Staying safe when using Public WiFiPW Data Group
Are you safe when using Public WiFi?
Public WiFi infrastructure is growing rapidly. With so much focus on getting ourselves connected, have we actually stopped to consider how secure these connections actually are? It’s worth doing your homework in order to verify a network that’s open or not familiar to you when accessing public WiFi hotspots.
It’s pretty easy for someone who wants to intercept your data to set up a network called “Free WiFi” or any other variation that includes a nearby venue name, to make you think it’s a legitimate source. We are so accustomed to the convenience that public WiFi provides we sometimes don’t give it a second thought as to whether it’s legitimate or not.
We also seem to be quite happy to send our personal details to an unknown supplier or hotel offering these services just so we can get online and, if you’re lucky we may have only just skimmed the provider’s terms and conditions. There are over 300 000 videos on Youtube alone that explain how to intercept and hack WiFi users – more than enough reason to be more vigilant.
What are the risks from unprotected Public WiFi?
WiFi password cracking – wireless access points that still use older security protocols make for easy targets because these passwords are notoriously easy to crack.
Interception – without encryption, WiFi users run the risk of having their private communications intercepted.
Rogue hotspots – cyber criminals can set up a spoof access point near your hotspot with a matching SSID that invites unsuspecting customers to log in.
Planting Malware – there are common hacking toolkits to scan a WiFi network for vulnerabilities and customers who join an insecure wireless network are vulnerable to a malware attack.
Data theft – joining an insecure public WiFi network puts users at risk of loosing documents that may contain sensitive information. In retail environments where payment details are readily available there is an even greater risk of attackers targeting users for this information.
Mobile attacks – pre-infected client risks, such as Android’s Stagefright, can spread from guest to guest leaving victims unaware of the threat
Tips to staying safe on a Public WiFi
Check the authenticity
Always ask the owner of the WiFi hotspot for the correct network name and password.
Be wary if there is no WPA or WPA2 password (for WiFi protected access) as this will mean the connection is unencrypted. Pay close attention to potentially spoofed hotspots that bear close resemblance to the official name.
You should ensure that the web pages you visit are https encrypted where possible. You can check this by looking for https at the start of the URL address bar, or for the security padlock sign. This indicates that the website, and that particular page, has a valid digital certificate and up-to-date SSL/TLS encryption, thus making attacks much less likely.
If there is no encryption, log out – especially if you’re doing something sensitive like online banking. You should also pay close attention to mobile sites, as there’s no guarantee they will be https encrypted.
Update software on a regular basis – this is an essential security practice, especially when it comes to WiFi.
You should keep your web browser, software and antivirus solution up-to-date to fix bugs, while an up-to-date antivirus engine will scan, detect and remove the latest threats.
Avoid accessing sensitive information
By and large, public WiFi networks should not be used to access email, online banking and credit card accounts, or any other sensitive data for that matter. Your best bet is doing that from home, where hopefully your internet service provider router is both password-and firewall-protected.
Make sure your laptop, tablet or smartphone are set to manually select a WiFi network, rather than having it automatically connect. Also, turn off sharing and WiFi capabilities when the wireless is not in use, as this cuts down possible avenues for cybercriminals to exploit.
You should also remember to tell your phone or tablet to ‘forget’ certain networks if they are no longer in use or required, as this could mean your device will automatically reconnect when back in range.
Logout when finished
Don’t stay permanently signed in to your personal accounts when accessing public WiFi hotspots as you may leave yourself exposed. For further security, log out from each website after each session
Turn off WiFi if not in use
If you want to guarantee your security and you’re not actively using the internet, simply turn off your WiFi. This is extremely easy and will go a long way in protecting you from cybercriminals – the longer you stay connected, the longer people have to notice you’re there and they will start snooping around.
Ofcom forecasts that IoT connections across 12 industry sectors in the UK will grow to more than 150 million by 2024. There are a lot of opportunities here for cyber crime, can you afford to not be mindful about how you navigate the web?