There will always be a need to have physical security measures in place, no matter how many new technological advancements crop up over the years. However, over the past few years, security concerns have revolved more around cyber security, as compared to the physical. The simple reason behind this is that technological new advancements tend to pose new threats. Do not get me wrong, I am not saying they aren’t beneficial (how would you be able to read this post without an internet connection?), but they are not perfect.
In corporate and commercial settings, WiFi networks are used to enhance the transmission of data and they are an excellent tool for communication. There is no question about the popularity and ease-of-use of WiFi, but not many people take the time to dwell on the negative attributes a WiFi network, and WiFi enabled devices, might have.
This very question has been a pressing issue many companies have had to deal with. Especially those companies that have instituted BYOD (Bring Your Own Device) policies. It is for this reason that I will attempt to answer the question about whether or not WiFi enabled devices are a risk to your company’s security.
1. Sub Par Security Protocols
One of the main reasons why WiFi enabled devices are a threat to your company’s network is simply because each device has its own security parameters, which simply means that some might be more secure than others. In most cases, the security parameters that these devices employ are subpar and are easily bypassed by even the most novice hacker. In the discussion about WiFi enabled devices, it is important to look past computers and laptops and look at the much broader spectrum of devices that fall under that category. These devices range from smartphones to IoT devices, and a great many others that have the ability to connect to a wireless network.
It is very possible to make your WiFi network more secure by filtering through the MAC addresses of each device that wants to connect to your network. However, these filtering options are also easily circumvented by hackers. Each device requests access to the network in a different way, and each of these devices has a different method of verifying wireless signals. Constantly connecting different WiFi enabled devices to your network increases the chances of a cyber criminal working their way into your network. This entry can be as easy as piggybacking off of the transmitted signal from a device.
2. Security Compliance
As I alluded to in the first portion of this article, there are many devices that have the ability to connect to WiFi networks. These WiFi enabled devices do not have universal security measures and this will most certainly clash with the security standards that might be set down by your company. With the use of so many different devices, it will be hard to keep every single device strictly within the guidelines of operational company policy.
In order to battle this problem, companies can follow a simple security maintenance schedule. This will help with firmware and security updates. This ensures that every device is remaining security compliant and is not posing a risk to the network. This is not easy to do, but it is important. It is also important to make sure that you pay attention to every device. From a WiFi enabled printer, to the smart TV, to the newly installed smart locks on doors, everything creates risk.
3. Session Hijacking Methods
Session hijacking is a method that is used by hackers and cyber criminals to take control of a user’s connection or session, without their knowledge. This very act places the user’s data at risk. When a company faces this threat, the stakes are increased tenfold. There is a high possibility of WiFi enabled devices being hijacked, which puts your company’s security at risk. The same concept applies to IoT devices. These devices need to transmit and communicate with the host network before they execute almost any action, which means that there are generally more tries for a hacker to take advantage of.
WiFi enabled devices are especially susceptible to two forms of session hijacking. These are the session sidejacking method and the cross-site scripting method. These methods are most harmful to WiFi enabled devices because they target the communication between each device and a company’s network. This makes it easy for any hacker to work their way through your network, even from the smallest device. It is even more of a hassle when employees are allowed to connect their personal devices to the company’s network because there is always a possibility that their device might be compromised without their knowledge. These attacks can be carried out remotely, which makes them even more dangerous and hard to combat.
Although it may be hard to combat, there are options available to you to help keep your company’s network secure. WPA2 and AES encryption protocols will allow you to encrypt signals from your company’s wireless router, which will make it harder for session hijacking to occur.
4. Data Transmission and Network Access
Data is usually encrypted when it is being transmitted from one device to another. The encryption of transmitted data is a tried and trusted process, but one that has seen many shake-ups due to the increased number of IoT and WiFi enabled devices. Many of these devices (especially IoT devices) tend to make use of plug and play protocols. This gives them the ability to connect and discover your network. From here they can connect at will, especially if they have been verified once before. It is important for devices to be verified each and every time they access a network so that they do not serve as open ports for cyber criminals to exploit.
These kinds of devices generally do not have strong encryption protocols. They make use of proprietary encryption protocols. They are not tailored to specific devices, but are more of a blanket security measure, which lets people think their devices are safe enough to access different networks. However, with an increasing amount of IoT devices with WiFi connectivity, proprietary encryption weakens your security rather than beefing it up.
5. External WiFi Devices
This is not as common these days, but it is still one of the ways that WiFi enabled devices can pose a threat to your company’s security. It should go without saying that you should never give visitors or clients access to your company’s private network. In some cases, company’s might think that it is perfectly alright to allow external WiFi enabled devices to connect to their network, simply because they have encrypted their files and enabled sharing permissions. However, by allowing an external device to connect, your security protocols can easily be undone and your data transmissions within your network will no longer be private.
Ideally, the best way to combat this is to always make sure that your WiFi is not visible to external devices. This can be accomplished by masking your network’s SSID. Keep in mind that this is not the most robust solution, but it does help make your network less visible. If you need to give clients and guests Internet access, make sure you make use of a VPN or VLAN. This method works best when it is coupled with network practices such as encryption and the implementation of security access policies.
In conclusion, I will directly address the question that we wanted to answer. Do WiFi enabled devices pose a risk to your company’s security? In most cases, they do. However, this does not mean that companies should not use WiFi devices. They exist for a reason, mostly because they enhance communication and make data transmission and reception much more convenient. It is important to make sure that your WiFi enabled devices are afforded as much security as possible. That will make certain that their flaws do not become the downfall of your company’s security. So, in summary, these devices do pose a threat, but it is a threat that can be mitigated if the appropriate defenses are implemented.
Editor’s Note: This blog article was written by an outside contributor – a guest blogger – for the purpose of offering a wider variety of content for our readers. However, the opinions and recommendations expressed in this guest blog are solely those of the contributor, and do not necessarily reflect those of The Security Awareness Company, LLC. If you are interested in writing something for us, please do not hesitate to contact us: firstname.lastname@example.org.