Public Wireless Internet (Wi-Fi) hotspots have become an expected convenience at most coffee shops, bookstores, airports, and numerous other public locations across the city. Consumers perceive benefit in these locations because Wi-Fi enables them to stay connected to social media, emails, and the internet while on-the-go. More importantly, most of these hotspots are free. Who doesn't like a "freebie"?
But, is connecting to public hotspots really free? Most people often access hotspots without a second thought; but there are dangers in using public internet connections that are frequently overlooked.
These dangers put your personal information and digital identity at risk. Data is easily intercepted when using an open connection, and without a security and anti-malware product installed the risks are even greater.
Cybercriminals use technology to spy on open networks and intercept data interchanges. A hacker can be anyone with a Wi-Fi enabled computer. What is more alarming is the ease with which hackers can download free software to track your online activity and the availability of such software.
Some common tactics employed by cybercriminals via public Wi-Fi include:
- Man-in-the-middle attacks: A hacker injects themselves between two communicators and intercepts or modifies the data transfer
- Create fake Wi-Fi networks: An access point set-up by a hacker may appear legitimate with a name very similar to an authentic one to mislead unsuspecting users
- Packet sniffing: Using readily available tools, a hacker can sniff unencrypted traffic on the network and access confidential
Recommendations to consider for protecting your personal information involve:
- Practice caution at all times when using a public hotspot and treat all potential connections with suspicion
- Confirm the Wi-Fi network identity with employees of the establishment
- Ensure an effective anti-malware and security product is on every device, including your mobile device, and that it is up-to-date
- Begin URLs with HTTPS:// (Hypertext Transfer Protocol Secure) rather than just HTTP:// to encode data interchanged between client and browser
- When visiting banking sites, ensure a padlock icon (indicates target site is authenticated through public key encryption) appears in URL
- Avoid sharing sensitive material (corporate data, banking information, passwords, etc.) over public Internet connections
- When unavoidable, use a cellphone with a private data connection for sensitive transactions (e.g. online shopping, banking, etc.)
- Erase cookies and browsing history after using a public internet connection, or use incognito mode, if available, within your browser
- Use a variety of passwords for different profiles and make them complex in nature
- Change your passwords often, and especially after using a public Wi-Fi connection
In the event your mobile device is hacked or you suspect it has been compromised, consult a security professional. You may need to delete the data and applications on your system or restore your device to factory settings.
In order to avoid data loss, you should consider backing up your system regularly. Implementing the guidelines above, will help to keep your personal information safe.
About the Author
Daisy is a director with Crowe Horwath Global Risk Consulting. She is responsible for leading technology oriented business risk control reviews and managing internal audit outsourcing projects for clients. Daisy also has significant experience in assisting her clients in adopting the COBIT framework and meeting internal controls certification requirements.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.