NSA Warning - Avoid Public Wi-Fi

Uploaded on 2021-08-25 in TECHNOLOGY--Resilience, INTELLIGENCE--USA, FREE TO VIEW

The US National Security Agency (NSA) has warned of the risks of using public Wi-Fi and is offering advice to security teams looking for best practices to protect corporate networks and personal devices. These  recommendations offer system administrators fundamental advice to protect home workers, along with remote and mobile workforces. 

The guidance, which is intended for National Security System, Defense Department, and defense industrial base usersexplains how to identify vulnerable connections and protect common wireless technologies when working on public networks. The first best practice, according to NSA, is to simply avoid connecting to public Wi-Fi at all. 

Instead, it’s best to connect using personal or corporately-owned hotspots, just not open Wi-Fi hotspots. Hotspots should feature strong authentication and encryption, too, according to the guidance.  “Telework has become an essential component of business, and many people are teleworking from home or during travel. While the owners of home networks can take steps to secure those networks, it can be difficult to ensure public networks are secure.

“Protecting personal and corporate data is essential at all times, but especially when teleworking in public settings....  to ensure data, devices, and login credentials remain secure and uncompromised, cyber security is a crucial priority for users and businesses.... This includes identifying higher-risk public networks and implementing security best practices while in public settings, whether connecting laptops, tablets, mobile phones, wearable accessories, or other devices with the ability to connect to the Internet. says the NSA.

Accessing public Wi-Fi hotspots may be convenient, but according to the NSA advice public Wi-Fi is often not configured securely. But when it can’t be avoided, work on a public Wi-Fi network should be conducted over a corporate-provided virtual private network, or VPN.

Using a VPN allows communications to be encrypted, meaning that data going across public Wi-Fi will be less vulnerable. Remote users are also advised to use Hypertext Transfer Protocol Secure - https:// - websites whenever possible.

According to the NSA guidance:

  • Laptop users should turn off the device file and printer sharing features on public networks.
  • Users should avoid entering confidential passwords, conduct sensitive conversations.
  • Never accessing personal data like bank and medical information. 
  • Online shopping and other financial transactions should be avoided.
  • Leaving devices unattended in public settings is also a bad idea. 
  • Devices should be updated with the latest patches and secured through multi-factor authentication whenever possible. 

NSA Also  Points Out The Risks Of Using Bluetooth

  • Malicious actors can find active Bluetooth signals and potentially gain access to information about devices it finds in its scans. That information can then be used to compromise a device.
  • The agency advises users to disable Bluetooth and make sure it’s not discoverable in public settings due to this and other cyber risks.
  • Users should never accept Bluetooth pairing attempts they didn’t initiate. 
  • Turn off any device-to-device data transfers, like the kind that allow for contactless payment. 

The NSA say it’s best to disable Bluetooth not in use just in case and says users should also make sure not to bring a device near other unknown electronic devices because it might trigger automatic communication and never to use it to communicate passwords or sensitive data.

Defense.gov      DefenseOne:    NextGov:     Threatpost:      Enterprise Times:       :

You Might Also Read: 

Why You Should Never Use A Free Proxy:

 

« An AI Can File A Patent Application
Detecting & Mitigating Cyber Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

RCMP Cybercrime Strategy

RCMP Cybercrime Strategy

The RCMP Cybercrime Strategy sets out in an Operational Framework and Action Plan to combat cybercrime.

Cipher Security

Cipher Security

Cipher Security provides unique robustness tests and penetration tests, as well as customizable development services for vendors and providers.

PhishLine

PhishLine

PhishLine helps Information Security Professionals meet and overcome the increasing challenges associated with social engineering and phishing.

Beame.io

Beame.io

Beame.io is an information security company that distributes open source authentication infrastructure based on encryption.

Nexthink

Nexthink

Using our solution, hundreds of IT departments effectively balance offering a productive and enjoyable end-user experience with making the right decisions to secure and transform the digital workplace

X-Ways Software Technology

X-Ways Software Technology

X-Ways provide software for computer forensics, electronic discovery, data recovery, low-level data processing, and IT security.

Udacity

Udacity

Udacity's mission is to train the world’s workforce in the careers of the future. Our programs range from beginner to expert levels and deliver the hands-on skills for real-world expertise.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

BOXX Insurance

BOXX Insurance

BOXX Insurance Inc. is a new type of insurance company for a new type of risk. Cyberboxx is the first fully-integrated cybersecurity and insurance solution for small-to-medium-sized businesses.

Core to Cloud

Core to Cloud

Core to Cloud provide consultancy and technical support for the planning and implementation of sustainable security strategies.

Wib

Wib

Wib is an API security leader. We are the only company providing a solution for the entire API development lifecycle.

First Focus

First Focus

First Focus is a managed service provider for medium-sized organisations.

CypherEye

CypherEye

CypherEye is a next generation trust platform that advances the current state of Multi-factor Authentication (MFA) to enable highly secure, private and auditable cyber-transactions.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

Vantyr

Vantyr

Vantyr's core mission is to safeguard the business-led adoption of SaaS applications by automating the lifecycle management and security of non-human identities.

A&O Shearman

A&O Shearman

A&O Shearman is a law firm at the forefront of the forces changing the current of global business: energy transition, life sciences, technology, private capital, finance and beyond.