How To Secure Wireless Devices In Public Settings: As Told by the NSA

For starters, NSA’s wireless device security guidance highlights a number of useful Do’s and Don’ts that all stakeholders within your organization can implement on a company and personal level for better overall cybersecurity. Outside of some of the usual suspects referenced, like keeping your software and operating systems updated and using anti-virus/anti-malware software, there are also lesser-known, yet extremely valuable tips given. 

Here are the NSA’s key Do’s for wireless device security:

• Whenever possible, disable Wi-Fi, Bluetooth, and NFC on devices when not in use, reboot devices after using untrusted wireless connections, and delete unused networks.

• Disable Wi-Fi auto-connect and at a bare minimum only connect to networks with WPA2-encryption.

• Use Multi-Factor Authentication whenever possible, which can help with the defense against password hash captures.

• Use an allowlist or denylist of applications/devices that can use your device’s Bluetooth connection.

• Use an IPsec VPN and HTTPS browsing protocols.

And here are the NSA’s key Don’ts for wireless device security:

• When using public networks, avoid accessing sensitive personal or company data and avoid things like bank (or crypto) transactions.

• Avoid plugging mobile devices into public USB charging stations including those found in airports and shopping centers.

• For laptops, do not browse the web using the administrator account.

• Avoid using Bluetooth to communicate passwords or sensitive data and never accept uninitiated pairing attempts.

• Do not set public Wi-Fi networks to be trusted networks.

Of course, the NSA’s security recommendations go even deeper, highlighting the use of virtual machines (VMs), disabling Netbios Name Service (NBTNS) for Windows laptops, using firewalls to restrict connections by applications, and much more.  

We also recommend using mobile data coupled with a VPN rather than public Wi-Fi connections whenever possible, as the signal sent from your cellular provider comes with at least some degree of encryption.

The NSA is quick to point out that nothing is 100% safe from cybercriminals when using the internet and that the methods used to compromise devices and data are constantly evolving. 

This reality is further accentuated by the fact that cyberattacks cost companies trillions of dollars globally.

So how do you and the people within your organization stay ahead of evolving threats? Here’s a great way to start: as a first defense, make security an easy option.

How much responsibility an organization has for the personal cybersecurity of their employees and project stakeholders is debatable; however, personal security habits often bleed into the professional environment. So helping stakeholders stay as safe as possible at all times is advantageous and this can be facilitated by the following actions:

• Give employees access to a VPN each year.

• Provide a YubiKey for company use, that can also be used to secure personal accounts.

• Provide secure devices for work (phone, laptop, etc) that can come preinstalled with secure apps such as multi-factor authentication, reminders for critical OS and app updates, and can be wiped clean remotely in the event that a device is compromised or stolen.

• Have clear guidelines for traveling with work-related devices and what to do in situations where devices might be confiscated (eg. when going through customs at the airport). 

Additionally, consider periodically training those in your organization who have access to sensitive data, as well as working with experienced cybersecurity firms that can help safeguard your sensitive data. 

And if you want to explore maximizing your cybersecurity to help ensure your organization and sensitive data are protected from cybercriminals, reach out to our experts at halborn@protonmail.com.