Three ways unsecured Wi-Fi can contribute to a data breach
Very recently, the Telecommunications Regulatory Authority (TRA) warned the population from the use of public Wi-Fi especially for official, work-related or sensitive data. It is obvious that there is a direct connection between unsecured network access and the increased risk for data compromise—commonly called a data breach.
We’re talking specifically about BYOD and guest devices, and failure to properly secure the way in which they connect to the network.
When people discuss BYOD security, often they focus only on encryption for wireless data over the air.
“As we will see, that’s an important element, but it’s not the whole story,” said Muetassem Raslan, Regional Sales Director for Ruckus Networks in the Middle East and Africa.
Lack of role-based network access for BYOD and guest users leaves the door open for data breaches
Raslan says that secure network access means access on a need-to-know basis.
Not every breach is the stuff of hoody-wearing cybercriminals hiding in the shadows. Many data breaches come from unintended disclosure.
“Well-meaning stakeholders sometimes make mistakes and disclose data improperly. The more people that have access to a given set of data, the more likely someone will make that kind of mistake. As much as we don’t like to think about it, stakeholders can also disclose sensitive data intentionally,” says Raslan
A sound data governance strategy requires that users should be able to access only those network resources appropriate to their role in the organization. Policy-based controls are a cornerstone of such a strategy, and if you don’t enable these controls, it leaves the door open to data compromise.
If you don’t have the means to define and manage policies to restrict access, the chance of a breach is greater.
Even within the organization, when someone not authorized to view certain data does so, that’s a breach.
“To pick a very specific example, call center employees should not have access to the server containing an Excel file with employee payroll data. Role-based policy capability for network access is essential, and lack of differentiated network access risks data compromise,” Raslan explains.
Failure to perform a security posture check for BYOD and guest users can lead to trouble, too
Says Raslan: “Most of us would agree that BYOD programs increase employee productivity. And visitors to most environments expect easy connectivity for their devices, just as employees do—whether the location is an office, public venue, school, college or most anywhere. That’s a lot of unmanaged devices accessing the network—either over wireless or via a wired connection. IT teams don’t control those devices the way they can for IT-owned devices, and if not managed properly this can also leave the door open to a data breach.
“Failure to perform an up-front security posture check before BYOD and guest devices connect is a risk area as well. Malware is one of the leading causes of data breaches—for example, keyloggers that capture every character typed into the keyboard of an infected device. You don’t want malware like that spreading into your environment. If you let an employee connect their BYOD laptop without checking that anti-malware has been installed, that’s a security hole that needs to be plugged. More than that, the malware signatures for that software need to be up to date. A security posture check during network onboarding can make sure that BYOD and guest devices employ basic security measures.
“Most tech-savvy users of mobile devices have a PIN enabled in their phone or tablet. But imagine what would happen if an employee connects their BYOD phone to the network, which thereby gains access to network resources housing confidential data. Suppose it’s a new phone and they don’t have a PIN enabled yet. Then someone steals the phone.
“The network does not know the thief isn’t the employee, and the device can still access those same network resources. This is where a lack of a security posture check leaves the door open to data compromise. A proper security posture check would have included remediation for that device—just require that employees have a PIN enabled before they can connect.”
Unencrypted wireless data traffic is another IT security hole
According to Raslan, unless you encrypt data traffic in transit between wireless access points and devices, prying eyes can view it using commercially available network analysis tools. (The same way anyone can spy on what you do over an open public Wi-Fi connection at the local coffee shop).
Of course, many websites are themselves encrypted these days. But often not all page components are encrypted, and users have no way of knowing which components those are. Mobile applications may or may not encrypt their data traffic. App developers have an incentive not to encrypt data traffic because encryption imposes overhead on the back-end systems that support their apps.
“In an enterprise environment, you might think anyone would be crazy not to encrypt wireless traffic over the air. But Message Authentication Code (MAC), one of the default methods for connecting devices—does not encrypt wireless data traffic. It’s also not unheard of for IT to provide one or more open SSIDs in some environments—if only for guest users—especially when the organization lacks a system for secure network onboarding. Whatever the circumstances, unencrypted data traffic is a risk area.”
BOXout: Incognito homecoming
Incognito Software Systems, a global provider of device and service management solutions for digital service providers, today announced that it has partnered with Immovate to offer solutions to service providers in the Middle East that accelerate digital home broadband services and deliver a high-quality customer experience. This partnership gives communication service providers in the region improved access to Incognito’s market-leading solutions, which optimize the management of residential services across fiber and fixed mobile technologies and extend digital transformation initiatives to the home network.
Home networks are becoming more complex, with 70% of technical issues experienced being related to home WiFi. This is driving the need for solutions that offer visibility into the home network, leverage automation to reduce operational costs, and can drive up customer satisfaction.