5 reasons why using a Wi-Fi pre-shared key is no longer acceptable
For many years now we have been advising clients in the important reasons why using a Wi-Fi pre-shared key or PSK on their corporate network is just no longer acceptable and that they should be taking their network and data a lot more seriously.
What has helped us in convincing clients is the world becoming more informed about how sensitive data can be and why ensuring that the data we all hold is kept that way.
PCI compliance, GDPR, and several high profile security data breaches in recent years have all made securing your network and the data behind it the No1 concern for companies. So with this in mind, we thought that it would be prudent to educate everyone why using a simple Wi-Fi pre-shared key to secure their data is no longer acceptable.
Password keys are rarely changed - The hassle involved with regularly changing pre-shared keys on all client devices means that they are very rarely changed, which in turn means that the opportunity for them to be compromised becomes higher with time. Every time an employee leaves, a laptop or client device is lost/stolen or over a certain time period, your pre-shared key should be changed. The longer you leave it the higher the probability of being compromised.
Stolen or lost devices can reveal your password - Using easily found tools on the internet it is simple enough to extract Wi-Fi a pre-shared key from a device in little or no time at all. Couple this with the fact the passwords are rarely changed then you are providing easy access to your network. In principle every time you lose a device you should change your password. But this rarely happens.
Password keys can be easily guessed - Due to the complexity of using and sharing pre-shard keys, administrators tend to keep them simple and easy to remember so that any device that they need to add to the network they can remember the key. This simple approach leaves a potential hole in your security as hackers will simply use a brute force attack to guess your key and gain access to your data.
Password keys can be easily shared - Employees are still the biggest threat to network security and the innocent sharing of network keys mean easy access to your network. Apple IOS 11 introduced Wi-Fi password sharing, which meant you can share the Wi-Fi password for a network that you know to another IOS user with just a few clicks. IT teams also often put their passwords up on a noticeboard in an effort to try and reduce administration time associated with client connectivity issues.
EXCUSE: Alternatives are too complicated! - This excuse we hear all too often and whilst this might of been true several years ago it is no longer the case. 802.1X can be more complicated to implement with several complex components (Network policy server, Certificate Server etc) but there are now simple to use on-boarding security solutions available on the market today.
The good news is that the move away from pre-shared passwords has never been simpler with solutions such as Cloudpath. This advanced security and on-boarding solution works for any device or OS and provides certificate-based authentication in an easy to use solution.
If you would like a free consultation on migrating away from using pre-shared keys on your network then please get in contact.