Free and low-cost public Wi-Fi is a great value-add when you don’t want to blow the budget on mobile data. But while everyone enjoys the free access at hotels, event venues and malls, we also need to take cyber-precautions – especially in public WiFi hotspots.
That’s because cybercriminals want your money just as much as any pickpocket does, writes Fortinet’s Doros Hadjizenonos. And, if they can’t steal your money, they will steal your other information and sell it on the dark web.
To make sure you and your personal information stay safe while you browse, here are a few practical tips:
Stay connected without losing your shirt
While many public WiFi access points are perfectly safe, criminals looking to steal your data will often post fake WiFi access points so they can intercept any data between you and your online shopping site, bank, home security system or wherever else you browse to. This is especially common at airports and coffee shops — places where you have a minute to sit down and log in.
This can also happen without you being aware of it. New smart devices automatically search for known connection points, like your home WiFi.
Sophisticated attacks simply ask your device what SSID they are looking for, and when your phone tells them it is looking for your home router, it replies with, “You’re in luck! I’m your home router.” And your phone, not being nearly as smart as it thinks it is, goes ahead and connects.
Here are two things you can do to protect yourself from fake WiFi connections:
* Simply ask the place of business for the name of their WiFi SSID before you connect.
* Install VPN software on your device so you can make secure, encrypted connections.
Avoid weak passwords
We tend to use a lot of websites that require a login, so remembering a unique password for each site may be impossible. It’s why people tend to use the same password for everything. However, if someone on a public WiFi hotspot manages to intercept and steal your password for one account, they now have your password for everything.
Here are a few things to do:
* Use a password vault that stores the username and password for each of your online accounts. Then, all you have to remember is the single password for that application.
* Create a tier of applications – one set for social media, another for where you pay your bills, and another for your bank.
* Set a reminder on your calendar to change those passwords every few weeks.
* When possible, use two-factor authentication.
Keep your devices updated
One of the most successful attack vectors hackers use is targeting vulnerabilities that are already well-known, but which are not being protected against. The developers of your devices, as well as the apps you run on them, all issue regular security updates designed to protect you from known threats. Download and run these updates as soon as they become available.
Monitor your social media
Be cautious about announcing on social media that you’re away from home. While it might be fun to tell everyone what you are doing, it also lets folks know you are gone, which can put your home at risk.
Likewise, don’t post personal information about you or your family that could be used by an attacker to create a legitimate-looking email with malicious content.
We all live in a world where bad things can happen, so we lock our cars, deadbolt our doors, look both ways before crossing the street, and avoid dark alleyways. You need to develop the same cautions when you navigate your digital environment – except that you are never 100% safe online. Risk comes with the territory. But if you exercise a bit of caution, the digital world we all live in can become a whole lot safer.