Wi-Fi. You know your customers can’t live without it. In fact, 92 percent of organizations provide Wi-Fi in the office, and 61 percent say mobile employees connect company-owned devices to public Wi-Fi networks, which is troubling. Here’s something downright disturbing, though: 50 percent of organizations are running Internet of Things (IoT) devices on their corporate wireless networks, according to Austin, Texas-based member community and tools vendor Spiceworks, which conducted the recent study Wi-Fi Security in the Workplace … and Beyond.
Disturbing because the IT professionals Spiceworks surveyed believe that often-unpatchable IoT devices—wearables, IP-enabled video equipment, appliances, thermometers, and sensors—are highly vulnerable to Wi-Fi based attacks. Worse yet, only 36 percent of IT professionals are confident they can respond to cyberattacks on IoT hardware, according to related Spiceworks research.
So what security measures are organizations taking to protect corporate data over wireless networks? While the majority (94 percent) are using standard Wi-Fi security protocols, hackers found weaknesses to exploit in one of those, WPA2, during last year’s KRACK attacks. Other, more effective, basic security measures include erecting a separate guest Wi-Fi network for visitors (77 percent) and enforcing strong admin passwords on wireless networking devices (75 percent).
Organizations have less control when employees are on the road, though. Just 55 percent of respondents are confident their organization’s data is adequately protected when employees use company-owned devices on public Wi-Fi, and only 63 percent are confident that employees use a VPN when connecting to public Wi-Fi.
“When employees leave the corporate firewall and network, there’s an element of fear,” says Spiceworks Senior Technology Analyst Peter Tsai. “They’re sending data through strange access points. Who knows who set up those Wi-Fi networks? Malicious access points could be sniffing data if it’s not encrypted.”
One countermeasure used by 45 percent of organizations is giving remote workers mobile hotspot technology, the research finds.
So will the upcoming WPA3 wireless protocol, slated for release this year, help alleviate organizations’ wireless worries? Tsai says it’s still unknown whether existing networking, computing, and IoT devices can be updated for WPA3 compliancy, or if all new hardware will be required.
Either situation is an opportunity for IT pros, though, he says. As trusted advisers, they can educate business decision makers in best security practices, particularly around use of VPN and mobile hotspots, and the vulnerabilities of connected IoT devices. They can also help ensure that devices get updated when possible. And, he says, “If they can convince customers that new devices that support WPA3 are much more secure and will help them accomplish their security goals, it’s an opportunity.”
Source: Spiceworks, Wi-Fi Security in the Workplace … and Beyond.
Opening Image: Pixabay