Posted by Trevagh Stankard on Thu, Jan 27th, 2022
It’s not uncommon for organizations to have employees that travel to different locations whether it’s to visit customers or different offices, especially with the rise in remote working and remote working spaces. When these employees travel or work outside of the office network, they often connect to public Wi-Fi hotspots. Providing users with remote access to the corporate network can help improve employee productivity, but it introduces a high level of cybersecurity risk with a chance an attacker could also gain remote access. With the right security controls in place, an organization can reduce the risk of a user losing credentials to an attacker through phishing or social engineering.
Wi-Fi Hotspot Cybersecurity Risks
A user connecting to an organization’s internal network has a number of protections. First, the administrator uses access controls to define who and what can connect to the network. Users, devices, and other network resources are whitelisted. Any unknown devices are blocked. Second, users are monitored and controlled using permissions and authorization groups to ensure that they can only access data that they need to do their jobs.
With public Wi-Fi, the user connects to an unknown network with several other unknown users. Many public Wi-Fi hotspots have poor cybersecurity administration, and the network is not monitored in any way to catch suspicious traffic and hackers. Anyone can connect to a public Wi-Fi hotspot, and not only could they be malicious users but also could activity attack other users on the network.
Attackers on a public Wi-Fi network have numerous ways to steal data. The most common is a man-in-the-middle (MitM) attack. Using ARP poisoning, the attacker can trick the Wi-Fi gateway and the user’s computer to send traffic through the attacker’s device so that data can be intercepted and stored. Attackers can also use malicious hotspots tricking users into connecting to it so that data can be intercepted. Both of these methods are commonly used to steal data from a traveling employee and then use it for additional attacks on the corporate system.
After an attacker has information from a MitM attack or tricking users to connect to a malicious hotspot, the next opportunity is targeting users with high-level access to the corporate network’s data. This can be done using a targeted spear-phishing attack using email and other social engineering techniques. The organization does not expect the attack, because the attacker is able to review data at his own pace without the employee ever knowing that an attack is ongoing.
For users using weak passwords, even if that password is encrypted it will not take long before the attacker cracks your password. Users must create strong and complicated passwords. Passwords should never be repeated or contain public information such as date of birth, family members, social security numbers etc. By doing this, passwords will be harder to crack.
Security depends on the trust between devices on a network and when a user accidentally trusts a malicious party the network becomes compromised.
Sign up for a FREE Demo of WebTitan Cloud for Wifi to learn how it works to protect employees, guests and customers using public wifi.
Book Free Demo
Protecting Corporate Data from Phishing Attacks
Without knowing that an attack is ongoing, the organization is helpless against an attack. Eventually, the attacker could trick an internal user into sending network credentials that the attacker then uses to authenticate remotely. Using legitimate credentials, the attacker can browse the network without triggering any notifications or alerts. Organizations can stop these attacks even without knowing that they are ongoing by using email filters that harness the power of current cybersecurity protocols. Domain-based Message Authentication, Reporting and Conformance (DMARC) is an important technique for email that incorporates DNS and signing encryption.
Email Filter With DMARC
When an email server receives a message, it first checks to ensure that the sender’s IP address matches the IP set up on DNS servers for the sender’s organization. This DNS entry is set up by administrators to tell email servers that messages must be sent using specific IPs, or they should be considered a forgery. If the sender’s IP does not match, the message is either dropped or quarantined, depending on the DMARC rules set up by the email administrator.
The second DMARC technique uses signature encryption. Messages sent from a legitimate source have a signature included in the header. The signature is verified by the recipient’s email server verifies the signature to ensure that it has not been tampered with. If the message fails this check, DMARC cybersecurity will either quarantine the message or drop it depending on the administrator’s rules.
Should a user fall victim to any public Wi-Fi attack, email filters with DMARC cybersecurity will protect the organization from data disclosure and breaches. An attacker can spoof email messages, but they will be dropped or quarantined at the recipient’s email server. By quarantining them, the administrator can review the content of a message and determine if it should be sent to the recipient’s inbox. Reviewing these messages lets the administrator know that the organization could be the target of a phishing attack.
Using email cybersecurity solutions organizations can stop phishing and social engineering attacks that stem from public Wi-Fi. Although you can’t protect users from making mistakes on public Wi-Fi, you can stop attackers who using phishing after gaining access to data from MitM attacks.
Learn more about SpamTitan Plus - leading AI anti-phishing solution
Off-network DNS Filtering
Organisations must introduce a cybersecurity solution to protect their company data, regardless of whether the users are on or off the secure network. WebTitan Cloud offers a remote roaming agent to protect users and the company data from malicious content and malicious websites. WebTitan protects organisations by enforcing web content filtering policies when users are off-network.
WebTitan Cloud has been used by MSPs, SMBs and school & colleges all around the world due to lockdowns and the sudden change to remote working and learning.
If you’d like to evaluate the benefits of WebTitan DNS filtering software in your own environment, Book a Free Demo. Our team of experienced engineers will answer any questions you have about DNS filtering software and guide you through the process of setting up a 14-day free trial.
Once you're registered, we will walk you through the process of redirecting your DNS to receive our service. There are no credit cards required to trial WebTitan, no contracts to sign and no commitment from you to continue with our DNS filtering software once the trial period is over. Book WebTitan Demo Today.