The days of being tethered to a phone cord to be able to access the internet or tap into a company network are long gone.
The advent of WiFi, the popular technology which allows electronic devices to exchange data wirelessly via radio waves, is having hotspots sprouting up everywhere, making it easier than ever before for people to stay connected on the go.
With many companies allowing employees to bring their own WiFi-enabled devices to work (a phenomenon referred BYOD), WiFi is rapidly invading the workplace too.
According to the WiFi Alliance, one in every 10 people around the world is already using WiFi at home and at work and it is set to become even more pervasive as WiFi adoption continues to grow and WiFi capability becomes a standard feature on many devices.
In late 2012, computer networking corporation Cisco released its Internet Business Solutions Group (IBSG) report, which covers WiFi and how consumers are using it. In the report, Cisco predicts that mobile data traffic will increase 18-fold from 2011 to 2016.
A major driving force behind this growth is the fact that most people are using their mobile devices to connect to the web via WiFi, since they consider it to be more cost effective than other connectivity methods.
“While WiFi is affordable, easy to install and allows users to be more flexible, it poses new security challenges too,” says Jayson O’Reilly, director: Sales and Innovation at security solutions provider DRS.
“Wireless local area networks (LANs) face the same security challenges as their wired counterparts, or even more, since you have to secure data that travels the airwaves. A new breed of hackers is taking advantage of WiFi to exploit vulnerabilities.”
One of those potential vulnerabilities that are being taken advantage of is an intrinsic part of WiFi’s architecture.
“Whenever a wireless access point or gateway is set up, it creates something called a service set identifier (SSID). This is identifying information which allows computers and devices to find the particular WiFi network and connect to it,” O’Reilly explains.
“The problem is that, since WiFi doesn’t require any cords between a device and an internet connection, attackers who are within range will be able to intercept an unprotected connection or, in the event that it is secure, hack into it.”
Some of the wireless threats to small businesses include methods with nicknames such as “the evil twin” and “the promiscuous client”.
“Despite these humorous names, these threats are really serious and can have dire consequences for your business, putting your precious enterprise data in the hands of people with malicious intent, or even into the hands of your competitors,” says O’Reilly.
The evil twin, also known as WiPhishing, is a rogue access point that replicates the name of your secure network or of a hotspot. If the user mistakenly signs into it, it captures their network data or attacks the computer. The promiscuous client is very similar. It exploits the tendency of WiFi-enabled devices with 802.11 wireless cards to look for the strongest signal by creating an irresistibly strong signal.
WiFi isn’t exempt from viruses either.
“In fact, the MVW-WiFi worm is specifically designed to target wireless devices,” O’Reilly says. “It gains access to laptops via wireless networks, then forwards itself to adjacent wireless networks, and so on. Alarmingly enough, several surveys reveal that nearly two –thirds of wireless users admit to using an unsecured network, which makes it really easy for hackers to get in there.”
When an organisation’s network is left exposed due to insecure wireless LAN devices, it means more than just the financial implications of having your organisation’s network compromised and rendering a company’s investment in IT useless.
“A breach can adversely impact your company’s reputation, and it can potentially also impact the company’s proprietary and regulatory information, which can have dire legal ramifications,” O’Reilly warns.
O’Reilly says there is a way to guard against wireless threats and to ensure that your company continues to comply with regulations.
“A really comprehensive wireless monitoring system will provide complete protection against wireless threats, policy compliance monitoring, robust performance monitoring, and location tracking.”