Have you ever used a public Wi-Fi signal here in Bakersfield? If you live here, it’s highly likely and it’s even more likely you’ve tapped into a free signal during your travels. We are a culture on the move and we are becoming more and more mobile every day. Whether you’re at a coffee shop, 32,000 feet in the air over the Pacific Ocean or even simply within some cities jurisdictions, you have Wi Fi options to tap into. As of 2017, there were 9 billion mobile devices in use globally and over 300 million Wi-Fi hotspots with an anticipated 432.5 million hotspots by 2020. Wi-Fi is such an integrated part of society, it even has an official day of recognition each year – June 20th.
With the availability of public Wi-Fi, more than 43% of all workers in the United States were able to take advantage of working remotely from their office and while some may have their own private Wi-Fi hotspots, many rely on the public access.
With all of the positive benefits a connected society has, there leaves as much opportunity for criminals to exploit the system. Public hotspots leave a very open avenue into your digital fingerprint. Bank accounts, credit card numbers, passwords, and so much more. In 2017, there were over 143 million hacks reported in the United States alone from Wi-Fi entries.
Here are some of our biggest threats when it comes to using these hotspots:
This is one of the easier attacks and can be the beginning of a very damaging effort. On public Wi-Fi, tools such as packet analyzers and LAN keylogger software can give someone sitting nearby everything they need to act as you or your employee. In some cases the software can monitor the screen activity of each computer on the network. All of this unknown to the victim
Thanks to software vulnerabilities, malicious code can be injected into any device on the network. This opens up a world of opportunity for a hacker. Malware can be used to continuously feed information to someone outside your organization. The malware can also be used to activate the microphones on laptops and mobile devices for eavesdropping. The installation of malware is the most dangerous risk. This is because your employee could have compromised your network a long time ago and you wouldn’t know because they access from various locations all the time. So any behavior may not be immediately detectable while using their credentials. The depth of compromise is entirely dependent on the creativity of the hacker.
These are common especially for people who do not visit sites with https. A man-in-the-middle attack occurs when a hacker interceptions your communications. So before you data reaches its intended audience, it goes through the hacker first. This can also apply to passwords and usernames. The man-in-the-middle method is commonly used for eavesdropping and intercepting file or financial transfers.
Encryption means that the information that is sent between your computer and the wireless router are in the form of a “secret code,” so that it cannot be read by anyone who doesn’t have the key to decipher the code. Most routers are shipped from the factory with encryption turned off by default, and it must be turned on when the network is set up. If an IT professional sets up the network, then chances are good that encryption has been enabled. However, there is no surefire way to tell if this has happened.
With the vulnerability public Wi-Fi leaves us open to, how can anyone consider tapping into it? The good news is that all hotspots are NOT created equally and there are a lot of things you can do to protect yourself.
ALWAYS confirm the network name. Bumming Wi-Fi at a local coffee shop? Looking for a network in a hotel lobby? Wherever you are, never assume you know the network name. Some hackers create free Wi-Fi spots that don’t require passwords, making it easy to access your information due to lack of encryption security. To be sure, verify with an employee or triple check the spelling if it’s printed out before connecting.
Use HTTPS when browsing the web. Hypertext Transfer Protocol Secure is the secure version of the HTTP you usually use when visiting a URL. Adding that simple ‘S’ at the end encrypts everything between your browser and the sites you visit, keeping information like banking passwords and credit card numbers safe and sound.
Use encrypted storage security. Storing your important files in encrypted storage means they’re password protected and as safe as the money in a bank vault. You can find a range of encryption options, from free downloads to software for purchase that offers more security features. This will ensure that even if hackers do gain access to your computer via an open network, they will not be able to enter your protected vault of files. Think of it like a locked treasure chest within your system, and you’re the only one with the map and the key.
A VPN (Virtual Private Network) is simply a group of networks that secure and encrypt communication, and can be connected to remotely. Businesses use this often to connect individuals to network resources, but you can use it to secure your public Internet connection and to protect any data you’re sending and receiving. However you choose to use your VPN, make sure you choose a service that offers protocols on connectivity, server location, and offers features that meet your needs.
Make a turn-off checklist and follow it. When you’re planning to visit a location where you know you’ll be using a public network, turn off automatic connection to Wi-Fi on your device. This guarantees you’ll never accidentally join a fake network created to steal your data. Also remember to turn off Wi-Fi when you’re done browsing, always ensuring that you are in control of what, when, and how you connect.
Finally, make it a habit to turn off sharing. You never know who’s roaming around trying to covertly access your information. If you have sharing enabled on your device and forget to turn it off, you’re basically waving a flag to potential cybercriminals and saying, here’s an easy target! And never, ever save passwords. It’s convenient but it makes it even easier for any potential threats to access your electronic information.