Legality Of WiFi Eavesdropping Exposes Corporate Data

Regarding the US court ruling that intercepting IP traffic on an open WiFi network is now legal, the law exposes organisations to increased risk of data loss and breaches, and companies now have a pressing need to encrypt all of their wireless communications.

This is the wireless equivalent of allowing tech-savvy people to wander around attaching crocodile clips to phone cabinets. It shows that the ease with which public WiFi networks can be intercepted is being interpreted as a free-for-all on the hacking front by the US courts.

The ramifications of this new law for online security and cyber criminality are dizzying, and violate basic industry best practices. Just because a transmission can be eavesdropped, does not make the act of sniffing that traffic any less wrong. It’s illegal to intercept a phone call, and there is no reason for the same principles not to apply to a WiFi transmission, which carry both voice and data traffic.

The reality is that using open WiFi networks for anything other than simple Web surfing is asking for trouble. Company users – if they have not already – should now be moving to encrypt all of their wireless traffic, both on- and off-premise, especially since WiFi has become so pervasive and readily accessible by remote employees and traveling corporate users.

Such knowledge workers are accessing increasing amounts of sensitive, often regulated information and corporate applications—from more and more unsecure WiFi networks outside the security of the firewall.

With BT’s Fon WiFi network now having topped the six million hotspot mark worldwide in May of this year, a growing number of companies that use BT as their Internet Service Provider are using the included BT Fon WiFi service when away from their offices and locked-down corporate IT environments. The problem with this service is that while it is free the Fon WiFi service is open and easily sniff-able.

Put simply, that means that your email credentials and messages may be on display for all to see wirelessly, every time you access the service. This is also true of many hotel and coffee-shop WiFi networks.

The solution is to encrypt all WiFi traffic wherever you are. Managing wireless encryption can be made quick and easy by storing your various encryption keys in a secure central repository, which is where Enterprise Key and Certificate Management (EKCM) technologies come to the rescue.

Effective EKCM technology does a lot more than simply securely storing encryptions keys – it also protects digital certificates, as well as limiting the exposure enterprises have to unquantified operational, security, and compliance risks. In short, it’s a must-have technology.

Calum MacLeod has over 30 years of expertise in secure networking technologies, and as EMEA Director for Venafi is responsible for developing their business across Europe providing solutions in the automated encryption management arena including certificate management and enterprise key management. Before joining Venafi, Calum worked for Tufin Technologies growing their lifecycle security management business across Europe and South Africa and previous to this worked for Cyber-Ark and AEP where he was responsible for leading some of the early SSL VPN projects in Europe. Calum has also served as an independent consultant to corporate and government clients on IT security strategy for various European market segments, including the European Commission.