It’s not uncommon for organizations to have employees that travel to different locations whether it’s to visit customers or different offices. When these employees travel, they often connect to public Wi-Fi hotspots. Providing users with remote access to the corporate network can help improve employee productivity, but it introduces a high level of cybersecurity risk with a chance an attacker could also gain remote access. With the right security controls in place, an organization can reduce the risk of a user losing credentials to an attacker through phishing or social engineering.
A user connecting to an organization’s internal network has a number of protections. First, the administrator uses access controls to define who and what can connect to the network. Users, devices, and other network resources are whitelisted. Any unknown devices are blocked. Second, users are monitored and controlled using permissions and authorization groups to ensure that they can only access data that they need to do their jobs.
With public Wi-Fi, the user connects to an unknown network with several other unknown users. Many public Wi-Fi hotspots have poor cybersecurity administration, and the network is not monitored in any way to catch suspicious traffic and hackers. Anyone can connect to a public Wi-Fi hotspot, and not only could they be malicious users but also could activity attack other users on the network.
Attackers on a public Wi-Fi network have numerous ways to steal data. The most common in a man-in-the-middle (MitM) attack. Using ARP poisoning, the attacker can trick the Wi-Fi gateway and the user’s computer to send traffic through the attacker’s device so that data can be intercepted and stored. Attackers can also use malicious hotspots tricking users into connecting to it so that data can be intercepted. Both of these methods are commonly used to steal data from a traveling employee and then use it for additional attacks on the corporate system.
After an attacker has information from a MitM attack or tricking users to connect to a malicious hotspot, the next opportunity is targeting users with high-level access to the corporate network’s data. This can be done using a targeted spear-phishing attack using email and other social engineering techniques. The organization does not expect the attack, because the attacker is able to review data at his own pace without the employee ever knowing that an attack is ongoing.
For users using weak passwords, even if that password is encrypted it will not take long before the attacker cracks your password. Learn how to create a strong password this will make them harder to crack. Security depends on the trust between devices on a network and when a user accidentally trusts a malicious party the network becomes compromised.
Without knowing that an attack is ongoing, the organization is helpless against an attack. Eventually, the attacker could trick an internal user into sending network credentials that the attacker then uses to authenticate remotely. Using legitimate credentials, the attacker can browse the network without triggering any notifications or alerts. Organizations can stop these attacks even without knowing that they are ongoing by using email filters that harness the power of current cybersecurity protocols. Domain-based Message Authentication, Reporting and Conformance (DMARC) is the latest cybersecurity technique for email that incorporates DNS and signing encryption.
When an email server receives a message, it first checks to ensure that the sender’s IP address matches the IP set up on DNS servers for the sender’s organization. This DNS entry is set up by administrators to tell email servers that messages must be sent using specific IPs, or they should be considered a forgery. If the sender’s IP does not match, the message is either dropped or quarantined, depending on the DMARC rules set up by the email administrator.
The second DMARC technique uses signature encryption. Messages sent from a legitimate source have a signature included in the header. The signature is verified by the recipient’s email server verifies the signature to ensure that it has not been tampered with. If the message fails this check, DMARC cybersecurity will either quarantine the message or drop it depending on the administrator’s rules.
Should a user fall victim to any public Wi-Fi attack, email filters with DMARC cybersecurity will protect the organization from data disclosure and breaches. An attacker can spoof email messages, but they will be dropped or quarantined at the recipient’s email server. By quarantining them, the administrator can review the content of a message and determine if it should be sent to the recipient’s inbox. Reviewing these messages lets the administrator know that the organization could be the target of a phishing attack.
Using email cybersecurity, organizations can stop phishing and social engineering attacks that stem from public Wi-Fi. Although you can’t protect users from making mistakes on public Wi-Fi, you can stop attackers who using phishing after gaining access to data from MitM attacks.
If you’d like to evaluate the benefits of WebTitan DNS filtering software in your own environment, contact us and ask for details of our free trial. Our team of experienced engineers will answer any questions you have about DNS Internet filtering software and guide you through the process of registering for your free trial.
Once you're registered, we will walk you through the process of redirecting your DNS to receive our service. There are no credit cards required to trial WebTitan, no contracts to sign and no commitment from you to continue with our DNS filtering software once the trial period is over. Simply call us today, and you could be adding an extra level of security to your organization´s web browsing activity within minutes.
Sign-up for email updates...