When it comes to personal cybersecurity, most people have at least a vague idea of best practices. They don’t share passwords, they use passcodes on their phone, and don’t leave their computer open and unlocked in the coffee shop.
Unfortunately, that only covers a small part of the cybersecurity risks they face on a daily basis. And when it comes to safety vs. convenience, convenience usually wins out. For instance:
- Do you use insecure public Wi-Fi when you go out? Do you log into accounts or enter in payment information while on these networks?
- Do you send sensitive data such as social security numbers or credit card details over unsecured email or instant message?
For the average user, the answer to most of these questions is a resounding yes. Of course we do these things – we have to follow up on that work email, don’t we? We have to check our social media pages, we have to log in to our bank account because it’s 8PM on the first of the month and we have to transfer money for rent.
But public Wi-Fi is not the place to do it. There are too many attacks, too many ways of infiltrating the network and accessing your private information for it to be worth taking the risk.
When you connect to Wi-Fi and start browsing, you’ve taken your self-contained computer system and opened up a channel to access the Internet. And it’s that channel that attackers use as an attack vector to gain access and steal your information.
Snooping and Sniffing
Unfortunately, eavesdropping on Wi-Fi is not as difficult as you might think. Criminals can use special software and hardware to intercept these signals, giving them access everything you do online. This includes the webpages you’re visiting and information you’re typing in such as passwords. If the sites you visit use HTTP instead of HTTPS, then properly-equipped criminals can see everything you do.
The most common threat to those browsing on public Wi-Fi is called a man-in-the-middle attack, which is a more active version of sniffing. As you send a receive data from the website you’re on, an attacker intercepts that information to read it or even modify it without you or the website detecting the eavesdropping. As a result, any banking information, passwords or other sensitive data is compromised.
When you connect to public Wi-Fi, you’re trusting that the network you’ve joined is the one that belongs to the business. But cybercriminals can also set up their own hotspot and trick users into connecting to it. If you’re in Starbucks and the legitimate network name is “Starbucks Wi-Fi”, then the attacker may set up “Starbucks Wi-Fi 5G” in order to entice people to join. In addition to spying on your data, criminals can push innocent-looking software updates that are actually malware.
We have to make safe security a habit – a natural part of our lifestyle as regular as putting on a seatbelt or washing our hands before leaving the bathroom. With simple changes, we can dramatically reduce the number of people suffering from this danger.
Steps to protect your browsing in public include:
- Never connect to public Wi-Fi that doesn’t have a password
- Turn off automatic Wi-Fi connectivity on your phone so that it doesn’t connect to every open hotspot
- Only visit sites that use HTTPS
- Use a Virtual Private Network (VPN) to ensure that your Wi-Fi connections are truly private
- Never enter sensitive information such as banking information, important passwords or social security numbers on public Wi-Fi
Attacks over public Wi-Fi are not rare; these don’t just happen to “other people.” But it’s not that hard to avoid becoming a victim if you’re willing to sacrifice just a little convenience and reduce your reliance on this common attack vector.
[This post was originally published on Switchfast.com]