Public WiFi is a boon for working professionals. It’s so easy and convenient; pretty much everywhere you go there is now a public WiFi available. While staying connected is critical for professionals, unseen dangers can lurk behind a public WiFi hotspot.
The same feature that attracts you to public WiFi attracts criminals; there is no authentication needed to establish a network connection. That can spell trouble for an unsuspecting person connecting to the Net via public WiFi.
The Risks
By far, the biggest risk of connecting to public WiFi is that hackers can position themselves between you and the hotspot (aka Man-In-The-Middle), so all information you send over the this connection can be intercepted by this other party. Confidential emails, online banking credentials, credit card details, etc. is all vulnerable to this type of interception. Literally there could be another party between you and the site you are using, collecting your information for their own use. It’s easier to do than you may think.
Another way they intercept data is by setting up a network connection that you think is the free WiFi of the location you are at, but in fact you are using their connection, so again, they can intercept and see everything you do as you do it. So for example, if you are sitting at the airport, you may see “Airport WiFi” and a stronger signal for “Nashville Airport 1.” Which do you choose? The wrong choice can open your computer up to a criminal and mean financial devastation.
Criminals also use hotspots to distribute malware. There are a couple of ways they pull this off. One is to pop up a message that ‘to use the service’ you have to download a free plug-in. That “free plug-in” is actually malicious software designed to steal information from your system, at the criminal’s leisure. Remember, with many forms of malware, once infected, criminals can access the infected device whenever they want in the future. Another common way is by infecting computers that allow file sharing; the criminal simple sends your computer a file through this open connection.
The Stats
According to a study by Javelin Strategy & Research, there’s a new victim of identity theft every two seconds.
In January, a 7-year-old girl hacked a public WiFi network in under 11 minutes as part of an ethical hacking demo.
“Anything that is programmable is hackable” was proven again in June 2015 by an ethical hacker who began hacking networks at the age of 12.
In 2013 (most current stat I could find) 4.5 million Americans were the victim of phishing—or pharming—attempts, meaning payment details were stolen from hacked computers, smartphones, or website users.
Literally, hacking is child’s play today, but the stakes are significant. According to the Ponemon Institute, data breaches cost U.S. companies $5.4 million per breach on average. That amounts to $188 per stolen record.
And let’s not forget that according to the National Cyber Security Alliance, 60 percent of small firms go out of business within six months of a data breach and 72 percent of cyber attacks happen to companies with fewer than 100 employees.
The Do’s of Public WiFi
When connecting to public WiFi, there are a couple of things you need to do to better secure your personal and business information:
Be Stingy: When hooking up to a hotspot, turn off file sharing. If someone attempts to send you a file when file sharing is turned off, your computer alerts you that someone is attempting to share a file with you vs. simply downloading.
You can do this a couple of different ways. If you’re using a Windows machine, you can turn off file sharing in the Control Panel > Network and Sharing Center > Change Advanced Sharing Settings. Under the Public heading, turn off file and printing sharing.
On a Mac, open System Preferences and navigate to the Sharing icon. Then, unclick the checkbox next to File Sharing to turn it off.
Also, always choose “Public Connection” when your computer asks you what type of internet connection you are using. By selecting Public Connection, your computer goes into a more secure mode than if you select a trusted network source. Good Rule: If you don’t own the connection, always choose Public Connection.
Fierce Firewalls: Admittedly, not all firewalls are equal. Some are much stronger than others. If you frequently connect to public WiFi to perform business functions, I encourage you look into a very strong firewall. Regardless, accessing the net with a firewall is better than nothing, so make sure your firewall is turned on when connecting to hotspots. This helps block a lot of nasties on the net; a recent study found that without strong security and a firewall, your computer will become infected with viruses within 4 minutes of connecting to the internet. That’s not good.
Keeping it Personal: A virtual private network (VPN) is one of the best ways to keep your sessions secure. A VPN encrypts traffic between your computer and the VPN server, which means it's much more difficult for a would-be intruder to see or access your data. Presenting encrypted data means a lot of work for hackers to try and decrypt it. Most likely, they’ll just bypass you and move onto someone else.
If you don't already have a VPN set up through your employer, inexpensive options are available. To research, check out CNET or PCWorld.
Strong security: It’s critical that you install and maintain a strong internet security solution, generally available through robust security suites. And please, do not turn it off or disrupt scanning while connected to hotspots. I know one business owner who did this because it was slowing his computer down and he wanted to finish approving employee payroll through his bank’s website before a flight. His credentials were stolen and the criminals stole a substantial amount of money from his businesses accounts before his return flight even took off.
Turn it off: When you don’t need to access WiFi, turn the option off, or set up your device to ask before connecting. Too many people leave default settings of “connect when WiFi is available,” leaving their device vulnerable to attacks via hotspots they didn’t even intentionally connect to.
Bring your own: Internet connection that is! Private hotspots are just as easy to use as public hotspots, but with tons more security. Be sure to lock it down with a password so others aren’t using your service.
When in doubt: If in doubt about the strength of your computers’ security, avoid doing sensitive things like logging into banking sites, reading or sending sensitive emails, and making purchases on the internet.
Just a few steps can make surfing the web for free more enjoyable, and less threatening to you and your business.
Special thanks to my contributors, challengers, and all around great reviewers: Felecia Hogan, Suzanne Phegley, and Shelia Wolfe. And thank you to the 2015 Fraud and Security Review team for this blog suggestion!
Rayleen M. Pirnie, AAP
Consultant for EPCOR