At this time of year town is packed with Christmas shoppers who, at some point or another, need some light relief from the melee and retire to coffee shops, restaurants and cafes for a breather. Most establishments these days have free WiFi and most of us log on without a second thought. But is it a secure connection?
Types of network
Is public WiFi safe and secure? This Tweet from Merseyside Police provides food for thought and reminds us that it’s a cyber jungle out there. There are two different types of public networks. Secured networks, which require some kind of registration process before you can start using it, and unsecured networks, which just allow you to hop on, sometimes, without even a password. Secured or unsecured, there are a few things to consider before using either as there are inherent risks if you’re not paying attention.
Don’t use public or hotel #Wi-Fi hotspots if you’re doing anything confidential as you can’t assume they’re secure. Keep devices themselves close as they can make attractive targets for thieves #connectedchristmas https://t.co/pvUr39Wk0K pic.twitter.com/LZmIGOuRHe
— Merseyside Police (@MerseyPolice) December 11, 2018
Is the network secure?
We take it for granted that the networks we’re logging on to are secure and our activity will remain private. Business owners are almost obligated these days to provide WiFi for customers but there is a risk that the security provided is a bit ropey. Public WiFi should be encrypted which means that any information sent from your device is ‘scrambled’ to prevent anyone else seeing it should it be intercepted. If a reputable IT company has installed the network then encryption will most likely have been enabled, but there’s no real way of knowing that this is the case.
Tip: Consider setting up a VPN (Virtual Private Network) on your device which will encrypt data passed through to a network connection.
When searching for a network in a coffee shop look out for similar network names. Pop in to Dave’s Brilliant Brews for a winter warmer and logging on to DavesNetwork_01, instead of DavesNetwork1, could mean that you’ve opened yourself up to a malicious hotspot set up by cybercriminals who are now collecting your sensitive data.
Tip: Always ensure that you ask an employee the login details for their secure connection and the name of the network.
Another risk on public networks is the possibility that someone is intercepting your data in something called MitM (Man in the Middle) attacks. Data is sent from your device to a web based application and network vulnerabilities can allow someone to get in between them and read the data being transmitted. Data intercepted could be the websites you visited or even website log in details and credit card information.
Tip: Again a VPN will help minimise the possibility of MitM attacks happening.
Badly maintained devices
Devices need updating. Most updates to laptops and phones include security patches which are intended to keep devices secure from malicious attack. Devices running outdated operating systems are a security risk and system vulnerabilities make it easier for attackers using public networks to install malware which could either access private data or completely disable your device. We all know the threats that can happen but just because we’re not at home doesn’t mean it can’t happen when we’re out and about.
Tip: Keep all devices updated with the latest security patches and invest in some decent anti-malware software.
Other dos and don’ts
Although there is a risk of the above things happening, there are further things we can do to protect ourselves and become more conscious of how we use the internet in public places.
- Don’t access websites that do not have an https:// web address
- Don’t do personal banking or any other business that requires accessing sensitive personal information, including social networking sites.
- Don’t do online shopping or anything that requires you to enter personal information in full.
- Don’t allow your device to auto connect to open public networks – one of them may be bogus or malicious.
- Do use your 4G data allowance if you need to access personal information, use sites that store payment card details or log in to social networking sites.
- Do log out of sites that you have had to log in to.
- Do turn off WiFi on your device if you’re not using it.
- Do remember than any device is a target for ne’er-do-wells.
Although all this seems a bit scary and dramatic, it could, and does, happen. Although it’s rare, we all know someone who has fallen foul of a hacker in some form or another, but we have a responsibility to minimise the chance of it happening to us. With a bit of awareness of how we browse the net when we’re out and about, and with a bit of housekeeping on the devices that we use in spaces with public WiFi, we can all stay safe and secure everywhere we go.