Credential sharing, the practice of using someone else’s digital identity to gain access to a platform or product, has become commonplace, particularly when it comes to video streaming services. While credential sharing brings with it obvious user-end security issues for organizations of all sizes in all verticals, it also poses a serious problem for organizations that depend on the revenue generated from paid user accounts.
When most of us think of credential sharing, we likely think of people sharing a Netflix account with friends or family members as a favor or in order to split the cost of one account between two or more people. However, credential sharing can also take a more transactional form, such as sharing credentials in exchange for payment or sharing credentials with third-party resellers in exchange for a fee.
At its core, credential sharing is a form of theft. When two or more users share access to a paid account designed for single-user use, businesses lose out on the revenue they would have earned if each actual user paid for their own account.
Security Issues & Threats to Bottom Lines: Credential Sharing is Problematic from Both Perspectives
Credential sharing poses issues both for the companies creating the product that is being illegally shared between users and for organizations whose employees are sharing internal login credentials among themselves. In this article, we will discuss the problems credential sharing poses from both of these perspectives and discuss strategies organizations can use to discourage this problematic issue.
How Common is Credential Sharing?
Credential sharing is incredibly common, particularly when it comes to video streaming platforms. A survey found that 22% of US residents (46 million people) are using credentials borrowed, purchased, or stolen from someone outside their household to access video content without paying for it.
The Security Implications of Credential Sharing
Obviously, credential sharing is a serious problem for organizations like Netflix and Hulu, which rely on paid user accounts to generate revenue. However, credential sharing also poses a serious security risk for individuals and organizations that engage in this risky behavior. A recent survey of 1507 American adults found that 34% said they shared passwords or accounts with their coworkers, allowing us to extrapolate that as many as 30 million of the 95 million American knowledge workers may be engaged in credential sharing. Considering 81% of cyber incidents used stolen or weak passwords to gain unauthorized access to systems, this high rate of credential sharing is alarming.
Credential Sharing Leaves Your Organization Vulnerable to Credential Stuffing Attacks
Re-using passwords also makes users vulnerable to credential stuffing attacks: when cybercriminals use username and password combinations obtained during a previous breach to attempt to login to a targeted account. This means that if one of your accounts (say, your email) is compromised, any other account that uses that same username and password combination is now vulnerable.
Steps Organizations Can Take to Prevent Credential Sharing
Fortunately, there are steps organizations can take to prevent credential sharing, whether they are concerned about employees sharing accounts amongst themselves or paying users sharing their credentials with unauthorized, non-paying, third parties.
Preventing Credential Sharing Amongst Employees
Credential sharing among employees poses a serious security risk and should be heavily discouraged. Employee education, consequences for credential sharing, and making credential sharing less enticing are all critical for curtailing this risky behavior.
Ensure Employees Understand the Risks
The first step to stymying credential sharing between employees is to explain why credential sharing, which many view as “harmless”, is a serious issue. When employees understand the reasoning behind rules, they are much more likely to see why those rules are necessary, improving adherence. It helps to include specific examples where credential sharing caused cybersecurity incidents and discuss the fallout of those incidents. By highlighting the serious consequences of credential sharing, you can help employees better weigh the temporary convenience of credential sharing against the serious potential cost.
The risks of credential sharing should be discussed as part of your employee onboarding process and during regular cybersecurity refresher training. Regular reminders, such as a message that reminds users about the risks of credential sharing whenever they log in, can also help ensure this message sticks.
Implement Consequences for Credential Sharing
Rules are only effective if there are consequences for breaking them. Many businesses continue to foster a culture where password sharing and other “harmless” rule-breaking earns employees a gentle reprimand at best. Credential sharing is not a victimless crime; Instead, it is a serious threat to your IT security and your business.
Ensure you have a clear disciplinary procedure for dealing with employees who engage in credential sharing and ensure that this procedure is clearly communicated to all employees. You should also include consequences for employees who witness credential sharing and do not report it, as well as a clear, easy-to-navigate procedure for reporting instances of credential sharing.
Improve Your Access Processes
Most employees don’t share credentials because they want to harm your organization; they do it because it is convenient. The most effective way you can reduce credential sharing within your organization is by identifying why employees are sharing credentials, adjusting your processes to address those root causes, and making it easier for employees to follow the rules without compromising efficiency.
How you address this issue will depend on the root cause of credential sharing within your organization. This may include:
Reviewing your onboarding process: If new hires are waiting too long to be issued credentials, their managers or co-workers may be sharing credentials so that the new hire can actually perform their tasks.
Improving your approval time rates: If employees are waiting too long to be granted access to files or servers they need to do their jobs, managers may be tempted to share credentials to avoid work delays.
Are managers sharing passwords because they need their subordinates to tackle some of their workload? If so, you might want to explore officially re-allocating some of your manager’s tasks to appropriate subordinates (and issues login credentials for those subordinates) or adding new members to that team to better even out everyone’s workload.
Disable Concurrent Logins
Disabling simultaneous logins is an easy way to discourage credential sharing since it ensures any user who shares their login information cannot log in while another user is using those credentials. While this strategy alone won’t prevent credential sharing, it does make it a less practical and attractive option, potentially negating any temporary productivity benefits.
Enabling this feature without prior notice is also a great way to pinpoint which employees are currently engaging in credential sharing behavior since users are likely to complain when they discover they cannot log in or are repeatedly booted from the system.
Don’t Forget About Third-Party Users
If you use third-party organizations to supplement your team, you should also be taking steps to limit credential sharing on that front. Though you likely have less oversight over these users and how they act, you need to ensure controls are in place to ensure offsite third-party users aren’t engaged in credential sharing behaviors.
Ideally, this would include time restrictions and tracking on third-party users that alert you to any potential credential sharing behaviors. This is particularly critical from a legal and compliance perspective since you will need to show that any contractors accessing your data are following your internal procedures correctly.
Monitor Your Network for Suspicious Activities
Tracking behavior that may indicate users are engaged in credential sharing can help you determine how widespread this practice is while also hardening your systems against cyberattacks.
Many cybercriminals rely on stolen credentials to gain unauthorized access to sensitive systems. By taking steps to curtail credential sharing, such as disabling concurrent logins or sending users an alert when another user attempts to log in using their credentials, you are also taking steps to improve your cybersecurity posture as a whole. Preventing concurrent logins can help keep cybercriminals out, while alerts can let employees know if their credentials have been stolen or compromised so they can alert your IT and security teams so they can take appropriate action.
Preventing Credential Sharing Between Paying and Non-Paying Users
When it comes to preventing credential sharing among your user base, there are many lessons to learn from streaming services such as Netflix, Hulu, and Spotify.
Make Your Accounts More Personalized & Ownable
While Netflix and Hulu have to deal with rampant credential sharing, Spotify does not. The reason so many people share Netflix accounts is that Netflix allows different users to create different profiles. While this is supposed to ensure your spouse or children aren’t inadvertently messing up your recommendations lists, it also makes it easier for users to engage in credential sharing without consequences.
On the other hand, Spotify does not allow users to create separate profiles within a single account. While different household members can get a discount by purchasing multiple accounts under one payment umbrella, sharing individual accounts messes with users’ personalized recommendations and playlists.
How you go about tailoring your product to individual users depends on the product, but some strategies you may want to consider include:
Limiting the number of files a user can save (so no one wants to give up precious save slots)
Limiting the number of times a file can be downloaded
Personalizing the user’s experience based on previous behaviors (for example, e-learning software that tailors courses based on a user’s past quiz performance, interests, or previously accessed courses).
Implement Single-Sign-On Technology
Single-sign-on technology involves replacing user-generated usernames and passwords in favor of social media account logins from popular platforms such as Facebook, Microsoft, LinkedIn, or Facebook. This makes the login process more convenient for users (who need to remember one less username and password combination) and discourages credential sharing.
People don’t want their friends and co-workers poking around on their personal social media accounts, which are chocked full of sensitive personal information and, in the case of Google, credit card access in the form of Google Pay.
Insist on Two-Factor Authentication
Two-Factor authentication, also called multi-factor authentication or MFA, requires users to enter two different pieces of information to verify their identity. Most systems pair a strong password with a second factor such as a text message sent to a pre-registered phone number or a hardware element. For example, if an employee tries to login to their account on your product, they would need to enter both their username and password, as well as a one-time code sent to their phone.
Mandating two-factor authentication both improves user security and makes it incredibly inconvenient to engage in credential sharing behaviors, since the unauthorized user would either need the account owner’s phone or have the account owner send them the one time code, most of which are only valid for thirty seconds to a minute at most.
Block Simultaneous Logins
Everything we do online is tied to our IP addresses. An IP address is a unique piece of information used to identify a device on the internet or a local network. Since people (and their devices) can’t physically be in two places at once, there is little reason for anyone to log in from two different IP addresses simultaneously.
Using IP addresses, companies can block simultaneous usage on their accounts from two different IP addresses. So if one user logs in on computer A, then computer B (which is using the same credentials) is automatically logged out so that only one device using a single set of credentials can access the product at a time. This approach makes credential sharing inconvenient and frustrating since both users are continually being logged out by one another and can’t be using the same product simultaneously.
Pay Users for Referrals
While it won’t single-handedly stop credential sharing, paying users for referrals can help discourage this practice by making referrals a more attractive option. Paying for referrals re-frames credential sharing as a money-losing endeavor. Ordinary credential sharing is a net-neutral financial option for paid users: after all, it isn’t like they are paying extra to let their friend, family member, or co-worker use their credentials. When you add a referral bonus, credential sharing is re-framed as a loss.
Offering existing users a percentage of each sale, a flat rate fee, or a discount when they refer a friend incentivizes existing users to get their friends, family members, or co-workers to pay for their own accounts rather than engage in credential sharing behaviors.
Credential sharing is harmful and needs to be discouraged, whether you are concerned about paid users sharing their accounts with unauthorized, non-revenue generating users or worried about how co-workers sharing accounts impacts your organization’s security. For more information about the security, financial, and other harms credential sharing can cause, or tips on reducing or eliminating credential sharing, please contact our team today.
Cybersecurity is a complex and continually evolving field. To help your team stay up to date on the latest developments and best practices, please visit our articles and resources page and consider reviewing these suggested educational articles and resources.
Unfortunately, constant connectivity is a double-edged sword, bringing both convenience and security concerns that need to be considered and mitigated in order to best safeguard your endpoints and network.
What Exactly is an Endpoint?
An endpoint is a unit at the end of a communication channel that is accessed via a connected network and includes devices, tools, services, applications, and nodes. Traditionally the term endpoint referred to hardware such as modems, routers, hots computers, and switches connected to the network.
However, the advent of the Internet of Things has created a world populated by always on, always-connected endpoints such as smartwatches, smart appliances, smart vehicles, and commercial IoT devices. This shift to continual connectivity poses a variety of cybersecurity challenges that need to be considered.
Whether You Consider Them Endpoints or Not, IoT Devices Pose Serious Security Concerns
Whether you consider IoT devices to be endpoints or not, it is undeniable that unsecured IoT devices pose a security threat. To help safeguard your digital assets (including your network and the data stored on it), you need to be aware of the security vulnerabilities IoT devices introduce to your network so you can make an informed decision about whether or not your organization wants to allow these devices on your network.
This is particularly concerning since most wearable tech devices don’t require a password or PIN or use biometric security features, which means if an attacker is able to physically steal your device, there is nothing keeping them from accessing the personal data on the device or potentially using it as a gateway to infiltrate your network.
The Ability to Capture Photos, Video, & Audio
The always-on nature of these devices means this can happen either with and without your consent, raising serious privacy concerns from both a personal and organization-wide perspective.
Non-Secure, Continuous Wireless Connectivity
Though most of us protect our laptops, smartphones, and tablets with PINs or passwords, wearable devices don’t typically offer this feature, creating unsecured points of entry to your other devices. Much like investing in a high-quality front door lock and then leaving a main floor window open, unsecured endpoints, including IoT devices, present a serious security vulnerability.
A Lack of Encryption
Most of these devices aren’t encrypted, which means your data is left exposed whenever you sync your wearable technology with another device such as your smartphone or store it on a manufacturers’ or third party’s cloud server).
Minimal or Non-Existent Regulations Leaves Organizations Legally Vulnerable
Most of the security issues posed by wearable devices will need to be addressed by the manufacturers that produce them, which means the legal issue around self-regulation vs. government regulations is an important point to consider. Whether manufacturers self-regulate or fall under the purview of regulatory bodies, companies that suffer a breach because of the security shortcomings of a wearable or other IoT device will likely be held fully accountable from a legal perspective.
These security concerns should give organizations that are considering allowing wearable technology on their networks reason to pause. Though these wearable IoT devices have become commonplace, organizations should carefully consider the security implications of those devices before allowing them to potentially access sensitive company data and may want to consider keeping these devices off their networks until better security features become available.
Though your IoT thermostat and smart refrigerator might seem like odd targets for hackers, like wearable technology, the focus of the attack isn’t necessarily the IoT device itself. Instead, these devices act as a gateway to the rest of your network and the sensitive data stored on it.
Depending on how interconnected your home or workplace is, cybercriminals may be able to use these IoT devices to turn off your security system, access financial or human resources data, or even spy on your family or employees via your security cameras or nanny cam.
Attackers may also target these devices for their computing power alone, using your smart lighting system to mine cryptocurrencies (an attack known as cryptojacking, which we discuss in detail in this educational article).
Hacking someone’s car to cause it to crash may sound like something out of a James Bond movie, but with smart vehicles, this movie trope has become a reality. A recent study by a team of security researchers at the New York University Tandon School of Engineering and George Mason University found that car infotainment systems that are connected via protocols like MirrorLink can be exploited to override safety features.
Other research teams discovered similarly troubling results when looking at Mazda, Volkswagen, and Audi smart cars. This study found that MZD Connect firmware in Mazda’s connected cars can be used to run malicious scripts using a USB flash drive plugged into the car’s dashboard. In response to the research, Mazda put out a disclaimer clearly stating that third parties are not able to carry out remote customizations on their connected cars, but the data suggests otherwise.
Research conducted by Pen Test Partners found that third party car alarms (which often claim to protect against keyless entry attacks) can actually decrease security by allowing cyberattackers to exploit vulnerabilities in the alarms themselves to:
Turn off engines (potentially causing the vehicle to crash)
Send geolocation data to attackers
Allow cybercriminals to learn the car type and owner’s details
Disable the alarm
Unlock the vehicle
Enable and disable the immobilizer
Spy on drivers and passengers via the car’s microphone
These security flaws may make it easier to cause car crashes or steal vehicles, a safety and security nightmare neither individual car owners nor organizations corporate fleets want to deal with.
Third-party apps can also introduce security risks, a startling discovery backed by research conducted by Kaspersky. In this study, the research team tested seven of the most popular apps from well-known brands and found that most of the apps allowed unauthorized users to unlock the vehicle’s doors and disable the alarm systems, and none of the apps were secure.
These involve cybercriminals intercepting and possibly altering or preventing communications between two systems. In an industrial IoT setting, this could involve tampering with safety protocols on industrial robots, potentially damaging equipment or injuring workers.
Just like it sounds, device hijacking involves unauthorized parties seizing control of a device. Unlike man-in-the-middle attacks, these types of attacks can be difficult to detect because the device’s basic functionality typically remains unaffected. In industrial and commercial IoT settings, attackers may use a single compromised device to either infect other smart devices on the grid or use the device as a gateway to gain access to more sensitive areas of the network.
DoS, DDoS, & PDoS Attacks
DoS: Denial of service (DoS) attacks are designed to render a device or network resource unavailable (denying service) by temporarily or permanently disrupting services provided by a host machine such as a web server.
DDoS: Distributed denial of service (DDoS) attacks involve flooding the host with incoming traffic from multiple sources (often either a group of attackers or a single attacker controlling a botnet of devices). These types of attacks are incredibly difficult to stop because you will need to block all incoming traffic from all malicious sources, turning your defensive actions into a game of cybersecurity whack-a-mole.
PDoS: Permanent denial of service (PDoS) attacks (also called phlashing) are similar to DoS and DDoS attacks, but the goal is not to cause temporary disruption but instead to damage devices so badly that they need to be replaced or have their hardware reinstalled. An example of this type of attack is the BrickerBotmalware, which is coded to exploit hard-coded passwords in IoT devices to cause a permanent denial of service. Attacks like BrickerBot could be used to damage water treatment plants, knock power stations offline, or damage critical factory equipment.
DoS, DDoS, and PDoS attacks can be used to target IoT devices and applications, causing serious disruptions, serious injuries, or permanent damage in both commercial and industrial settings.
Protecting Your Devices (& Yourself) in an Always-Connected World
All of these security concerns may have you tempted to throw out your computer and brush up on your typewriter skills, but there is hope. Here are some steps you can take to manage your IoT device security risks.
Take steps to protect your IoT device security by ensuring all IoT devices are fully under the owner’s control at all times and are not being exploited by unauthorized users to access your network or harness devices for a botnet or other illegal activities. To do this, make sure you have protocols in place to actively monitor all IoT devices and look for signs of tampering.
Safeguard your organization’s data by taking steps to ensure that all data generated by IoT devices is not exposed or altered when stored on devices, transferred around the network, or transmitted to cloud-based services (including cloud networks owned by either the device’s manufacturer or provided by third-party cloud companies).
Take steps to safeguard individual’s privacy and organizational privacy by putting alerts in place that will notify you if private or sensitive information is being captured or generated by IoT devices. If that data must be collected, make sure you know where that data is going, how it is being stored, and what it is being used for. This will not only help safeguard your organization’s data but, depending on your industry or vertical, may be required by legislation such as GDPR, PCI, or HIPAA.
Are you considering incorporating IoT devices in your workplace? The VirtualArmour team is here to help you assess the risks and create flexible yet robust security protocols to help safeguard your organization, your workers, and your data and develop a cybersecurity incident response program tailored to meet your organization’s unique needs. For more information, or to start updating your security posture, please contact our team today.
WiFi 6 offers a lot of benefits over its predecessors, but uptake remains sluggish. In this article, we will explore the factors in the current technical environment that are impacting this revolutionary new approach to WiFi’s slow uptake.
The Risk of Being an Early Adopter
WiFi 6 was first announced in 2018 by the WiFi Alliance, making it still relatively new. As such, many organizations aren’t yet ready to make the switch. There also aren’t a whole lot of WiFi 6 clients out there yet, limiting choice and making it more difficult for organizations to find equipment that they know will meet their needs. Though some individuals and organizations pride themselves on being early adopters, most are more inclined to wait until any bugs or potential issues have been addressed before taking the plunge.
Companies in particular, who would need to invest large sums of money upgrading their entire networks to ensure compatibility, risk investing in unreliable equipment that may offer a poor UX experience or suffer from incompatibility issues. When you buy and deploy too soon, you might not be able to upgrade without re-purchasing everything again, dramatically increasing deployment costs. While larger enterprise-sized companies may be able to absorb the cost of re-purchasing equipment should they discover a compatibility issue or other problem, SMBs tend to have fairly limited IT budgets, which make re-purchasing a hard expense to handle.
Not All Devices on the Market Support WiFi 6
WiFi 5 remains the default when it comes to devices, so even if you upgrade your WiFi network, chances are most BYOD employees, customers, and visitors won’t likely notice the difference. WiFi 5 devices can work on WiFi 6 networks, but because they can’t broadcast in the 6GHz band, they will be limited to WiFi 5 speeds.
Samsung has already announced compatible products, and Intel has begun manufacturing WiFi 6E compatible devices (though they have done so without any fanfare or even a press release or announcement of any kind). However, Apple remains a holdout and has yet to announce a WiFi 6 compatible device.One source speculates that once Apple gets on board, we will see a noticeable increase in interest.
Once more WiFi 6 compatible devices (including smartphones, desktops, laptops, and tablets) begin to emerge, companies and individuals alike may become more inclined to make the switch so they can enjoy all the benefits WiFi 6 offers.
WiFi 5 is Still Going Strong
If it isn’t broken, why fix it? For many organizations, their WiFi 5 network and devices are still in good condition and continue to meet their needs. While upgrading to WiFi 6 will offer some benefits (assuming they invest in WiFi 6 compatible devices as well), many organizations are more inclined to stick with what works than invest in new equipment prematurely.
WiFi 6 Equipment is Still Quite Expensive
Because it is still relatively new, WiFi 6 compatible equipment and devices are still relatively expensive compared to their perfectly functional, tried-and-true WiFi 5 counterparts.
Most organizations can’t risk investing large sums of money in equipment that may present issues (such as the compatibility issues we will discuss later in this article) or be unable to meet their needs and are therefore more likely to upgrade with extreme caution.
Not Every Organization is Ready to Upgrade
Upgrading your entire network, or even just your employee’s work devices, is a large expense. As such, many SMBs need to plan their upgrade cycle’s carefully and do their best to get the most out of their current equipment before investing in an upgrade. Many WiFi 5 routers and other WiFi 5 devices and equipment are still in excellent condition, so it may not make sense to invest in a whole new network right now when your current solution continues to meet your needs.
Depending on where an organization is in their upgrade cycle, it may be a few years until a new networking solution is needed and everyone is due for new work phones and laptops. And even if organizations are ready to upgrade now, they may opt to stick with what they know and wait to adopt WiFi 6 on their next upgrade cycle once more devices, APs, routers, and other equipment options are available and have a proven track record.
Upgrading Your Whole Network is Inherently Disruptive
Upgrading is also disruptive, impacting productivity while the network is offline and potentially presenting a learning curve as workers familiarize themselves with new devices and equipment. As such, many organizations try to minimize the number of times they upgrade or may time their upgrades for periods of downtime when business is likely to be slow, and the impact of the disruption can be minimized.
Your WiFi Network & Devices are Just One Piece of the Enterprise Network Puzzle
When most companies think of WiFi, they think of the devices that rely on the network and the visible equipment, such as APs, that support them. However, upgrading your WiFi network, laptops, tablets, smartphones, and desktops is only the beginning.
To fully enjoy the benefits WiFi 6 offers, organizations will need to upgrade their entire network infrastructure, which can be costly and highly disruptive. Only upgrading your WiFi can present compatibility issues with the rest of your IT infrastructure, so you will need to conduct a holistic review of your existing IT ecosystem before committing to WiFi 6.
Compatibility issues can wreak havoc on your network, preventing your workers from completing tasks and bringing productivity to a grinding halt. As such, it is critical that you do your research before you commit to upgrading and consider consulting the experts to ensure you’ve covered all your bases.
Over the last year, there has been a lot of chatter surrounding WiFi 6 (also referred to by its IEEE standard name 802.11ax). But what exactly is WiFi 6? In this educational article, we will discuss what makes WiFi 6 different from its predecessors, WiFi 4 and WiFi 5, so you can get the information you need to make informed decisions about upgrading your WiFi network.
This is critical as the number of devices in each home and business continues to rise. The days of a single device per employee and a shared household computer are long gone; according to Statista, the average American household was home to 10.37 connected devices in 2020, and that number is likely only going to continue to increase. Many employees are now equipped with a laptop and a company phone, and with the continued rise of IoT devices in both homes and workplaces, the demand for bandwidth will only increase.
What are the Benefits of WiFi 6?
WiFi 6 offers a wide range of benefits, including:
WiFi 6 promises speeds up to 30% faster than WiFi 5, which means your employees can spend more time working and less time waiting for web pages and internet-based programs to load.
In situations when you are relying on a single router, WiFi 5 and WiFi 6 offer approximately the same range because WiFi range is dictated by the radio frequencies the APs can access (5GHz and 2.4GHz). However, if you switch to a WiFi 6 mesh system, you can increase coverage by placing the APs farther apart and use WiFi 6’s faster speeds to make up for the increased distances. Being able to place APs farther apart can be incredibly beneficial in situations where physical cabling is either inconvenient or impossible to lay.
Though the increased distance between the APs will cause a small decrease in network speed and performance, this decrease is so minuscule you and your team likely won’t notice a difference.
Latency (the amount of time it takes for something to load) remains a large problem for many WiFi users. How fast and reliable your WiFi is depends on a variety of factors, including the signal strength of your connection and how many other devices are on the network. By expanding bandwidth access, your network will now be able to support more devices than before, allowing all WiFi traffic to move faster and increasing network reliability.
WiFi 6 achieves this using OFDMA (Orthogonal Frequency Division Multiple Access), which is an extension of OFDM (Orthogonal Frequency Division Multiplexing) architecture (which is used by WiFi 4 and wiFi 5). While OFDM relies on a single-queue style system, which requires each device to patiently wait its turn to receive data, OFDMA allows the router to transmit data to more than one device at a time, dramatically reducing or even eliminating the need to queue.
It does this by splitting traffic into smaller packets, so each device can receive a small amount of the data it is waiting for and pass that information on to the end-user while it is waiting for the rest of its packets. This functionality is great for high-traffic environments such as stadiums, conference centers, and large retail environments where employees, visitors, and customers are going to need WiFi access.
Connecting to a WiFi network requires a proportionally significant amount of power, particularly if a device is moving in and out of WiFi range. Wider ranges, and the ability to comfortably support more devices, means that devices will need to expend less energy maintaining a reliable WiFi connection, which means your devices will be able to go for longer between charges.
WiFi 6 accomplishes this using target wake times (TWTs, also called wake time targets), which allow the APs to communicate with devices and let them know how long they will be left waiting between transmissions. By providing devices with this information, the devices can “sleep” between transmissions, only waking up when the device needs to connect again. These short bursts of downtime significantly reduce how much power the battery needs to expend to maintain a WiFi connection, which can extend the battery life of laptops, smartphones, tablets, and other WiFi-connected devices on your network.
Better Throughput & Reduced Congestion
When there are more devices on your WiFi network than the network can comfortably serve, WiFi performance suffers, and some devices may lose connection entirely. Because WiFi 6 uses OFDMA, it has better MIMO (multiple in/multiple out).
Using multiple antennas, each AP is able to talk to several devices simultaneously, while WiFi 5 networks can only respond to one device at a time, creating bottlenecks and slowing down the connection of every device on the network. Being able to respond to multiple devices at once reduces the amount of time each device needs to wait for its turn, increasing speeds for everyone.
Another advantage of WiFi 6 over its predecessors is BSS (basic service set) “colors”. These colors, labeled 0 through 7, are incredibly useful when multiple APs near one another are transmitting on the same channel. While older WiFi deployments typically assigned multiple APs to the same transmission channels (a necessary approach given the limited amount of bandwidth available), causing traffic jams and slowing down everyone’s connections. To make matters worse, devices weren’t able to effectively communicate or negotiate with each other to maximize channel resources, increasing congestion further.
Using the color-coded system, APs can assess signals from each color and determine whether they can use the spectrum at the same time as another device without causing interference by selecting a color that isn’t currently in use.
It’s like if a grocery store had seven checkout lanes open instead of one: The old WiFi standards required all shoppers to cram into a single checkout lane, but the shoppers can talk to one another, so sometimes two or more shoppers will try to purchase their items at the same time, causing a traffic jam while the cashier sorts everything out. The color-coded system allows each shopper to assess which of the seven checkout lanes has the shortest line (or ideally no line at all) and line up there, improving efficiency and getting everyone out of the store faster.
WiFi 6 offers a wide range of benefits from both a security and usability perspective. Are you considering upgrading to WiFi 6? Our experts have experience with a wide range of technologies, verticals, and industries and work with organizations of all sizes to support their IT and networking needs.
For more information about WiFi 6, or to get started planning your upgrade, please contact our team.
Wi-Fi is getting its first major update in almost 20 years. On April 1 of last year, the FCC announced that they would be opening up more of the broadband internet spectrum to unlicensed traffic.
This is an exciting moment for Wi-Fi users everywhere, but before you start preparing to change over and fill your office with new Wi-Fi 6 devices, let’s discuss what Wi-Fi 6 is, what improvements it brings to the Wi-Fi experience, and when such devices will be available to general users.
What is Wi-Fi 6?
The 6 in Wi-Fi 6 refers to the area of the spectrum the FCC is opening up. Wi-Fi 6 will allow routers to broadcast their signal in the 6GHz frequency of the band, in addition to the 5GHz and 2.4GHz ranges already open to ordinary consumer devices.
This represents the biggest change in Wi-Fi since the FCC first cleared the way for Wi-Fi in 1989. By opening up the 6GHz area of the spectrum, there will now be more space for routers and other devices. This increased bandwidth space will reduce interference and improve the user experience for everyone. Even users without Wi-Fi 6 devices can benefit, as Wi-Fi 6 devices leave the 5GHz and 2.4GHz areas of the spectrum, freeing up more space for older devices.
Faster Wi-Fi At Your Fingertips
Latency, the amount of time it takes for something to load, can be more than just a nuisance; it can also sap productivity and disrupt workflow. Your Wi-Fi connection can be slowed down by a number of factors, including how many devices are trying to connect at once and how strong your signal is. Opening up the spectrum will allow devices to spread out, much like widening a road reduces congestion, allowing all Wi-Fi traffic to move faster and more reliably.
These faster speeds are achieved using OFDMA (Orthogonal Frequency Division Multiple Access), which lets routers split data into smaller packets and transmit information to multiple devices at a time. This is a significant improvement over the older OFDM method that earlier Wi-Fi versions use, which relied on a single queue system that required each device to patiently wait its turn to receive or transmit data to the router.
Increased Device Range
If your workplace is small enough that you only require a single router, you likely won’t notice a huge range difference between Wi-Fi 5 and Wi-Fi 6. However, larger workplaces that require multiple routers (and rely on a mesh system) will be able to take advantage of Wi-Fi 6’s faster speeds to place access points farther apart without sacrificing speed or signal strength. This will make Wi-Fi 6 ideal for workplaces where cabling is difficult or impossible.
More Battery Power
Connecting to Wi-Fi, and staying connected, can quickly drain your device’s battery, particularly if you are moving in and out of range. The increased range of Wi-Fi 6, coupled with its ability to comfortably support more devices at a time, will reduce demand on your device’s battery.
This is achieved using wake time targets (also called target wake times or TWT), which allows the device to “sleep” when it isn’t actively sending or receiving information. Traditional Wi-Fi required devices to stay on and wait for information, slowly draining the battery even when you aren’t actively using your device.
Wi-Fi 6 is a Boon to the Internet of Things
The IoT has revolutionized a lot of the things we do, but without a fast and reliable Wi-Fi connection, these connected smart devices can be incredibly frustrating to use. Wi-Fi 6 is perfectly situated to support IoT devices, since Wi-Fi 6 access points will be able to support more devices, without compromising connection speed or quality, than their 5GHz and 2.4GHz counterparts.
Though many individuals in the tech space are currently focused on how Wi-Fi 6 will benefit larger venues (such as large retail spaces, healthcare facilities, stadiums, and the hospitality industry), the IoT industry stands to benefit significantly. Some technology manufacturers are even already offering Wi-Fi 6 routers and other devices.
There are a few features the Internet of Things is particularly set to benefit from, including:
Speeds of approximately 10Gbps, or even 12 Gbps, over short distances.
The ability to support 4x as many devices per access point.
More efficient data throughput, which is particularly useful for IoT devices and applications that rely on 4K video, Virtual Reality, and Augmented Reality.
Target wake times mean longer battery lives.
The Pace of Change
Though most home internet users and organizations won’t necessarily switch over right away, there are already several Wi-Fi 6 routers, access points, and other devices on the market, including products from big names such as Cisco and Mist.
Updating your current infrastructure to take advantage of Wi-Fi 6 may be a daunting proposition, and before you make any change you will need to make sure your new configuration is both secure and complies with all relevant security standards. Make sure you consult with knowledgable experts, including your MSSP, to help make your transition as smooth and secure as possible.
Fear is one, if not the most, powerful motivators for action. It’s a profoundly primal instinct designed to protect us from harm by searing bad experiences into our memories so that we can avoid them in the future. Spam relies on the instinct of fear to get otherwise rational people to act irrationally. Many data engineers are actually trained on the tactics that scammers use to trick their victim into clicking on malware.
How is Spam Related to Fear?
Spam accounts for 85% of all email sent and received globally on a given day, and refers to any unsolicited and unwanted communication, usually email, that is sent out in bulk. Though most spam aims to sell unproven, ineffective, and possibly dangerous products and services to gullible consumers, a small percentage aims higher.
These spam emails, such as phishing emails or malicious links or attachments, usually utilize fear tactics to gain information related to usernames, passwords, or banking information from unsuspecting readers.
How Does Fear Make Spam Effective?
Fear makes us deeply uncomfortable and can override even our most rational instincts. Scammers and other cybercriminals know this, which is why they play on our fears to manipulate us into doing what they want.
How Spam Sparks Fear
Most of us strive to be good, so when even the most rational among us receive an email saying there was a billing error or that we owe unpaid taxes, our fear response kicks in to respond. The same thing happens when we’re told our computer is infected with malicious software, or that we are suspected of being connected to some illegal activity, and the police are on their way to arrest us unless we “click the following link.”
Even seemingly positive spam emails play on our sense of fear of missing out. After all, if we aren’t willing to help a wealthy Nigerian prince gain access to his vast fortune, he will just ask someone else for help, and we will miss out on the generous reward. This holds true for spam emails selling a “miracle cure” since missing out on a “miracle cure” motivates the fear of poor health down the road.
All of these scenarios spark fear of consequences or fear of missing out, priming us to act.
Spam Positions Itself as the Solution
Once the scammer has frightened us, they swoop in and offer a solution. Often it’s something very simple and straightforward, such as clicking a link, downloading a file, or responding to the email with personal information. After all, it’s in the scammers’ best interest to make it as easy as possible for you to hand over your money or personal information.
Once the action is complete, the reader is compromised, and the scammer has all or most of the information they need to harm the reader, either by stealing money from their accounts or using their credentials for nefarious purposes.
The Anatomy of a Spam Email
The average spam email follows a fairly predictable format. The headline is usually phrased to invoke a sense of urgency and trigger our fear response (such as “Payment Declined – Immediate Update Required” or “Re: Claim Office”, which makes it look like someone is responding to an email you sent them.) The email headline may also be worded to suggest that the reader is the one in the wrong (such as implying that a payment is past due, or that this is a final payment notice).
The Sender’s Address
The sender’s persona typically falls into one of two broad categories: They are pretending to be someone authoritative that you trust (such as an Apple employee who wants to help rectify your payment problem) or someone you know (like a co-worker who needs some information from you).
The Body of the Email
In the body of the email, the message of fear really takes root. The reader is typically told that something has gone wrong (or that a once-in-a-lifetime opportunity has presented itself) and that they need to take action to either fix the problem or reap the rewards. In the above examples, a declined payment will likely require the reader to input their “correct” or “updated” banking information so that the payment can be processed or their reward can be sent, or provide other personal information.
The scammer may even ask you to help them perpetuate the scam by having you respond to them and forward the email to your contacts. This not only gives them access to your bank account or other personal details but also makes their original email seem more legitimate to your friends or co-workers by having it come from someone they trust.
The Goal of Spam
The goal of most spam is to scare us into acting quickly by instilling a sense of urgency and triggering a fear response. This helps ensure that the reader acts before they have rationally considered the email, and asked themselves important questions such as who sent it, why they are sending it, and what risk they take in responding to the email.
How Can I Protect Myself Against Fear-Motivated Spam?
One of the easiest things you can do to help protect yourself from email spam is ensure that you have robust spam filters installed. These filters can prevent the most obvious spam from getting through to you or your employees.
Next, you should always take a close look at the sender. Is this someone you can trust? If you aren’t absolutely sure the sender is trustworthy, then you should reach out to them via a communication channel (such as calling your friend or contacting the company’s support line directly) to verify. This is particularly true for unsolicited emails or emails that are formatted so that they appear to be a response to an email sent by you.
Finally, you should evaluate each email carefully. Look for obvious red flags. These include:
Typos in the sender’s address, such as “[email protected] (Note the extra “p” in the domain name). However, DNS spoofing allows scammers to masquerade as legitimate companies, so make sure you look at the whole email address, not just the domain name.
The form of address. Does the sender address you by name, or simply call you “customer” or “friend”?
Embedded links with strange URLs. To assess a URL, hover over the text without clicking so that you can see the actual address. If the link appears suspicious, enter it into your browser directly instead of clicking on the embedded link. Spam emails often include spoofed links that are designed to look like they originate from reputable sources.
Bad spelling, grammatical errors, and typos. This may indicate that the writer has a poor grasp of English, or that the text was translated using a translating app such as Google Translate.
Suspicious attachments. If a suspicious email includes attachments, verify why they are there and what they contain when you contact the sender.
Offers that sound too bad (or too good) to be true. Apple isn’t going to brick your iPhone over a billing error, and even if that Nigerian prince is real, he has no reason to share his vast fortune with you just because you forwarded his chain email to all your friends and family members.
Spam doesn’t look like it is going anywhere soon, so we need to take steps to safeguard ourselves and our businesses from cybercriminals. Learning to identify spam can help, and remember: when in doubt, don’t click.