In today’s busy world, convenience seems to outweigh consequence, especially with how people login to public wifi with their mobile devices.
Using free public WiFi networks, for example, comes with any number of serious security risks, yet surveys show that the overwhelming majority of Americans do it anyway. In a study by privatewifi.com, a whopping three-quarters of people admitted to connecting to their personal email while on public WiFi.
It isn’t hard to see that a few moments of online convenience are far outweighed by your money or financial information being stolen, or by suffering the embarrassment of your personal information being publicly released. According to a recent opinion poll, more people are leery of public Wi-Fi networks than of public toilet seats (a promising sign). But an interesting experiment, conducted at the 2016 Republican and Democratic National Conventions, showed attendees’ true colors. At each convention, private entities provided visitors with free public Wi-Fi networks (for social science purposes). Around 70% of people connected to the nonsecure Wi-Fi networks at both conferences.
Security consultants often find that sex can be an attention-grabbing metaphor to get a client’s attention. When we lecture business people about cybersecurity, we compare the dangers of using public WiFi to the risks of having unprotected sex. In both cases, not taking the necessary precautions can lead to lasting harm. For mobile devices, the harm is digital: the theft of your personal data, such as passwords, financial information, or private pictures or videos. You’re rolling the dice every time you log on to a free network in a coffee shop, hotel lobby, or airport lounge.
Think the problem is being exaggerated, or that cyber theft only happens to large corporations? Consider that over half of the adults in the U.S. have their personal information exposed to hackers each year. Furthermore, Verizon’s annual Data Breach Investigation Report has found that 89% of all cyber attacks involve financial or espionage motives.
There are dozens of online tutorials showing hackers how to compromise public Wi-Fi, some of them with millions of views. The most common method of attack is known as “Man in the Middle.” In this simple technique, traffic is intercepted between a user’s device and the destination by making the victim’s device think the hacker’s machine is the access point to the internet. A similar, albeit more sinister, method is called the “Evil Twin.” Here’s how it works: You log on to the free Wi-Fi in your hotel room, thinking you’re joining the hotel’s network. But somewhere nearby, a hacker is boosting a stronger Wi-Fi signal off of their laptop, tricking you into using it by labeling it with the hotel’s name. Trying to save a few bucks, and recognizing the name of the hotel, you innocently connect to the hacker’s network. As you surf the web or do your online banking, all your activity is being monitored by this stranger.
Still not convinced of the risks?
Here’s a story that should worry business travelers in particular. In 2014 experts from Kaspersky Lab uncovered a very sophisticated hacking campaign called “Dark Hotel.” Operating for more than seven years and believed to be a sophisticated economic espionage campaign by an unknown country, Dark Hotel targeted CEOs, government agencies, U.S. executives, NGOs, and other high-value targets while they were in Asia. When executives connected to their luxury hotel’s Public WiFi network and downloaded what they believed were regular software updates, their devices were infected with malware. This malware could sit inactive and undetected for several months before being remotely accessed to obtain sensitive information on the device.
What is the best way to protect yourself against these kinds of Wi-Fi threats?
Although antivirus protection and firewalls are essential methods of cyber defense, they are useless against hackers on unsecured Wi-Fi networks. Consider the following seven security tips to keep prying eyes out of your devices:
- Don’t use public Wi-Fi to shop online, log in to your financial institution, or access other sensitive sites — ever
- Use a Virtual Private Network, or VPN, to create a network-within-a-network, keeping everything you do encrypted
- Implement two-factor authentication when logging into sensitive sites, so even if malicious individuals have the passwords to your bank, social media, or email, they won’t be able to log in
- Only visit websites with HTTPS encryption when in public places, as opposed to lesser-protected HTTP addresses
- Turn off the automatic Wi-Fi connectivity feature on your phone, so it won’t automatically seek out hotspots
- Monitor your Bluetooth connection when in public places to ensure others are not intercepting your transfer of data
- Buy an unlimited data plan for your device and stop using public Wi-Fi altogether
The more you take your chances with a free network connection, the greater the likelihood that you will suffer some type of security breach. There is a saying in the cybersecurity industry that there are three types of people in the world: those who have been hacked, those who will be hacked, and those who are being hacked right now and just don’t know it yet. The better you protect yourself, the greater your chances of minimizing the potential damage. Remember: Falling victim to public Wi-Fi’s dangers is a question of when, not if.
Article original posted on: https://hbr.org/2017/05/why-you-really-need-to-stop-using-public-wi-fi.