NSA Warning - Avoid Public Wi-Fi

Uploaded on 2021-08-25 in TECHNOLOGY--Resilience, INTELLIGENCE--USA, FREE TO VIEW

The US National Security Agency (NSA) has warned of the risks of using public Wi-Fi and is offering advice to security teams looking for best practices to protect corporate networks and personal devices. These  recommendations offer system administrators fundamental advice to protect home workers, along with remote and mobile workforces. 

The guidance, which is intended for National Security System, Defense Department, and defense industrial base usersexplains how to identify vulnerable connections and protect common wireless technologies when working on public networks. The first best practice, according to NSA, is to simply avoid connecting to public Wi-Fi at all. 

Instead, it’s best to connect using personal or corporately-owned hotspots, just not open Wi-Fi hotspots. Hotspots should feature strong authentication and encryption, too, according to the guidance.  “Telework has become an essential component of business, and many people are teleworking from home or during travel. While the owners of home networks can take steps to secure those networks, it can be difficult to ensure public networks are secure.

“Protecting personal and corporate data is essential at all times, but especially when teleworking in public settings....  to ensure data, devices, and login credentials remain secure and uncompromised, cyber security is a crucial priority for users and businesses.... This includes identifying higher-risk public networks and implementing security best practices while in public settings, whether connecting laptops, tablets, mobile phones, wearable accessories, or other devices with the ability to connect to the Internet. says the NSA.

Accessing public Wi-Fi hotspots may be convenient, but according to the NSA advice public Wi-Fi is often not configured securely. But when it can’t be avoided, work on a public Wi-Fi network should be conducted over a corporate-provided virtual private network, or VPN.

Using a VPN allows communications to be encrypted, meaning that data going across public Wi-Fi will be less vulnerable. Remote users are also advised to use Hypertext Transfer Protocol Secure - https:// - websites whenever possible.

According to the NSA guidance:

  • Laptop users should turn off the device file and printer sharing features on public networks.
  • Users should avoid entering confidential passwords, conduct sensitive conversations.
  • Never accessing personal data like bank and medical information. 
  • Online shopping and other financial transactions should be avoided.
  • Leaving devices unattended in public settings is also a bad idea. 
  • Devices should be updated with the latest patches and secured through multi-factor authentication whenever possible. 

NSA Also  Points Out The Risks Of Using Bluetooth

  • Malicious actors can find active Bluetooth signals and potentially gain access to information about devices it finds in its scans. That information can then be used to compromise a device.
  • The agency advises users to disable Bluetooth and make sure it’s not discoverable in public settings due to this and other cyber risks.
  • Users should never accept Bluetooth pairing attempts they didn’t initiate. 
  • Turn off any device-to-device data transfers, like the kind that allow for contactless payment. 

The NSA say it’s best to disable Bluetooth not in use just in case and says users should also make sure not to bring a device near other unknown electronic devices because it might trigger automatic communication and never to use it to communicate passwords or sensitive data.

Defense.gov      DefenseOne:    NextGov:     Threatpost:      Enterprise Times:       :

You Might Also Read: 

Why You Should Never Use A Free Proxy:

 

« An AI Can File A Patent Application
Detecting & Mitigating Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TenIntelligence

TenIntelligence

TenIntelligence provides due diligence, brand protection and fraud investigation services including digital forensics.

Berkman Klein Center for Internet & Society

Berkman Klein Center for Internet & Society

The Berkman Klein Center for Internet & Society is a research center at Harvard University that focuses on the study of cyberspace.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

OneSpan

OneSpan

OneSpan (formerly Vasco Data Security) is a global leader in digital identity security, transaction security and business productivity.

LightEdge Solutions

LightEdge Solutions

LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected.

Strategic Cyber Ventures (SCV)

Strategic Cyber Ventures (SCV)

SCV grow cybersecurity companies that disrupt advanced cyber adversaries and revolutionize the cyber product marketplace.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

National CyberWatch Center - USA

National CyberWatch Center - USA

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

McCrary Institute - Auburn University

McCrary Institute - Auburn University

The McCrary Institute seeks practical solutions to real-world problems in the areas of cyber and critical infrastructure security.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

Acumera

Acumera

Acumera is a leader in managed network security, visibility and automation services.

Token

Token

Token is changing the way our customers secure their organizations by providing passwordless, biometric, multifactor authentication.