October 20, 2017 –
Earlier this week, security researchers announced a WPA2 security flaw. WPA2 is the main encryption used to secure the majority of Wi-Fi networks. This technology encrypts the connection between the wireless device (tablet, mobile phone, printer, etc.) and the wireless access point. Up until a few days ago it was thought to be a very secure encryption technology. This newly-discovered vulnerability, called KRACK could change all that. Android and Linux devices are particularly susceptible to the vulnerability.
How Will the WPA2 Security Flaw Affect Me?
This will primarily affect you if you are using public WiFi. We recommend that you avoid sending any secure, sensitive, or personally identifiable information over public WiFi at all times. However, with this vulnerability even password protected public WiFi is not any safer so avoid them if possible.
What Steps Can I Take?
- Only send sensitive and personally identifiable information when on your secured work network.
- Use a trusted Virtual Private Network (VPN) when connecting via WiFi. VPNs will encrypt your data and keep it protected from hackers.
- Set up a VPN on your smartphones and tablets too, not just your PC/laptop, to protect all of your web traffic.
- Only visit websites that are using HTTPS (Hyper Text Transfer Protocol Secure). You can confirm this by looking at the URL. It should start with “https://” versus the un-secured “https://” (without the “s”). Please note, while this can be manipulated and bypassed in certain circumstances by the KRACK vulnerability, it does help provide an extra layer of security.
- Watch for security updates from Microsoft, Apple, Google and others and apply them to your mobile devices.
- If you have Internet of Things devices (Amazon Echo, Google Home, connected thermostats, smart lights, etc.) check with your manufacturer for firmware updates.
- Check for firmware updates for your wireless access points and Internet routers.
For Current AccountabilIT Customers
If you are a current AccountabilIT managed services customer please rest assured we are updating your supported PCs, laptops and wireless network devices with the appropriate patches as soon as they become available. Most updates have already been applied.
How Can I Enhance my Data Security?
For more information on how to improve your data security please visit the data security section of our website. You can also download the “Data Security: Top 10 Ways to Protect Your Business” whitepaper.