Setting A New Standard In Wireless Peripheral Security

SKIP TO MAIN CONTENT
Pangea temporary hotfixes here
Close up shots of hands typing on a wireless keyboard

With the rapid shift to work from home (WFH) brought on by the COVID-19 pandemic, IT teams around the globe were faced with a new reality when it came to ensuring enterprise security. Suddenly, users were working everywhere, no longer safely within the confines of the corporate firewall and often on unsecured networks with unsecured devices.

This continues to be uncharted territory for most organizations. Nearly half of employees had never worked remotely before the pandemic.“Increasing Cybersecurity Gaps and Vulnerabilities due to Remote Work During COVID-19,” securitymagazine.com, June 10, 2020

This shift to remote work created a proliferation of new devices connecting to corporate networks from the outside. In just 18 months, the number of remote devices had quadrupled“What’s next for remote work: An analysis of 2,000 tasks, 800 jobs, and nine countries,” McKinsey Global Institute, mckinsey.com, November 2020 as all these newly remote workers bought mice, keyboards, headsets, webcams, speakers, and other peripherals to make a WFH desktop feel like a productive workspace.

The increased attack surface presented by these additional devices is irresistible to hackers, and malware and phishing attacks continue to increase dramatically. Since the beginning of the pandemic, the FBI has tracked a 300 percent increase in the number of reported cybercrimes.“COVID-19 News: FBI Reports 300% Increase in Reported Cybercrimes,” IMC Grupo, May 2, 2020 And 20 percent of organizations report that remote workers have caused a security breach.“Enduring from home: COVID-19’s impact on business security,” Malwarebytes, March 2020

300%

4x

Over the past 18 months, IT organizations have implemented a wide range of new security measures and policies to protect remote workers, including VPNs, enhanced endpoint security software, mobile device management systems, multifactor authentication, and more.

But there’s one area where organizations can go a step further to help promote a more secure computing environment for remote workers: wireless mice and keyboards.

At the far end of the endpoint

The shift to WFH made the laptop the centerpiece of the remote user experience. While laptops are great for mobility, the compact keyboards and trackpads aren’t ideal for productive work for extended periods of time.

Wireless mice and keyboards offer a flexible solution that gives employees the freedom to position their input devices for comfort without cluttering their workspaces. So, as the number of remote endpoint devices in the field increased, the number of wireless mice and keyboards did as well.

In some cases, companies provide employees with a specific combination (or choice of combinations) of devices, or employees might procure the mouse and keyboard on their own.

The connectivity technology behind these wireless connections can vary from manufacturer to manufacturer, both in terms of performance and security, which is why IT teams should be taking a second look at what’s in their fleet.

Finding the weakest link

Using readily accessible, inexpensive radio technology and about 15 lines of code, hackers can take control of vulnerable wireless components from up to several hundred feet away through a class of vulnerabilities known as “MouseJack.”

First identified by Bastille Networks in 2016, MouseJack allows bad actors to inject keystrokes as a spoofed mouse or keyboard, or hackers can force-pair an illegitimate mouse or keyboard to the endpoint device.“Wireless peripheral hijacking: MouseJack attacks explained,” Cybersecurity Watch blog, crowe.com, January 22, 2021 And, once the hacker has control of a trusted device, they can begin to gather information or credentials to launch a separate line of attack.

Even though MouseJack has been around for a while, devices on the market today may still be susceptible. Given that the average employee has access to more than 17 million company files,“What’s next for remote work: An analysis of 2,000 tasks, 800 jobs, and nine countries,” McKinsey Global Institute, mckinsey.com, November 2020 it’s easy to see how this often-overlooked vulnerability can have serious consequences.

Implementing security features in the human interface/endpoint connection

To help prevent attacks on wireless mice and keyboards, IT teams must ensure that the connections used by these devices are as secure as possible. The first step is making sure all devices are up to date on firmware and that the connections they establish are encrypted. In addition:

  • For devices that utilize Bluetooth®, the connection should utilize Security Mode 1, Level 4 (Secure Connections Only mode), which is FIPS compliant. FIPS (Federal Information Processing Standards) is a set of data security and computer system standards created by the National Institute of Standards and Technology’s (NIST’s) Computer Security Division and applies to computer systems for non-military government agencies and government contractors.
     
  • For devices that connect via a USB dongle, look for an anti-rollback feature for device firmware upgrades (DFUs) that are based on security. This helps ensure that critical security patches aren’t accidentally removed while still allowing for rollbacks of non-security-related updates.
     
Man typing on a keyboard

Implementing security features for enterprise WFH

Logitech has engineered a proprietary protocol called Logi Bolt, based on Bluetooth Low Energy (BLE), that implements security features and delivers a reliable connection even in “noisy” environments where there’s a lot of wireless traffic.

In addition to meeting the security guidelines described above, Logi Bolt devices deliver an exceptionally robust signal that significantly outperforms other protocols in highly congested environments. This enhanced performance results in less lag, which contributes to a better overall user experience. Learn more about Logi Bolt technology in our in-depth eBook.

Explore the latest Logi Bolt devices for your work-from-anywhere employees today.

Six considerations for wireless peripheral security

 

Maintaining enterprise security is vital in today’s world of ever-expanding cyberthreats. The wireless mice and keyboards your employees use every day are an integral part of the overall security landscape.

Download the checklist now to assess the security of your fleet’s wireless peripherals.

 

Checklist on how to contribute to secure wireless mice and keywords for work from home employees

Download the Checklist

Cart

Your cart is currently empty. Begin shopping now