How to Protect Yourself on Public WiFi Networks
Once a luxury item, free public WiFi has morphed into a standard service that consumers expect when patronizing everything from restaurants and retail stores to airports and hotels. Free WiFi users aren’t just checking Facebook or posting vacation photos to Instagram, either; all of us have sat down on a train or in a coffee shop and seen business people tapping away on their laptops, taking advantage of public WiFi to work on the go.
However, public WiFi networks open users up to numerous cyber attacks, especially if the network is unsecured. These include:
- Phony rogue networks set up specifically by cyber criminals. These networks often have innocent-sounding names such as “Customer Public WiFi” and are unsecured.
- Man-in-the-middle attacks where hackers commandeer a public WiFi network and redirect users, often to a phony login site where their credentials are stolen.
- Wireless sniffer tools that locate unsecured public WiFi networks, analyze their packets, and steal data, monitor network activity, or gather intel for use in a future attack against the enterprise’s network.
- Having your device infected by a worm on another user’s device that travels through the public WiFi network.
Hacking public WiFi networks is so easy and lucrative that cyber criminals step up their game during major events where they know large crowds will gather and connect to public networks. In February, US-CERT issued a press release warning travelers about expected cyber attacks at the 2018 Olympic Games in Pyeongchang.
Staying Safe on Public WiFi
The best way to prevent an attack on a public WiFi network is to never connect to one in the first place, even if it is “secured.” The WPA/WPA2 WiFi standard currently in use has multiple security flaws, and the new, far more secure WPA3 won’t start rolling out until later this year, when devices supporting it are scheduled to be released. Instead of using a public WiFi network, tether your laptop to your mobile phone or use one of your mobile carrier’s hotspots. If you travel a lot, it may be worth investing in an unlimited mobile data plan.
What if using mobile tethering or hotspot is not an option, your work just won’t wait, and public WiFi is the only realistic option? Protect yourself using these best practices:
Use a Virtual Private Network (VPN)
VPNs allow users to connect to servers through secure connections. While many free or ultra-low-cost VPN services are available, they may not be trustworthy; it’s better to pay for the peace of mind. Employers should provide their employees with VPN access to protect their company’s data when their employees are working in the field.
Use Secure Connections
Configure your browser to default to the “always use HTTPS” option on websites you use frequently, especially those that require login credentials.
Don’t Access Anything Sensitive
Do not check your bank account or credit cards, go shopping, or access any other sites that would expose sensitive personal information.
Turn Off Automatic Connectivity
Change the settings on your devices so that they do not automatically connect when they sense an open WiFi network; you could end up connected to a phony rogue network.
Even if you’re not stuck using a public WiFi network, never leave your electronic devices unattended while in a public place, and make sure to turn off Bluetooth and file sharing capabilities. It is highly unlikely you’ll need to use them; all they’ll do is open you up to an attack.
The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting your organization from security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cyber security programs.
Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect its systems and ensure compliance.