[This post is the thirteenth in a series. The original post can be found here.]
At home, coffee shops, restaurants, hotels, conference centers, airport terminals and many other locations, many of us use wireless and Bluetooth for our smartphones, tablets and even our computers without a second thought. While very convenient, anyone using wireless and Bluetooth should know that they are fraught with serious security issues. Unless you lock down your wireless network and devices, someone sitting in a car across from your office or home could easily find and connect to them. Hackers known as “wardrivers” actually cruise around looking for networks they can hack into. There are even websites that list “open” networks by street address.
Hardening your wireless networks
Use wireless with caution, and only after you enable all possible security features on your wireless routers and devices. The hub of your wireless network is a router. It connects to your Internet service provider through a telephone line or other wired connection. Anyone connecting to your wireless network through your router can likely connect to the web and quite possibly access other devices on your network.
Completing these steps will make it much harder for strangers to connect to your wireless network:
- Use WPA or WPA2 (WPA2 is better) or 802.1x wireless encryption. WEP encryption is found on older devices and it is recommended that you not use it as it can easily be cracked;
- Turn off SSID broadcasting;
- Disable guest networks;
- Turn on MAC filtering;
- Change default router name and password; and
- Disable remote administration.
More detailed directions for completing these steps can be found on the practicePRO website in the “How to enable the security settings on a wireless router” checklist.
Bluetooth technology makes it easy for keyboards, headsets and other peripherals to connect to smartphones, tablets and computers wirelessly. Although security is available for Bluetooth, many vendors ship Bluetooth devices in Mode 1 (discovery/visible-to-all mode) to make it much easier for people using the devices to connect to them. In this mode they will respond to all connection requests.
This introduces a number of vulnerabilities, including making information on the device more accessible to hackers and making the device more vulnerable to malware installation.
To make your Bluetooth devices more secure, you should do the following:
- Configure devices so that the user has to approve any connection request;
- Turn off Bluetooth when not in use;
- Do not operate Bluetooth devices in Mode 1 and ensure discovery mode is enabled only when necessary to pair trusted devices;
- Pair trusted devices in safe environments out of the reach of potentially malicious people;
- Minimize the range of devices to the shortest reasonable distance;
- Educate your staff about how to safely use Bluetooth devices; and
- Consider installing antivirus and personal firewall software on each Bluetooth device.
Be extremely cautious with public Wi-Fi
Public Wi-Fi has become ubiquitous and a lot of people use it without a second thought. Unfortunately, there are major security issues with it. If you connect to a Wi-Fi network without giving a password, you are on an unsecured and unencrypted connection. On an unencrypted or “open” wireless network, anyone in your proximity can intercept your data and see where you are surfing (except if you are on an https website). Using an unencrypted connection to check the news or a flight status might be acceptable, but keep in mind that performing other activities is akin to using your speakerphone in the middle of a crowd.
Even worse, hackers will create fake Wi-Fi hotspots in public places to trick unwitting Wi-Fi users. “Free Starbucks Wi-Fi” may not be the legitimate Starbucks network. Connecting to a fake network puts your data in the hands of a hacker.
And don’t equate subscription (paid-for) Wi-Fi Internet with secure browsing. It may be no more secure than open Wi-Fi. To be avoid these dangers, it is best avoid using public Wi-Fi hotspots altogether. Get a device that has mobile cellular capability, tether to your smartphone, or use a mobile Wi-Fi hotspot. This is a small Wi-Fi router you carry around that has mobile cellular functionality. It gives you a personal and private Wi-Fi cloud you can configure to securely connect your other devices to.
If you are going to use public Wi-Fi, here are some steps you can take to connect your device as securely as possible:
- If your firm has a Virtual Private Network or VPN, use it. This will encrypt your data and make it harder for it to be intercepted.
- Never connect without using a password (this means you are on an unencrypted network) and avoid using Wi-Fi that uses WEP encryption as it can easily be cracked. Use networks that have WPA, WPA2 (WPA2 is better) or 802.1x wireless encryption.
Enable the firewall and run updated antivirus software on your device.
- Turn file, printer and other device sharing off.
- Disable auto-connecting so network connections always happen with your express permission.
- Confirm the network name in your location before you connect (i.e., avoid the Starbucks imposter).
- Use sites that have “https” in the address bar as they will encrypt data traffic. “http” sites transfer data in plain text and should be avoided as a hacker can easily read the data transmissions. You could use browser extensions or plugins to create https connections on
- Follow the best practices for safe and secure passwords
By taking these steps you can reduce your Wi-Fi risks, but you should save sensitive tasks like online banking for when you are on a network you know is safe and secure.
Dan Pinnington is the Vice President of Claims Prevention at practicePRO. This article first appeared in the December 2013 issue of LawPro magazine. Reprinted with permission. For more cyber safety tips, visit www.lawpro.ca.