Is Your Wireless Network Secure?

A wireless network is a ubiquitous commodity to any organization. In that case, it should go without saying that security measures are in place with the latest wireless tools.

If only that were the case.

Close to 50% of IT leaders say their wireless components embody the weakest security link of their entire technology portfolios; furthermore, over 90% of CIOs are equally concerned about their wireless security. So, what needs to be secured, and what can your company do to make sure their wireless network is as secure as possible?

Let’s look at the big picture – enterprises can provide wireless access to their clients via a cloud network, and many enterprises allow employees to access the network via wireless devices. If an enterprise works with third party vendors, both the enterprise and vendor networks would be able to communicate wirelessly as well. There are obviously other wireless entry points to be considered, but these are just examples of what will need to be protected when incoming and outgoing traffic is involved. Case and point: if Target or Home Depot had the appropriate plan in place to secure their wireless network and virtual environments as a whole, they most likely could have sidestepped a lot of unnecessary trouble.

Now that you have a few ideas of where to secure your network and infrastructure, the next step is the “how”; or rather, as an enterprise working within the cloud – as 72% of you are – learning about the following ways to best protect your wireless networks as described below.

Firewalls: By establishing a connection between a trustworthy source (your network) and an untrustworthy source (the Internet, for example), a firewall will monitor incoming and outgoing traffic based on a pre-determined set of rules. The caveat to utilizing firewalls is that additional measures must be taken in order to protect your network, since a firewall isn’t able to quickly mold to each and every new attack it encounters.

Authentication: Looking beyond the current, buzzy nature of multi-factor authentication, there is absolutely something to be said for having it as a mandatory part of your cybersecurity plan. Don’t make it easier for hackers to barge through your network with just a username and password; confirm identities as much as possible through SMS, MMS, and other avenues.

IPS: An extension of Intrusion Detection Systems, an IPS will not only detect a potential attack, but also log the record and prevent and protect the network accordingly.

Having a candid conversation with an MSS/MSSP about best practices for securing your company’s wireless networks is vital to both long and short-term growth potential. Imagine if you had to take time out of every single day to deal with one cybersecurity scare or another on your wireless network – that would definitely scare potential new clientele or additional business! Lock down your wireless network protection options and put them into play as soon as possible so you and your organization can get moving on what really matters.

Data Breach Affects 68 Million Dropbox Users

Another day, another data breach – this time Dropbox, popular cloud storage behemoth, announced that over 68 Million user email addresses and passwords were dumped on the Internet. What’s interesting is that the information is from a previous attack in 2012 at which time Dropbox reported that only email addresses had been stolen. Whether they did not know the passwords had been compromised or just didn’t disclose remains to be seen.

The data breach experienced by Dropbox is connected to two previous attacks, one on their own site in 2012 and another on LinkedIn that was spoken about at length on this site. As mentioned previously, the 2012 attack was thought to have only contained email addresses – instead, this most recent attack shows that not only did it include stolen passwords, but that trove of information was the release that occurred this week. Now, the way that the attackers were able to get in is rather interesting. It didn’t involve a unique cyber attack, physical connection or anything of the sort. The only thing they needed was an employee’s password, which was the same they happened to use at Dropbox and LinkedIn. Remember the data breach that occurred at LinkedIn receently? Exactly – they were able to use the same password, enter the site under the employee’s information and take whatever they wanted at their leisure within the user database.

So, how is Dropbox handling the situation? Beside urging users to change passwords if they haven’t done so (use these stories as incentive), Dropbox is taking steps to ensure that a future data breach is less likely to occur. The company’s security standing was, and is, strong – passwords were encrypted and they were in the process of upgrading the encryption from SHA1 to a stronger standard called bcrypt. This data breach just goes to show that even the stronger of the technology companies are sensitive to cyber attacks. Stronger protection on the user and business end is key – that includes strong, unique passwords, and multi-factor authentication; unfortunately Dropbox failed to heed the everyman’s warning that passwords should never be reused.