NSA Warning - Avoid Public Wi-Fi

Uploaded on 2021-08-25 in TECHNOLOGY--Resilience, INTELLIGENCE--USA, FREE TO VIEW

The US National Security Agency (NSA) has warned of the risks of using public Wi-Fi and is offering advice to security teams looking for best practices to protect corporate networks and personal devices. These  recommendations offer system administrators fundamental advice to protect home workers, along with remote and mobile workforces. 

The guidance, which is intended for National Security System, Defense Department, and defense industrial base usersexplains how to identify vulnerable connections and protect common wireless technologies when working on public networks. The first best practice, according to NSA, is to simply avoid connecting to public Wi-Fi at all. 

Instead, it’s best to connect using personal or corporately-owned hotspots, just not open Wi-Fi hotspots. Hotspots should feature strong authentication and encryption, too, according to the guidance.  “Telework has become an essential component of business, and many people are teleworking from home or during travel. While the owners of home networks can take steps to secure those networks, it can be difficult to ensure public networks are secure.

“Protecting personal and corporate data is essential at all times, but especially when teleworking in public settings....  to ensure data, devices, and login credentials remain secure and uncompromised, cyber security is a crucial priority for users and businesses.... This includes identifying higher-risk public networks and implementing security best practices while in public settings, whether connecting laptops, tablets, mobile phones, wearable accessories, or other devices with the ability to connect to the Internet. says the NSA.

Accessing public Wi-Fi hotspots may be convenient, but according to the NSA advice public Wi-Fi is often not configured securely. But when it can’t be avoided, work on a public Wi-Fi network should be conducted over a corporate-provided virtual private network, or VPN.

Using a VPN allows communications to be encrypted, meaning that data going across public Wi-Fi will be less vulnerable. Remote users are also advised to use Hypertext Transfer Protocol Secure - https:// - websites whenever possible.

According to the NSA guidance:

  • Laptop users should turn off the device file and printer sharing features on public networks.
  • Users should avoid entering confidential passwords, conduct sensitive conversations.
  • Never accessing personal data like bank and medical information. 
  • Online shopping and other financial transactions should be avoided.
  • Leaving devices unattended in public settings is also a bad idea. 
  • Devices should be updated with the latest patches and secured through multi-factor authentication whenever possible. 

NSA Also  Points Out The Risks Of Using Bluetooth

  • Malicious actors can find active Bluetooth signals and potentially gain access to information about devices it finds in its scans. That information can then be used to compromise a device.
  • The agency advises users to disable Bluetooth and make sure it’s not discoverable in public settings due to this and other cyber risks.
  • Users should never accept Bluetooth pairing attempts they didn’t initiate. 
  • Turn off any device-to-device data transfers, like the kind that allow for contactless payment. 

The NSA say it’s best to disable Bluetooth not in use just in case and says users should also make sure not to bring a device near other unknown electronic devices because it might trigger automatic communication and never to use it to communicate passwords or sensitive data.

Defense.gov      DefenseOne:    NextGov:     Threatpost:      Enterprise Times:       :

You Might Also Read: 

Why You Should Never Use A Free Proxy:

 

« An AI Can File A Patent Application
Detecting & Mitigating Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

Association of Information Security Professionals (AISP)

Association of Information Security Professionals (AISP)

The Association of Information Security Professionals (AISP) represents the interests of information security professionals in Singapore.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

Galois

Galois

Galois specializes in the research and development of new technologies that solve the most difficult problems in computer science.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

TechVets

TechVets

TechVets is a non-for-profit helping UK veterans and service leavers retrain into Cyber Security and Technology jobs.

Exire Technologies

Exire Technologies

Exire Technologies is comprised of a team of professionals who are specialised in cybersecurity and a value added reseller and integrator of ICT security systems.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

Akito

Akito

Akito was set up to become a point of reference in the ICT market for issues related to Security and in particular Cyber Security.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

Xact IT Solutions

Xact IT Solutions

Xact IT Solutions are a certified cybersecurity firm offering cybersecurity, compliance and managed services.

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.

Forward Networks

Forward Networks

Forward Networks - transforming networks to be more reliable, agile, and secure.

Scope AI

Scope AI

Scope AI is an innovative technology company specializing in quantum security and machine learning.