July 25, 2023
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
Beware of public wifi
It's full-on summer vacation time and lots of folks are traveling these days, so it seems like a good time to remind people of the dangers of public wifi. I read a great post on the subject on LinkedIn this week from Kevin Parker, an FBI Special Agent who specializes in data privacy and security. He gave me permission to quote some of it here:
Whether it's at a coffee shop, airport, or shopping mall, our devices continuously search for available Wi-Fi networks through what is known as "Wi-Fi Probe Requests." While this feature enhances our connectivity, it also comes with privacy risks that we all need to be aware of.
Wi-Fi Probe Requests are signals emitted by our devices (smartphones, laptops, etc.) to discover nearby Wi-Fi networks. These requests contain the unique MAC address of our devices and the names of previously connected networks. The requests serve as a way for devices to automatically connect to known networks, ensuring seamless connectivity in varied locations. Remember when you connected to the hotel Wi-Fi during your trip to New York? Your phone is still looking for that network.
The alarming fact is that these probe requests can be intercepted by malicious actors, such as cybercriminals and data harvesters. This information could potentially reveal a lot about us, including our movements, frequented locations, and the devices we use. Such data can be exploited for various nefarious purposes, ranging from targeted advertising to malicious Wi-Fi access points used to intercept your traffic.
How do you protect yourself?
- Disable Wi-Fi When Not in Use: Turn off your Wi-Fi when you're not actively connecting to a network. This minimizes the frequency of probe requests being sent out, reducing the chances of interception.
- Forget Known Networks: Regularly clear the list of known Wi-Fi networks on your devices. This way, your device won't automatically connect to networks with identifiable names.
- Disable auto-connect: Prevent your devices from automatically connecting to Wi-Fi networks, especially those you are unfamiliar with or can't verify.
- Update Device Software Regularly: Keep your devices' operating systems and apps up to date to ensure you have the latest security patches and improvements.
Thank you, Special Agent Parker! (If you are on LinkedIn, you should follow him. He posts a lot of good stuff.)
Free tools for cloud environments
CISA has released a new factsheet, Free Tools for Cloud Environments, " for the purpose of aiding businesses transitioning into a cloud environment in identifying the proper tools and techniques needed for data security and protecting critical assets."
Stay cyber safe this week!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺