On one of our recent podcasts, we touched on why you shouldn’t put unknown USB sticks into your computer (even the free ones given out a trade shows should be approached with caution)! This got us thinking about the ways in which people leave their technology open to vulnerabilities every day. Public WiFi is a resource that many people do not consider to be as unsafe as it is so we thought we'd go through some of the ways you can protect your data...
Be Wary of Public WiFi
When you’re out and about, public WiFi can be a life saver (especially if you’ve ran out of mobile internet on your device). However, it should be approached with caution; even the most reputable places are extremely vulnerable to unscrupulous activity on their public networks. Here are some things to consider before you tap “connect” on that public access point.
Misleading Access Point Names
When you’re sitting in a coffee shop and you scan for WiFi access points, you usually get a list of different points all with different names. It is very easy for someone to set up an access point with the name “STARBUCKS WiFi” or something similar. It is then very difficult to be able to differentiate between the fake access point and the actual coffee shop’s without asking an employee. Once you are connected to a malicious access point, the person that set it up can view your traffic and use it to extract personal information which could be used to access your accounts.
Using shared or public connections leaves your data vulnerable, as others are able to read the data you send using a packet analyser. This means that usernames and passwords as well as the sites you are visiting can be looked at. End to end encryption can prevent this information being leaked, but if you visit websites without encryption, all it takes is a simple decoding exercise for an attacker to reveal the data. From there, if you are using the same passwords for multiple sites, the attacker can see which sites you have visited and try the passwords that they have stolen.
This type of attack involves intercepting your communications and modifying them. When using a public WiFi hotspot, an attacker could create imitation versions of website that you are visiting and direct you to them. You may think you are visiting Amazon, but you are actually visiting a site that looks identical to it. When you enter your log in credentials they are sent to the attacker who then is able to use your details to log in themselves. If you have the same password for each of your accounts on every website, an attacker now has access to them all.
How to Stay Secure
It’s impractical to stop using public WiFi altogether, but we would always suggest looking for alternatives first. If you do need to use it, be vigilant. Check with someone that works at the establishment that you have the correct access point, and if you are using the WiFi with a work laptop or device, try to use Virtual Private Networks (VPN) where possible. A VPN allows you to access your business’s network when you are out of the office, with the benefit in this instance being that all data being transferred is encrypted. More information on VPNs can be found here.
Get a password manager too. Password managers are used to store your log in details for every website you use and help you log in to them automatically. The database is then encrypted and can only be opened with a master password. This is the only password you need to remember in order to access all of your online accounts. Listen to our podcast on passwords and encryption to find out more on how to ensure your online data is thoroughly protected.