We love public Wi-Fi, particularly in certain coffee shops where we can sit there for a couple of hours and not worry about our access timing out.
The problem is every day public Wi-Fi gets more dangerous.
The bottom line: You need to change the way you use public Wi-Fi now, or suffer the consequences.
There are dozens of YouTube videos supporting this conclusion, and a recent Harvard Business Review titled, Why You Really Need to Sop Using Public Wi-Fi (May 3, 2017). But… you don’t want to stop using public Wi-Fi, do you?
The Good News
There is a way to use public Wi-Fi safely, but first, let us give you a summary of common attack methods from the HBR article. Then we will explain what you must do to use public Wi-Fi safely.
First, two of the most popular attack styles are, “Man in the Middle” and “Evil Twin.” The basic objective of these approaches is the cyber-criminal wants to fool you into thinking their computer is the Wi-Fi network of your public space, hotel, airport, or other location.
You mistakenly connect to the Internet through them. From that point forward they can track everything you do AND retain your usernames, passwords, and other confidential information your system processes to access your sensitive data and financial records.
Have you heard of wire fraud? Man in the Middle and Evil Twin are enabling criminals to do more than just access your system. They stay there. It’s creepy! Hackers access your business computing device, and then stay on it. For days, weeks or even months they study the way you communicate. When they are confident of their ability to communicate on your behalf – talk just like you – then they instruct someone else to wire funds to their foreign account. Wire fraud is growing astronomically specifically due to this type of theft.
You still do not believe hackers are after you?
Read about “Dark Hotel” in a Wired Magazine article. Dark Hotel was a sophisticated, 7 year hacking campaign uncovered by Kaspersky Lab in 2014. It targeted CEOs, government agencies, U.S. executives, NGOs, and other high-value targets while they were in Asia. The executives connected to their luxury hotel’s Wi-Fi network and downloaded what they thought were regular software updates. Instead their devices were infected with malware. This malware could sit inactive and undetected for several months. Then the hackers would access it remotely to obtain sensitive information on the device.
What You Can Do
If you are a business, then you need to have a proactive I.T. managed service provider responsible for protecting your network and systems. They should also have security awareness training available for your employees, volunteers, consultants, and others.
NRTC is a reputable, 15-year-old Maryland & DC Beltway team of computer experts providing IT security and managed services. We have been helping business and nonprofit clients stop cyber hackers in their digital tracks for over a decade.
Here are some of the key areas where we help Clients implement technology and train their people better public Wi-Fi habits.
Avoid Free Anti-Virus Software
Sensitive data about your personal life and career reside on your computer and possibly mobile devices such as tablets and phones. Free antivirus software has fewer capabilities than robust antivirus and firewall solutions sold by reputable providers. The cost of high-quality protection is microscopic compared to the financial loss, time waste, and stress of identity theft, ransomware, and other cybercriminal-induced pain.
Keep Software Updated
At home or work always make certain your software has the latest updates. A lot of the effort and coding in updates these days involves making certain your software has the best protection against cybercriminals. Do NOT update your software on public Wi-Fi.
Confirm the Real Network
Ask an employee for the specific name of the retail store’s Wi-Fi network and the password. Only use networks where you are 110 percent confident it is real. For instance, “Free Airport WiFi” may be a trap set by hackers and thieves.
Part of the process to access the public Wi-Fi network involves confirming whether you want to be sharing and seen on the network, or you want to be hidden. Turn off sharing. Do not be seen. Allowing sharing may enable evil people to access your system.
This may be a two-step process: First, you may need to go into the settings of your system to turn-off File Sharing. Second, as part of the public Wi-Fi network connection you may be asked if you want to be seen, or share while using the network. Always say “no” / be hidden.
Use a VPN
A VPN is a virtual private network. Private WiFi did a recent survey where 79 percent of respondents do not use a VPN, even though they should. The major benefit of a personal VPN is that it encrypts your data so even if any of your data gets into the hands of nefarious characters they cannot use it. There are a variety of VPN options available at a reasonable cost. Again, we advise against a free version. Get real protection, or don’t.
Avoid Sensitive Information
Do not access any online account unless you absolutely have to, and if you do, only accounts with two factor authentication.
If you are not familiar with two factor authentication, it is a two-step process to confirm who you are rather than simply entering your password (a one step process). Typically the second step is you either are texted a code, which when you see it on your phone can be entered into the website; or you are required use of tools such as Google Authenticator or Microsoft Authenticator to access a code that you enter into the website.
Look for a Secure Connection
Check the web address of the sites you are visiting, particularly if you feel you need to do some transactions, to confirm the beginning of the address is “https” rather than simply “http.” This indicates the site has a secure, encrypted connection.
Turn It Off
Turn-off the public Wi-Fi connection on your computer or mobile device when you are done. Do not leave a gate in your fortress open for the enemy to attack.
After you turn it off, forget the network on your system. The process varies based on your computer or mobile device. On a Windows system you can do this in Network Settings, which can be accessed from the network icon in the lower right of your bottom task bar. In iOS go to Settings, select Wi-Fi, find the network, and select Forget this Network.
What To Do Now
Take inventory of what technology you have in place to stop cyber thieves on your computers, mobile devices, storage, and networks. Also consider what training you are doing to educate your people how to avoid cyber risk, particularly on public Wi-Fi. For a limited time you can schedule a no cost, no obligation full network security assessment that includes an assessment of each computer, mobile device, and most of your connected equipment from NRTC.
It is better to assess your security BEFORE there is a loss you have to explain to a boss, board of directors, shareholders, or the public. It is kind of ironic. An employee may cause the theft of digital assets from your company by accessing a public Wi-Fi network, and one of your greatest concerns is the public finds out about it.