Wireless security risks and defenses
by Mirko Zorz - Tuesday, 1 July 2014.
In this interview, Kent Lawson, CEO of Private WiFi, talks about the key threats exposed by wireless access, offers protection advice and illustrates the trends that will shape wireless security in the future.

What are the key threats exposed by wireless access? What should users be worried about?

Millions are victims of identity theft every year. One culprit is free public WiFi, which was designed for convenience, not security, and makes users vulnerable to identity theft. In fact, it was after I read a series of articles in The Wall Street Journal, Forbes and The New York Times about the security vulnerabilities of WiFi hotspots that I was inspired to come out of retirement and work to resolve the problem.

WiFi signals are merely radio waves. If unencrypted, anyone within range can ďlisten inĒ on all of the data people send and receive. Antivirus or firewall software canít stop this from happening. Public WiFi in places such as coffee shops, hotels, and airports, is frequently unencrypted and exposes on-the-go usersí sensitive informationóregardless of whether they realize it or not.

No one should ever assume a WiFi hotspot is secure. Yet not everyone realizes this or is taking steps to protect their data. A recent Nielsen survey found that nearly 40% of people who have used public WiFi in the U.S. have accessed or transmitted sensitive information including bank account details, paying bills, and confidential emails. It also found that a large number of people won't spend money on a security technology solution such as a VPN until after theyíve been hacked, which in my opinion is just too late.

Iíve seen reports that in 2013 there was an average of one identity fraud victim every two seconds. With numbers this high, itís my belief that people have to take protecting themselves into their own hands.

What practical advice would you give to a CISO working in an organization with a mobile workforce?

A CISO is already going to know how to protect their mobile workforce, so large organizations smartly use VPNs. But even these companies struggle with the fact that employees often use their own personal devices to access corporate data. Thatís because the work and personal boundaries have blurred in todayís connected mobile world, which increases the risk that people will get hacked when traveling.

There are a number of recent surveys that illustrate that enterprise employees access sensitive corporate data on their personal devices when using an unsecured public WiFi network, often while commuting via train, bus, or subway. However unintentionally, the workforce is undoubtedly placing corporate data at risk, so stringent BYOD and security policies are in order.

SMBs that donít have a CISO may be even more at risk, given that they donít typically have dedicated IT resources. Plus, telecommuting arrangements for SMBs often mean workers are more mobileóand more likely to access free public WiFi as they work in coffee shops or co-working spaces and when they travel to and from meetings.

For this reason, business owners should ensure their workers use a personal VPN, which is a proven technology that consumers and major organizations, such as banks and government agencies, trust. It is easy to install and extremely cost effective to protect users from hackers.

Do you think it is time to think of an alternative to WPA encryption?

Yes, it's long past time. Unfortunately, many people and businesses are still using WPA and sometimes even WEP encryption. With WPA, youíre vulnerable to sharing your network with strangers, using common passwords that are easy to hack, or switching your WiFi to public.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th