Wi-Fi Security Update: What You Need To Know About The Biggest Upgrade in 10 Years

Wi-Fi devices have been using the same security protocol for over a decade – until now. The Wi-Fi Alliance, which oversees Wi-Fi security, is beginning to certify  products that support WPA3, the successor to the WPA2 security protocol that’s been in use since 2004. The new WPA3 features will include better protection for weak passwords,  and will also simplify security configurations.  

Read on for more details about this security update, so you know what you need to do to ensure your Wi-Fi connections are secure. 

 

What is the Wi-Fi Alliance? 

Wi-Fi Alliance is the worldwide network of companies that brings you Wi-Fi; you can think of them as superheroes working to protect WiFi for the masses. 

Hundreds of companies from multiple industries collaborate within Wi-Fi Alliance, like Apple, Intel, and Microsoft. Wi-Fi Alliance defines innovative, standards-based Wi-Fi technologies and programs. It also certifies products that meet quality, performance, security, and capability standards and provides industry thought leadership.

There are now more Wi-Fi devices in use than there are people on Earth, and more than half the internet’s traffic traverses Wi-Fi networks. The Alliance works to connect everyone and everything, everywhere. 

 

Why Are They Making This Change? 

The need for a new security standard came earlier this year when researchers revealed details of a new exploit called KRACK. This exploit takes advantage of vulnerabilities in Wi-Fi security to let attackers eavesdrop on traffic between computers and wireless access points. The exploit, as first reported by Ars Technica, takes advantage of several key management vulnerabilities in the WPA2 security protocol, the popular authentication scheme used to protect personal and enterprise Wi-Fi networks. “If your device supports Wi-Fi, it is most likely affected,” say researchers. Yikes! 

Why is WPA3 Superior? 

 

WPA2 uses a four-way handshake that ensures the same password is being used by both clients and access points when they join a Wi-Fi network.  The updated WPA3 standard will use a new handshake, which won’t be vulnerable to attacks. WPA3 will also feature a 192-bit security suite aligned with the Commercial National Security Algorithm (CNSA) Suite that will protect the government, defense, and industrial networks that have higher security requirements. The new security features will be available later in 2018.

For those who work in coffee shops or co-working spaces and often use public Wi-Fi, WPA3 will also have individualized data encryption that will strengthen privacy in open networks. While there aren’t further details about that tool currently, it might refer to Opportunistic Wireless Encryption or encryption without authentication. 

Update Procedure  

 

Luckily, WPA2 — which is currently used by around 60 percent of access points — isn’t going away. WPA3 will eventually be mandatory, but in the meantime, the Wi-Fi Alliance will continue to update and maintain WPA2. 

 

What We Do 

It is important to stay updated on new cyber security protocols. We encourage all our clients to be early adopters in this area. Cyber Security is an area of your business that deserves extra focus and attention.

Because above all no one wants to be a victim of cyber crime – trust us. 

We consistently review the security of our clients’ Wi-Fi network, to ensure that it is up to date and functioning properly. This update will be beneficial to both Braver Technology and our clients. 

Please contact us for more information on your current Wi-Fi situation, and what updates may be available to you. 

 

Gone Phishing: Top 3 Spear-Phishing Attacks

Impersonations by hackers are increasingly more common, sophisticated and targeted. These hackers aim to uncover your personal information, your business information, and your financial information for their personal gain. Today, the methods that they use are more sophisticated than a typo-filled email from a strange web address or staticky phone call.  

Understanding the phishing methods that they use – and why they use them – can help you to protect yourself and your business. 

What is Spear-Phishing? 

Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, for malicious reasons. This is achieved by acquiring personal details of the victim. The attackers then disguise themselves as a trustworthy colleague or business partner to acquire sensitive information, typically through email or other online messaging. 

 

Spear-Phishing vs Phishing 

Spear-phishing can easily be confused with phishing because they are both online attacks on users that aim to acquire confidential information. 

Unlike spear-phishing attacks, phishing attacks are not personalized to their victims and are usually sent to masses of people at the same time. The goal of phishing attacks is to send a phony email (or other communication) that looks as if it is from an authentic organization to a large number of people, banking on the chances that someone will click on that link and provide their personal information or download malware. 

 

Spear-phishing attacks target a specific victim with personalized communications, designed to look like a message from a trusted source. These kinds of attacks require more thought and time to achieve than phishing. Spear-phishing attackers try to obtain as much personal information about their victims as possible to make the emails that they send look legitimate and to increase their chance of fooling recipients. Because of the personal level of these emails, it is more difficult to identify spear-phishing attacks than to identify phishing attacks. This is why spear-phishing attacks are becoming more prevalent. 

Top 3 Types of Spear-Phishing Attacks 

 1. Impersonating Your Boss 

Who wouldn’t respond to a request from their boss? many times, attackers don’t use complex tools or technology to try and trick you or your employees to wire money, send w2s, give up credentials, ect. They simply research both you and your employees/superiors by checking out social media accounts or your company’s “About” section. From there, they craft the perfect email (or string of emails) that looks like it’s legitimately from a trusted source. These messages typically do not contain malicious links or attachments, making them very difficult to detect with traditional email security solutions. 

 

2. Impersonating Popular Business App Services You Use Every Day 

Almost every business uses some sort of web-based application to help manage day-to-day workloads and tasks. Attackers are well aware of this and target trusted web services like Gmail or DocuSign as a way to lure unsuspecting victims. These attacks often try to get you to give up account credentials or click on malicious links. For example, you may receive an email informing you that you have unread messages, to reset your password, or to review or sign a document. From there, you’re taken to a fake website portal and accidentally give up your login information. These hackers will then use this to commit fraud or to launch a more targeted attack within your organization. 

 

3. Impersonating Your Office 365 Account 

Most businesses use Microsoft’s popular cloud productivity service; however, popularity can sometimes be a bad thing. There’s an inherent trust from users when they see an email directly from Office 365, and attackers are capitalizing on this trust. They craft emails that ask you to log into a seemingly “valid” web portal. From there, they can gain access to your account and proceed to send malicious emails to co-workers/employees. What do these particular emails usually contain? You guessed it – a message asking for more sensitive company information or money. Even though Microsoft Office 365 is still a relatively new tool, attackers recognize that it houses a rather large and growing user base, so they plan on taking full advantage. 

 

Please contact us to learn more about our cyber security initiatives and how we can help keep your business safe and secure. 

 

Don’t Let Your Law Firm Get Served With Cyber Attacks

Law firms are often entrusted with highly confidential data, which makes them prime targets for today’s cybercriminals. You may think that just because you’re a smaller, local law firm that a hacker will never single you out, but that is not the case. Hackers target law firms of all sizes for the sensitive information, customer data, and trade secrets that they hold. Protect your firm—and your clients’ information—from cyber threats with these cyber security steps and avoid compromising sensitive information and damaging your reputation.

 Knowledge Is Power

It is a common misconception that a hack could never happen to your firm, but at least 80 of the 100 biggest law firms in the country, by revenue, have been hacked since 2011. And the 2015 Legal Technology Survey Report from the American Bar Association found that 15 percent of firms have been the victims of a breach. Knowing that hacking is a real threat for your business is the first step to making proactive choices to protect your firm.

Utilize Security Experts

Firms should consult with outside security partners like Braver Technology who can help protect all entry points from a breach. Entry points include web applications, servers, and endpoints. It takes multiple pieces to complete the security puzzle of full protection that ensures solutions are in place to protect all possible entry points.

Protect Network and Communications Systems

Every attorney knows the importance of information sharing between client and counsel, so having a network that protects this information is essential.

Having partners who can secure your network and systems from outside attack is crucial. In addition to these partners, all employees should practice good cyber security hygiene by frequently changing passwords, utilizing different passwords for different systems, keeping the most sensitive information from the cloud, among others.

Develop a Response Program

 Even with the best protection in place, breaches can happen. Cybercriminals are constantly innovating new ways to infiltrate systems, so it’s important to have a security partner that evolves rapidly to meet these ever-changing demands. But, it’s just as crucial to have a plan to address an attack when it happens. Yet, when surveyed by the American Bar Association, 47 percent of attorneys said their firms have no plan in place should a breach occur. Notify your security partners if you suspect a breach has occurred immediately so they can begin to investigate and mitigate the problem. Then, take steps to minimize the amount of data that can be accessed. Lastly, prepare for how to communicate the breach to your clients and future prospects.

Cybercriminals are smart and getting smarter, but it is possible to thwart them as long as you have the right pieces in place. Don’t let criminals exploit weaknesses and unprotected entry points, to breach your network. Instead of letting criminals infiltrate your systems, have a strong defense and serve them with proper protection.

Please contact us to learn more about our cyber security initiatives and how we can help keep your business safe and secure.  

Published with permission from Law Technology Today. Source