But it’s free Wi-Fi I hear you say, no passcode required! What do you mean there’s hidden costs? Throwback to 2015 and Symantec’s Cybersecurity Insight Report revealed that 69 percent – 7/10 – Singapore consumers are less cautious of using public toilets than they are free Wi-Fi! Given the state of disrepair of some public toilets that I’ve seen, that’s quite the statement!
The hidden cost of free Wi-Fi lies with us. Our trust and assumptions that our personal details and credit information is secure when using free, public Wi-Fi. The reality is there are people out there who prey on public Wi-Fi users looking to steal your information for their own personal gain.
TL;DR – the biggest risk of free Wi-Fi is that you can’t 100% trust the source you’re connecting to. Just because it says “O2 Wi-Fi”, “_The Cloud” or “Starbucks” doesn’t mean it is. A bad guy pretending to be a legitimate source of free internet allows them the ability to position ‘nicely’ between your device and the internet and relay traffic to you as if nothing’s wrong.
Why is this advantageous to them? Hackers disguised as legitimate internet sources but acting as a middle man can intercept your data, steal your passwords, your credit card details – or worse – login information to your business network!
Protect yourself by being cautious. Use a VPN connection, enable two-factor authentication on accounts where you can and make sure you’re accessing websites using HTTPS.
How to protect from the threat
Prevention is far better than cure, know first how to mitigate the threat to make sure you’re not the easy target the bad guys are looking for!
Don’t use plain HTTP websites
Encryption secures internet traffic when you connect to websites using HTTPS instead of HTTP. If you’re logging into websites using http://… then your passwords are vulnerable to being discovered and used without your permission or knowledge.
Two-Factor authentication can help to prevent unauthorised access to your accounts and keep the bad guys out, but still, they now know one of your email and password combinations. Can you safely say all your other accounts use separate passwords and have two-factor authentication on?
Use a Virtual Private Network (VPN)
VPNs are a way of encrypting the traffic you send over the internet and this technique must be adopted when connecting in remotely to your business network, particularly from free Wi-Fi. Why? VPNs encrypt traffic using leading algorithms to keep the data being passed to and from you secure. Hackers are looking for easy targets, and decrypting encrypted traffic isn’t an easy option.
IT departments make VPN use easier for business devices because they take care of the technical work. Home users can easily rent VPN space though, but should make sure the server location is as geographically close to them as possible for best possible internet speeds.
Be careful of what you share
Windows users will be familiar with the dialogue window below. It can seem like an inconvenience overtime you connect to a new network, but don’t go autopilot! When connecting to the glorious free Wi-Fi you’ve worked so hard to find make sure you choose the location wisely.
The network descriptions are very much self-explanatory. The highlighted public network option in the image above is the one you must choose when connecting to free Wi-Fi.
Mac users can control what they share from within System Preferences by clicking on the “Sharing” folder. It’s the icon on the far right of the third-row down in the window. Toggle the sharing options on/off that work for you and your needs. A word of advice, beware turning on file sharing can open up access to anything in your Public folder!
Only browse sites you absolutely need to
Hackers can easily steer websites to pages where you input information that they can see the data from, even if you’re on a legitimate website. Lack of concentration and distractions can lead you to innocently fill out the form not realising they’re extracting your sensitive details. Last year The Mirror penned an article about how ethical hacker Rob Shapland managed – within 20 minutes – to eavesdrop on their investigator using her Facebook page, booking a flight to Paris – and frighteningly – checking her bank balance with Barclays!
Be vigilant and aware. Try to resist logging into the bank, making purchases and doing other sensitive tasks online using free Wi-Fi.
Mobilise your mobile security
SSL warnings can be quite innocent, but also a dead giveaway that something is wrong. How many times have you connected to a Wi-Fi hotspot and hit “Continue” when greeted with an SSL certificate warning? If you’ve had the misfortune of joining a malicious free Wi-Fi hotspot, and continue beyond the warning, you’ve made a hacker’s job so much easier. If a hacker has created a bogus SSL certificate that you approve, they have the key to decrypt your traffic.
Vigilance should cascade down through all your devices from laptop, to tablet to smartphone. Don’t assume it’s only laptops that are susceptible to the dangers of public Wi-Fi. Trust your gut, if something doesn’t feel right then stick with that and err on the side of caution. After all, when it comes to your privacy – you’re better safe than sorry!