Private and public Wi-Fi networks have become critical parts of the technology infrastructure of many organizations, particularly with the rise of mobile device users in the workplace. Many people rely on these networks to access the Internet, leverage corporate applications and data, and collaborate with their colleagues—among other uses.
A key question and concern for management when it comes to the use of Wi-Fi is how secure are these networks? And with the advent of the Internet of Things (IoT) and the connectivity of countless devices, products, sensors, and other “things,” the security implications surrounding Wi-FI become even larger.
Based on recent research, concerns about Wi-Fi-related cyber security are justified. A report by IT platform Spiceworks reveals that recent Wi-Fi attacks are challenging IT professionals to keep corporate data secure.
Spiceworks surveyed 527 IT professionals in North America and Europe in December 2017, representing a variety of company sizes and industries, and the results show that respondents consider IoT devices the most vulnerable to Wi-Fi-based attacks. Yet 50% of organizations have IoT devices connected to their Wi-Fi network.
The findings indicate that although organizations are taking steps to increase Wi-Fi security, many IT professionals are not confident in their ability to keep corporate data secure on IoT devices.
Among IoT devices, 52% of IT professionals think IP-enabled controllers, such as smart lights and thermostats, are very to extremely vulnerable to Wi-Fi-based attacks. This is followed by IP-enabled appliances (49%), video equipment (42%), and electronic peripherals (40%). In addition, more than one third of the IT professionals think wearable devices and sensors are highly vulnerable.
Despite this, only 36% of the IT professionals are confident in their ability to respond to cyber attacks on IoT devices.
While the adoption of IoT devices is increasing in the workplace, many IT professionals are still wary of connecting these often un-patchable devices to corporate Wi-Fi networks, noted Peter Tsai, senior technology analyst at Spiceworks.
Making matters worse, Tsai said, the recent revelation of Wi-Fi exploits such as the WPA2 KRACK attack have called security mechanisms into question that were once assumed to be relatively secure. As a result, some organizations are delaying the adoption of IoT devices and holding out hope that the forthcoming WPA3 protocol might improve Wi-Fi security, he said.
The Spiceworks survey revealed the perceived Wi-Fi risks associated with traditional computing devices is much lower, particularly among Apple products. Only 19% of IT professionals think Apple laptops, tablets, and smartphones are very to extremely vulnerable to Wi-Fi based attacks. That compares with about 30% who think Windows and Android devices are very to extremely vulnerable.
How are organizations keeping their wireless devices secure? The results show that the majority of organizations use security protocols, provide a separate Wi-Fi network for guests, deploy strong passwords on networking devices, and use strong Service Set Identifier (SSID) network names.
Fewer organizations encrypt data on their wireless networks (17%) or use digital certificates for Wi-Fi authentication (12%), according to the report.
Although the vast majority of organizations provide employees with access to Wi-Fi in the office, the survey showed that employees in 61% of organizations connect company-owned devices to public Wi-Fi networks when working outside the office in hotels, airports, and other public places.
However, 92% of IT professionals have concerns about the security risks of using public Wi-Fi on company-owned devices, and only 55% are confident their organization’s data is adequately protected when employees connect to public Wi-Fi networks.
Indeed, 12% of organizations have experienced a security incident involving employees on public Wi-Fi, while about one third are not sure because incidents might have gone undetected or unreported. In addition, 63% of IT professionals are confident employees at their organization use a virtual private network (VPN) when connecting company-owned devices to public Wi-Fi.
To help employees avoid using public Wi-Fi altogether, nearly half of the organizations surveyed said they provide remote workers with mobile hotspot technology. But on average, only 13% of employees are remote, working outside of the office for a majority of their week. In other words, the report said, the results indicate that employees who occasionally use public Wi-Fi outside the office are often left unprotected.
The majority of IT professionals welcome any changes that might improve Wi-Fi security. In fact, in a recent Spiceworks poll, about half of IT professionals are confident the upcoming WPA3 protocol will make Wi-Fi networks more secure.