The good folks over at Canadian Underwriter have written up a fantastic three part digest entitled Wireless Working; outlining wireless technologies and the various threats and defenses staff and owners should be aware of.
It’s a very worthwhile read.
Depending on the situation, a hacker with a WiFi device can listen in from a city block away. Some WiFi access points, which are essentially radio antennas that route traffic from wireless to wireline networks (Ethernet cable, for example), use no secure data encryption at all.
While the default settings and security tools available on consumer routers has increased over the years, they still assume that users of the technology will make good use of the built in tools. Unfortunately, it is all too common and easier to skip or bypass these precautions in an attempt to make it easier for people to get on the internet and working. Taking the time to keep these connections secure is a very necessary step in protecting your company and client data.
This is somewhat analogous to police departments using unencrypted radios to talk to each other. Just like a person with a police scanner can listen to police radio traffic, a hacker with a WiFi-equipped computer could in some instances send and receive information between other computers. For example, weak WiFi encryption is one reason why the parent company of Winners and HomeSense fell victim in 2005 to a data breach that compromised customer records.
…For example, when open access points are used, a knowledgeable hacker with his or her own WiFi-enabled computer could pretend that his or her computer is the WiFi access point to which a user is trying to gain access… Instead of logging into the corporate network, they are logging into the hacker’s machine, which has “spoofed” the correct network.
The conclusion here is to use a VPN connection when operating from an untrusted (any network you don’t own!) network. We couldn’t agree more.
Get all the details in this three part series here: