The US National Security Agency (NSA) issued guidance, which advises users to secure their wireless devices against potential attacks.
The National Security Agency has released an info sheet to help identify potential threats to wireless networks and minimize risks.
The recommendations made by the NSA are designed to help the various agencies and organizations that deal with remote workers. They are directed specifically at National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) teleworkers, but apply to all people who work online.
According to the paper, there’s a big risk that hackers can infiltrate devices over Bluetooth, public Wi-Fi, and Near-Field Communications (NFC) to steal data. Hijacked wireless devices – laptops, tablets, mobile, and wearable accessories – can steal sensitive information such as usernames and passwords.
“Cyber actors can compromise devices over Bluetooth, public Wi-Fi, and Near-Field Communications (NFC), a short-range wireless technology. This puts personal and organizational data, credentials, and devices at risk,” the NSA explains.
The agency also advises against using public Wi-Fi networks as they can expose sensitive information to unauthorized users. If you must connect to public Wi-Fi, NSA says, you should use a virtual private network (VPN) which will encrypt your traffic.
The NSA has warned users to avoid using non-authorized devices and to implement security measures such as limiting or disabling Bluetooth and NFC features while in public. Before working in a public setting, employees should obtain explicit permission from their organization.
“Before conducting business remotely or in public settings users should obtain explicit authorization from their organization to do so.”
Earlier this year, the agency also released advice on how to secure internet-capable devices when traveling and lower the risk of identity theft.
The US intelligence agency has also provided advice on how to secure various types of communications, including voice and video calls, mitigate weak encryption, secure IPsec Virtual Private Networks, and avoid location tracking.