NSA outlines Wi-Fi safety best practices
- By Susan Miller
- Aug 03, 2021
To help remote workers remain secure, the National Security Agency issued guidance on securing wireless devices in public.
The July 30 guidance is directed at teleworkers in the national security system, the Department of Defense and the defense industrial base and includes best practices for securing devices when conducting business in public settings.
“The methods used to compromise devices and data are constantly evolving,” NSA officials said. “As telework becomes more common, users are more frequently bringing themselves and their data into unsecured settings and risking exposure. By following the guidance … users can identify potential threats and put best practices into action when teleworking in public settings.”
Generally, users should avoid connecting to public Wi-Fi networks and use a corporate or personal Wi-Fi hotspot with strong authentication and encryption. If users must connect to public Wi-Fi, they should use a virtual private network to encrypt the traffic and only visit websites that use Hypertext Transfer Protocol Secure (HTTPS), disable Wi-Fi when they are finished and “forget” the access point. Laptop users should be sure file and print sharing is turned off.
A better solution, NSA said, is the use of virtual machines that contain Wi-Fi drivers and applications for processing untrusted data. If a VM does become compromised, it can be discarded.
Bluetooth connections and near-field communications are likewise easily compromised, allowing malicious actors access to corporate data and networks, so users should disable those functions when not in use. Additionally, Bluetooth users should ensure their devices are not in discover mode and consider an allow/deny list of applications. To protect against NFC compromise, users should not allow their devices near unknown electronic equipment in case it triggers an automatic communications.
NSA reiterated common-sense advice of not sharing passwords or sensitive data over Wi-Fi, limiting location features, using strong passwords and trusted accessories.
See the fact sheet here.
This article first appeared on GCN, a Defense Systems partner site.
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at [email protected] or @sjaymiller.