By now, most are aware of the devastating effect the recently disclosed KRACK vulnerability can have on all modern Wi-Fi networks. According to its founder, KRACK can be used to steal all kinds of sensitive information, such as credit card numbers, passwords and emails. The worst thing? KRACK affects both access points AND devices.
The business implications are, frankly speaking, extremely alarming. Although KRACK can only be deployed in an highly targeted manner (attackers need to be within range of the respective wireless network), it still poses a serious threat to organizations of all shapes and sizes.
Most companies operate under the assumption that their corporate network is a safe, well-protected environment. If your organization utilizes WPA2 to protect their network, and does not use any sort of encryption between endpoints and servers, they really need to reconsider the validity of this assumption. A determined attacker can listen in (or even take part) in your private corporate communications, not to mention potentially inject malicious software onto your devices. Emergency patches are underway, but depending on the manufacturer, these can take some time.
All of your company’s endpoints can potentially act as access points for an attacker. Computers, phones, tablets – everything is free game. Android devices are especially vulnerable, resulting from both some underlying firmware design factors, as well as the OS’s notorious slowness in receiving updates. How can you protect your whole device fleet from KRACK?
Three words, short abbreviation: Virtual Private Network, or VPN.
Simply put, VPN extends a private network across a public network, and connects sites or users together in a secure manner. By routing all of your traffic through a well-protected data center, VPN effectively creates a safe “tunnel” from your endpoint to the destination you’re trying to reach – this allows your traffic to pass through securely, and prevents attackers from reading the information they might have intercepted.
A VPN service for both your computers and mobile endpoints allows you to circumvent the vulnerability created by KRACK, and protect your devices from unwanted snooping. The best part? It’s easy to implement and simple to use. Most companies route their computer traffic through a VPN service already – if yours doesn’t, consider an upgrade.
Don’t forget your mobiles, though. You should think about investing in a robust mobile security solution, such as F-Secure Freedome for Business – it gives you complete control and security over your mobile devices, including reliable VPN. Although Freedome for Business functions as the perfect solution for the specific problem posed by KRACK, its usefulness extends far beyond specific instances of new vulnerability discoveries: solid anti-malware and anti-theft features can never hurt a modern business.
Our advice in a nutshell? Start using VPN, and breathe a sigh of relief – than start the process of updating your devices and Wi-Fi access points.