More than half of companies are neglecting the security of their wireless local area network.
According to the Enterprise Mobility Solutions business of Motorola, over half of large companies use the same security measures for both wired and wireless networks, while only 47 per cent of companies are using WEP or WPA encryption on their wireless networks. Less than a third (30 per cent) are using any form of wireless intrusion prevention system.
Amit Sinha, chief technologist of Motorola Enterprise Wireless LAN, said: “Companies would be naive to use the same security mechanisms for wired as well as wireless LANs. It's surprising that companies today are not using wireless encryption standards like WPA2. The cost of a data breach is $200 - $300 per compromised record, an order of magnitude more than the cumulative cost of security technologies to prevent exposure. Prevention is always better than cure.
The research also found that 79 per cent of organisations use IT policies across the organisation, although 51 per cent of companies have no way of enforcing these policies across their network. Meanwhile 56 per cent believe that many employees flout security measures by sending corporate data over completely unsecured wireless networks, such as those at wireless hotspots in cafes, rather than using some form of VPN.
Sinha said: “Education is vital to improving wireless network security. Wireless introduced vulnerabilities in the corporate network that traditional security architectures cannot mitigate. A layered approach to securing the airspace that comprises of strong authentication and encryption built on industry standards such as WPA2-Enterprise along with 24/7 wireless monitoring and intrusion prevention is required.”
Finally, Motorola claimed that many IT teams are wasting time on security activities which could easily be automated, as 58 per cent of companies spend over two hours every week, and in 24 per cent of cases over eight hours a week, searching for ‘rogue' access points
Sinha said: “Several industry regulations such as the payment card industry's Data Security Standard require strong wireless security measures as well as monitoring of wireless networks at all locations for compliance. Manually validating wireless policy compliance is costly, error-prone and leaves gaps in security. Companies need to invest in robust WLAN infrastructure with 24/7 monitoring for gap-free security and cost-effective regulatory compliance.”