malicious websites, inject malicious proxies, and eavesdrop on network traffic. Cyber actors can compromise other common wireless technologies, such as Bluetooth® and Near Field Communications (NFC). These technologies must be properly configured to ensure user devices remain secure from compromises. The risk is not merely theoretical; these malicious techniques are publicly known and in use.
The following are best practices for securing devices when conducting business in public settings. While these best practices cannot ensure data and devices are fully protected, they provide protective measures users can employ to improve their cybersecurity and reduce risks.
Best Practices for Securing Wireless Devices
While technology settings and business controls may help keep security measures up to date, users should also be aware of the potential threats from connecting to publicly available Internet and take appropriate precautions. Before conducting business remotely or in public settings, users should obtain explicit authorization from their organization. Organizations may decide to require users working remotely to adopt best practices such as the ones outlined below. The information that follows may be used to better protect users, devices, and data while teleworking.
Wireless Devices Do’s and Don’ts
Do | Don't |
|
|
|
|
|
|
|
|
For Laptops:
|
|
For Windows Laptops:
|
|
|
Public Wi-Fi
Avoid connecting to public Wi-Fi when possible, as there is an increased risk when using public Wi-Fi networks. For greater security, use a corporate or personal Wi-Fi hotspot with strong authentication and encryptions whenever possible.
Precautions must be taken before connecting to public Wi-Fi. Data sent over public Wi-Fi networks – especially open public networks that do not require a password to access – is vulnerable to theft or manipulation. Even if a public Wi-Fi network requires a password, the traffic transmitted over the network may not be encrypted. Malicious actors can decrypt data over a password-secured Wi-Fi network if they know the pre-shared key. A malicious actor can also coerce the network into using insecure protocols or obsolete encryption algorithms. Additionally, a malicious actor can set up a fake access point (known as an evil twin) to mimic the nearby expected public Wi-Fi, resulting in that actor having access to all data sent over the network, including personal and corporate login credentials.
If connecting to a public Wi-Fi network, use a personal or corporate-provided virtual private network (VPN) to encrypt traffic sent over the network by our device. Users should incorporate secure browsing methods, such as only accessing Hypertext Transfer Protocol Secure (HTTPS) websites. This is indicated by the URL beginning with https:// and/or a lock symbol. These methods will aid users in better protecting their information from Wi-Fi snooping, man-in-the-middle techniques, server masquerades used to capture password hashes (such as the Responder tool), and evil twin mimics.
Public Wi-Fi Do’s and Don’ts
Do |
Don't |
|
|
|
|
|
|
If connecting to public Wi-Fi is necessary:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For Laptops: | |
|
|
|
|
Bluetooth
Bluetooth technology transmits data wirelessly between devices within short distances. This feature is very convenient in private; however, keeping a device’s Bluetooth feature enabled in a public setting can pose a cybersecurity risk. Malicious actors can scan for active Bluetooth signals, potentially giving them access to information about the targeted device. That information can then be leveraged to compromise the device. Bluejacking, Bluesnarfing, and Bluebugging are all Bluetooth compromise techniques that can be used to send, collect, or manipulate data and services on a device. Additionally, Blueborne (a publicly released Bluetooth exploit) can allow malicious actors complete control over a user’s Bluetooth device that could enable access to corporate data and networks.
Bluetooth Do’s and Don’ts
Do | Don't |
|
|
|
|
|
|
|
NFC
Near Field Communications (NFC) offers the benefit of contactless payments and other close device-to-device data transfers. As with any network protocol, NFC vulnerabilities can be exploited. Due to range limitations, opportunities to exploit vulnerabilities may be limited. However, be aware of security risks with the technology and if possible, disable the function when not in use.
NFC Do’s and Don’ts
Do | Don't |
|
|
|
Users should consider additional security measures, including limiting/disabling device location features, using strong device passwords, and only using trusted device accessories, such as original charging cords.
Telework Safely
The methods used to compromise devices and data are constantly evolving. As telework becomes more common, users are more frequently bringing themselves and their data into unsecured settings and risking exposure. By following available guidance, users can identify potential threats and put best practices into action when teleworking in public settings.