Cybersecurity Awareness Month isn’t over yet! Here are five public Wi-Fi tips that can help protect you – if you must use one.
As discussed by ZDNet (Connecting to public Wi-Fi: Here’s how to protect your data and your device, written by Danny Palmer, hat tip to Sharon Nelson’s excellent Ride the Lightning blog for the original coverage), people are traveling for work again, which means they’re out in public again. When you do this, it’s likely that the public space you’re in will have free Wi-Fi available for anyone to use.
But while useful, the nature of public Wi-Fi networks means they’re open for anybody to use – and data being transferred isn’t as secure as it would be on your home or corporate network.
Your login names, passwords, bank details and other personal information could all be at risk if you’re not careful using public Wi-Fi – either because the network itself is insecure, or a malicious hacker has set themselves up on the same network and is directing data entered by others through channels they can see.
So, here are five public Wi-Fi tips, if you must use one:
- Think about what you’re connecting to: Just because a Wi-Fi network at the airport says “Free Airport Wi-Fi” doesn’t mean it’s a Wi-Fi network provided by the airport. With the right tools, someone running a fake network might be able to see what information is being entered, which could lead to the data being stolen. That’s why it’s important to verify that the network is legitimate.
- Be mindful of the websites you visit and the data you enter: Some networks will also require you to set up a password to use the Wi-Fi. If this is the case, don’t use the same password you use for any other account – particularly if that password is tied to your email address. You should also be mindful of what data you’re sharing on public Wi-Fi networks and you should avoid using it if you need to do anything that involves sharing sensitive information, such as usernames, passwords, and bank details.
- Forget the network when you stop using it: When you’ve connected to a network or a network provider previously, your device might reconnect to it automatically. It might be easy to forget this, and you might take it for granted that the network is safe – but it isn’t outside the realms of possibility that something has changed between visits. To help stay safe, you should set your device to forget previously used networks – or at least tell it not to reconnect to them automatically.
- Consider using a VPN: Sometimes using Wi-Fi on a public network can’t be avoided. But even if you’re certain that the network is legitimate and safe to use, there’s still an additional step you can take to help keep your information secure – using a virtual private network (VPN). VPNs provide two key services to keep your information private and secure – they encrypt your data and they can also disguise your IP address, hiding where you’re geographically located.
- Don’t connect at all and tether from your smartphone instead: There’s an alternative to connecting to public Wi-Fi: using the mobile data of your smartphone. If you choose to connect by using tethering, ensure the connection is secured with a complex password, so nobody else can gain access to it.
That last tip is my favorite – I always connect using my mobile hot spot if I can. And you can in most public places unless cell reception is poor.
So, what do you think of these five public Wi-Fi tips? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the authors and speakers themselves, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.
Excellent share. A few points:
1. You are absolutely right about Wi-Fi network tagging. “Free Airport Wi-Fi” doesn’t mean it’s a Wi-Fi network provided by the airport. A few years ago we wrote about a Chinese cyber team in Washington, DC that positioned itself on K Street where it knew law firm associates from a well-known law firm frequented a Starbucks and a restaurant. They hacked their wi-fi networks. You still saw “Starbucks wi-fi” and “Resto wi-fi” but it was the Chinese. One of the associates was sending documents to his office printer and the Chinese followed him right into the law firm network. At one of the Georgetown Law school cyber institutes that year a military intel officer covered the whole story.
And that’s another reason never to use the hotel wi-fi at those legaltech conferences. So easily hacked as we showed a few vendors last time we attended.
2. VPN. Tricky stuff. VPN services can be hacked, but it’s extremely difficult to do so. Most premium VPNs use OpenVPN or WireGuard protocols in combination with AES or ChaCha encryption – a combination almost impossible to decrypt using brute force attacks. Using a VPN doesn’t prevent you being hacked entirely, but it reduces the risk significantly. VPNs create a “tunnel” – you download VPN software to your device, connect to a VPN server, and then go through a connection protocol to safely connect your device to the server, and an encryption cipher to encrypt the data traveling to it.
There is lots of software out there that can compromise your data at some point during this process. This might involve attempting to decrypt the data using a brute force attack, or capturing data sent outside the VPN tunnel, or compromising the VPN server itself.
I do not have enough space here to go through the “how they do it” but some advice. Do your research. Reduce the risk of getting hacked by choosing a no-logs VPN with AES-256 encryption, OpenVPN support, and a history of third-party security audits.
3. Your last tip is the best – connect using your mobile hot spot if I can. But again: do your homework. Most new mobile portable hotspots come with some security turned on by default. Usually, the manufacturer enables WPA-PSK encryption and places a sticker on the unit with the default SSID and network key that was set at the factory. But the main problem with most default portable hotspot security setups is that sometimes the default encryption strength may be set to either an outdated encryption standard, such as WEP, or it might not have the most secure form of encryption enabled, even though it is available as a configuration choice. Some manufacturers opt not to enable the latest and strongest security standard in an attempt to balance security with compatibility for older devices that might not support the latest encryption standards.
So, make sure you have enabled WPA2 as the encryption type on your mobile hotspot. It is the most secure of the available choices for most mobile hotspot providers.
And another security measure: change the default SSID – the wireless hotspot’s network name – to something random, avoiding dictionary words.
Great additional tips, Eric! Thanks as always.