We’ve all probably done it without thinking twice: You go to a coffee shop and get online using the shop’s free public WiFi. Before you connect, a security alert pops up and asks you if you really want to connect to it because the network is an unsecured network. You don’t even skip a beat as you ignore the warning and connect anyway.
That, of course, is exactly what hackers are hoping you will do.
There’s nothing wrong with using the free WiFi hotspots that are cropping up in commercial and public locations all over the world. For the most part, if you protect yourself by following some basic, common sense security tips, your data and personal information will stay safe. Not following these tips, however, is a little like parking a really nice car in a really bad neighborhood and leaving the keys on the front seat and the doors unlocked. Just as you would naturally lock your car doors when parking in a public place, you should lock the entry points of your computer and/or mobile devices when you’re getting online with public WiFi.
Below, you’ll find eight security tips that are critically important but easy to follow. Use these tips when you’re on a public WiFi connection and you can count on being reasonably safe.
1. Always ask an employee for the name of the store’s network.
When you’re in a public place and looking for a network, it’s not uncommon to find several different networks listed. Two or three of these might be unsecured networks that are easy to log into.
For example, let’s imagine that you visit a coffee shop called “Ben’s Beans.” As you open up your Internet browser, you might find one network that says “FREE COFFEE SHOP WIFI” and a second one called “FREE BEANS WIFI.” Which one is the network that actually belongs to Ben’s Beans? Your first instinct might be that the “Beans WiFi” is the correct network. Your second instinct might be that both of them belong to the coffee shop. However, what are the consequences of guessing wrong?
One strategy that hackers use to access user data is to set up what’s called an ad-hoc network that looks like a free public WiFi network. Instead of connecting to the coffee shop’s router, however, what the unsuspecting coffee customer is actually connecting to is the hacker’s Internet connection. By connecting to this ad-hoc or peer-to-peer network, the hacker is able to intercept any Internet traffic that’s not sent via a secured site, which is a site that has the “s” at the end of the “http” part of its address.
If you’re simply surfing the Internet, such as looking at sports scores and reading the news, that’s not too bad. If you’re entering credit card information but you’re doing it via an “https” site, that’s also not too bad. However, there might be some sites, such as your personal email account, that you use but which are not encrypted. An eavesdropping hacker could therefore easily gain access to your personal email account. If you make the common password mistake that many people do of using the same password for multiple accounts, or if you store sensitive information such as credit card numbers or login information for other sites in your email account, your private data is suddenly at high risk.
All of these problems can be avoided simply by asking a store employee, “What’s the name of your WiFi network?” The cheery Ben’s Beans barista might then say, “It’s called ‘free Beans WiFi,'” and the next thing you know you’ll be connected to a legitimate Internet source.
2. Turn off any “automatically connect” options on your mobile devices.
To make it easier for those of us who are not as tech-savvy, laptop and mobile device manufacturers have given our devices the option to automatically connect to any WiFi hotspots that the devices detect. The danger of connecting automatically is highlighted by the points made above. If you connect automatically to the wrong network, you could be throwing the doors of your device wide open to a hacker.
3. If you use Chrome or Firefox, get the browser extension called “HTTPS Everywhere.”
HTTPS Everywhere is a plugin for Chrome and Firefox that turns all sites into encrypted sites. The plugin was designed as a collaborative project between The Tor Project, which is an organization dedicated to online privacy, and the Electronic Frontier Foundation (EFF), an organization that has been around since the dawn of the Internet and has been dedicated to keeping access free, safe and unregulated by governments. The extension can be downloaded from CNET’s download.cnet.com site. While libertarian groups like the EFF might be interested in protecting you from the NSA snooping program, HTTPS Everywhere also protects you from commonplace hackers.
4. Turn on your firewall.
Firewalls come preinstalled on most laptop computers, but many of us have them disabled because, at some point in the past, they caused us connectivity problems. While it might be ok to turn off your firewall if you’re connected to a secure network in a place that you know and trust quite well, such as your home or your office, it’s wise to turn the firewall back on when you’re using a public WiFi hotspot.
Firewalls provide what’s called inbound and outbound protection. By providing inbound protection, firewalls stop hackers from installing malicious software on your computer that could compromise your security, such as a keylogger application. A keylogger is a program that logs all of your keystrokes. Cyber criminals are most interested in using keyloggers to record your passwords, credit card information and other sensitive information. By providing outbound protection, the firewall stops files or information from being sent across a network without your consent. For example, imagine that a hacker already installed a keylogger onto your machine without your knowledge. The hacker would also set up the keylogger to send him or her all the keystrokes it recorded at set intervals of time. The firewall’s outbound protection would stop that information from being sent to the hacker.
5. Get smart about passwords.
As already mentioned, one of the main ways hackers compromise our security is by using keylogger software. In 2011 and 2012 alone, the following businesses and organizations all fell victim to malicious keylogger attacks: Lockheed-Martin, Sony, LinkedIn, American military drone planes, the Iranian nuclear program and Oakridge Nuclear Weapons Lab. If these “big name” organizations can be hit by keylogger attacks, individuals on personal mobile devices are certainly at risk.
One of the most sensitive pieces of data that a keylogger can record is a password. However, a keylogger onlyrecords keystrokes. A password that you copy-and-paste or a password that includes a two-step identification process cannot be recorded by a keylogger. In the case of copying and pasting a password, the only thing the keylogger would record and report back to its owner would be “Ctrl C” and “Ctrl V.”
Therefore, when you’re using public WiFi, avoid typing in your passwords, just in case a keylogger is watching you. How do you avoid typing in passwords? Use a password storage site like PassPack.com or LastPass.com. Instead of typing in your password, you can use the two-step identification process on these sites’ secure servers, copy the passwords you have stored and paste them into the password field of the site you’re logging into.
Furthermore, follow basic password common sense. Don’t use the same password everywhere; make passwords long and complex; use password generators, such as StrongPasswordGenerator.org; don’t include obvious information in your password, such as the names of your children or birthdates; and change your passwords on a regular basis. If you don’t follow these basic password rules, all it will take is one successful public WiFi attack to compromise all your secure data.
6. Turn off file sharing.
In case you follow all the steps above but a hacker is still able to infiltrate your computer due to an unsecured or poorly secured network, take the extra step of protecting your data by turning off any file sharing features on your computer. File sharing is great for home networks when you want to be able to share certain files between machines at home; in public places, file sharing isn’t so great. Turning off file sharing is especially important if you keep any kind of personal or private data stored on your computer, such as credit card numbers or social security numbers.
7. Use your phone instead of the WiFi network.
Much more secure than a public WiFi network is your 3G or 4G phone connection. As long as you’re not about to go over your monthly data allowance, getting online via your phone is a better option than connecting via WiFi when you’re in a public place.
Another way to use your phone to protect yourself when getting online in a public place is to turn it into your own hotspot. Whether you can do this or not will depend upon your phone and your phone plan. If you travel frequently and can afford to do so, using your phone as a hotspot is convenient and more secure than using public WiFi.
8. Use a virtual private network (VPN).
In a nutshell, a virtual private network, or VPN, behaves like a local area network, or LAN, without being local. When you connect to a VPN, it’s as if you’re connecting to your own private home network or office network, but you connect to the VPN through the Internet. That’s the “virtual” part of this private network.
Without delving into the technical details of a VPN, there are lots of advantages to using a virtual private network that don’t have anything to do with Internet security. For starters, subscribing to a VPN means that you’ll have a high-quality connection wherever you can get online. From a security point of view, however, the advantage of a VPN is that all the data traveling across the network is secure and encrypted. A VPN is close to fool-proof when it comes to securing your data while using WiFi in a public place. Of course, you should still take other precautions like the ones mentioned above, but VPNs are far more secure than a regular, open WiFi network.
Conclusion: Don’t Put Yourself Unnecessarily at Risk
By choosing to ignore some or all of the eight points mentioned above, you’re also choosing to make your private and personal data far more available to cyber criminals. Remember, having your identity stolen or dealing with credit card or bank fraud is a little like a bad car crash: None of us really think it could happen to us until it does. Just as you hopefully wouldn’t drive on the regular highway without your safety belt on, hopefully you won’t choose to drive on the information superhighway without first making sure that you’re safe.
Don’t think it can’t happen. People can and do have important personal data stolen everyday online. Sometimes they’re aware that it’s happened right away; sometimes they don’t find out until their credit has been damaged nearly beyond repair. Your data is even more vulnerable when you’re using public WiFi. Therefore, to make yourself safe, be sure to follow at least some of the eight ideas for securing your data on public WiFi networks listed above.How to Protect Yourself On Public WiFi by chase