NSA Warning - Avoid Public Wi-Fi

The US National Security Agency (NSA) has warned of the risks of using public Wi-Fi and is offering advice to security teams looking for best practices to protect corporate networks and personal devices. These  recommendations offer system administrators fundamental advice to protect home workers, along with remote and mobile workforces. 

The guidance, which is intended for National Security System, Defense Department, and defense industrial base usersexplains how to identify vulnerable connections and protect common wireless technologies when working on public networks. The first best practice, according to NSA, is to simply avoid connecting to public Wi-Fi at all. 

Instead, it’s best to connect using personal or corporately-owned hotspots, just not open Wi-Fi hotspots. Hotspots should feature strong authentication and encryption, too, according to the guidance.  “Telework has become an essential component of business, and many people are teleworking from home or during travel. While the owners of home networks can take steps to secure those networks, it can be difficult to ensure public networks are secure.

“Protecting personal and corporate data is essential at all times, but especially when teleworking in public settings....  to ensure data, devices, and login credentials remain secure and uncompromised, cyber security is a crucial priority for users and businesses.... This includes identifying higher-risk public networks and implementing security best practices while in public settings, whether connecting laptops, tablets, mobile phones, wearable accessories, or other devices with the ability to connect to the Internet. says the NSA.

Accessing public Wi-Fi hotspots may be convenient, but according to the NSA advice public Wi-Fi is often not configured securely. But when it can’t be avoided, work on a public Wi-Fi network should be conducted over a corporate-provided virtual private network, or VPN.

Using a VPN allows communications to be encrypted, meaning that data going across public Wi-Fi will be less vulnerable. Remote users are also advised to use Hypertext Transfer Protocol Secure - https:// - websites whenever possible.

According to the NSA guidance:

  • Laptop users should turn off the device file and printer sharing features on public networks.
  • Users should avoid entering confidential passwords, conduct sensitive conversations.
  • Never accessing personal data like bank and medical information. 
  • Online shopping and other financial transactions should be avoided.
  • Leaving devices unattended in public settings is also a bad idea. 
  • Devices should be updated with the latest patches and secured through multi-factor authentication whenever possible. 

NSA Also  Points Out The Risks Of Using Bluetooth

  • Malicious actors can find active Bluetooth signals and potentially gain access to information about devices it finds in its scans. That information can then be used to compromise a device.
  • The agency advises users to disable Bluetooth and make sure it’s not discoverable in public settings due to this and other cyber risks.
  • Users should never accept Bluetooth pairing attempts they didn’t initiate. 
  • Turn off any device-to-device data transfers, like the kind that allow for contactless payment. 

The NSA say it’s best to disable Bluetooth not in use just in case and says users should also make sure not to bring a device near other unknown electronic devices because it might trigger automatic communication and never to use it to communicate passwords or sensitive data.

Defense.gov      DefenseOne:    NextGov:     Threatpost:      Enterprise Times:       :

You Might Also Read: 

Why You Should Never Use A Free Proxy:

 

« An AI Can File A Patent Application
Detecting & Mitigating Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

infySEC

infySEC

InfySEC is an information security services organization offering Security Technology services, Security Consulting, Security Training, Research & Development.

Dice

Dice

Dice is a leading recruitment platform, helping technology professionals manage their careers and employers connect with highly skilled tech talent in specialist areas including cybersecurity.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

Coretelligent

Coretelligent

Coretelligent is a leading providers of Managed and Co-Managed IT, cybersecurity and private cloud services.

The IoT Academy

The IoT Academy

The IoT Academy is a reputed Ed-Tech Institute that provides training in emerging technologies such as embedded systems, the Internet of Things (IoT), Data Science and many more.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

ProArch

ProArch

ProArch is a global team of multidisciplinary experts in cloud, infrastructure, data analytics, cybersecurity, compliance, and software development.

inSOC

inSOC

inSOC is an enterprise-grade AI-driven SOCaaS solution detecting breaches 24/7 with vulnerability management built-in. Designed for MSPs and MSSPs.

Google Safety Engineering Center (GSEC)

Google Safety Engineering Center (GSEC)

GSEC Málaga is an international cybersecurity hub where Google experts work to understand the cyber threat landscape and to create tools that keep users around the world safer online.

Securaa

Securaa

Securaa is a comprehensive No Code Security Automation Platform. Smarter Security with Clarity and Control.

Patero

Patero

Patero provides cybersecurity technology solutions that make your data indecipherable with quantum-safe encryption.