Lax Wi-Fi Security Leaves WeWork Tenants’ Records Exposed

With the rise of the mobile and remote workforce, more and more organizations are changing from the outdated cubicle office architecture to the modern coworking space option. Coworking spaces such as WeWork and Green Space offer many different advantages for organizations, from lower office costs, flexibility in working, networking opportunities, happy hours and more. However, along with the advantages there are always some security risks.

Working out of a coworking space might save your organization money and overhead, but it’s important to consider the security implications it presents to your organization’s resources. In the case of the lead coworking space WeWork, massive security risks have grabbed the headlines over the past month.

WeWork’s Lax Wi-Fi Security

Security issues with WeWork’s Wi-Fi network were first introduced in August 2019 in a Fast Company report, which noted that the company “used the same weak passwords and outdated Wi-Fi system throughout all its branches”. WeWork’s lack of password security has gotten to the point that it has regularly been featured on the list of the worst passwords that anyone can possibly use. The report described that WeWork’s Wi-Fi weak security is “laughably weak” and “downright dangerous.”

The “laughably weak” Wi-Fi at WeWork now has resulted in exposing the sensitive documents and data of it’s New York’s Financial District members.

CNET reported that a WeWork tenant named Teemu Airamo who joined the New York shared workspace in 2015 scanned the facility’s Wi-Fi security upon arrival to ensure his organization would not be vulnerable to an attack. Airamo noticed that other companies located at the WeWork were visible on the network and were spilling out an “astronomical amount” of data.

Airamo disclosed the issue to the WeWork management, and despite the Wi-Fi security risk, WeWork never patched the vulnerability. Four years later, this Wi-Fi security risk is still intact. Airamo over the years has continued to run regular scans of the network and found that over 700 devices are leaking information from the WeWork network. The different kinds of sensitive data exposed included emails, financial records, and client databases as well as scans of people’s IDs, their bank account credentials and, quite randomly, a virtual birthday card with a cat photo of Nicolas Cage.

Public Wi-Fi Security Risks 

With 90 percent of Americans using their personal devices for work, employees are constantly at risk of accidentally opening access to company data. To fight off potential hacks on the network or the risk of exposing critical data, everyone needs a better understanding of the different security risks that correlate with using public Wi-Fi networks.

Insufficient Encryption

Many Wi-Fi hotspots have absolutely no form of encryption, or they utilize a weak WEP protocol that can result in a potential security breach.

Poor Password Protection

Wi-Fi hotspots often have widely shared passwords, or even worse, absolutely no password protection. This provides incredibly easy access to hackers to access the network and compromise your data.

Lack of Awareness

Most people are not aware of the different kinds of risks when using public Wi-Fi and assume the network must be secure. In fact, only one in three people can actually tell the difference between secured and unsecured Wi-Fi networks.

Steps to Secure Wi-Fi Network

One of the most popular network misconceptions is that free public Wi-Fi is completely secure. If you’re using public Wi-Fi without the proper protection, you’re potentially putting your organization’s sensitive data at risk. Here are a few measures you can take right now to start protecting your data on public Wi-Fi.

Browse Only over HTTPS Encrypted Sites

When you browse on a website you want to check for a green lock symbol at the start of the URL. This indicates that your traffic is being encrypted through SSL encryption technology and that the data transferred between your browser and the website is secured. However, this method is still vulnerable to SSL stripping.

Enable Two-Factor Authentication

Two-factor authentication (2FA) is a great way to prevent your accounts from being hacked. It ensures that, in addition to your username and password, a second layer of verification such as an SMS code is required. However, in the case of public Wi-Fi, this method only protects your account during the login process, so it isn’t enough to keep you safe online.

Disable Auto Join to Wi-Fi Networks

Many Wi-Fi hotspots are unsecured. However, your phone automatically remembers previous networks you’ve connected to and will reconnect to them even if you don’t interact with your phone. Since it’s important to make sure that the network you’re connecting to is authorized, reliable and trustworthy, you should disable auto-join on your device.

Use a Business VPN

Our Business VPN provides you with a highly encrypted and secured connection. Wherever you are, you can connect remotely to your company ressources without any risk.

Authorized Access is Key

Many organizations are still relying on outdated hardware-based VPN technology for their secure network access, however, it’s not enough to fight off the new network attacks.

Secure network access must be defended and protected by adopting security strategies, like the popular Zero Trust security model, which enforces multiple layers of verification before granting resource access.

Furthermore, this breach highlights the need to embrace cloud-compatible cybersecurity solutions. According to the Cloud Security Alliance (CSA), Software-Defined Perimeters provide “the ability to deploy perimeters that retain the traditional model’s value of invisibility and inaccessibility to “outsiders,” but can be deployed anywhere – on the internet, in the cloud, at a hosting center, on the private corporate network, or across some or all of these locations.

To prevent similar risks such as WeWork’s Wi-Fi security risks, organizations should use Software-Defined Perimeter technology and the Zero Trust model to ensure secure access by authorized devices, users and locations. They should also seek services such as Perimeter 81 which include advanced or even automatic Wi-Fi security features, ensuring employee communications are encrypted across all Internet connections. With Perimeter 81, organizations can ensure that only authorized connections are being established while leaving their cloud environments completely hidden from attacks.

To learn more about Perimeter 81’s Zero Trust Network as a Service be sure to request a complimentary demo.