CATEGORY:

Loss Prevention

TAGS:

Don’t Get Burned by Public Wi-Fi

Before you login, be sure the way you are doing so is safe. Both your district and your own information could be at risk.

Wi-Fi. Wireless Fidelity. It’s the technology that keeps Netflix streaming, Facebook running, and your smartphone connected to everyone you have ever known. At its foundation, Wi-Fi uses radio waves to provide network connectivity without cords. Many of us have come to take for granted that this technology is safe. It’s dangers are largely unseen. They aren’t a hot stove burner, an oncoming car, or a hive of wasps.

This is established using a wireless adapter to create hotspots—areas within the vicinity of a router that are connected to the network. They allow users to access internet services, local intranets, and all the benefits of those services. While at home, with the use of a password-protected, wired network, the risk is minimal—as long as anti-virus software and firewalls are up-to-date.

The trouble is, there are times when using the internet beyond the comfort of your home is unavoidable. Perhaps you have a looming project deadline or an important email to send off and the Wi-Fi at the airport or hotel is the best option. In any case, you might be at the mercy of the internet provided by a hotel, airport, coffee shop, or any public location offering free access to anyone with a computer or cell phone. Nowadays, connecting to public Wi-Fi is as simple as pressing a button, but the risk that comes along with it may surprise you.

Cybercrime Potential

If you are in a public place and take a look at your phone, chances are you have a notification showing you all available wireless networks you can connect to. If you live close enough to others, in all likelihood you can see your neighbors’ networks. The air is buzzing with wireless accessibility. These radio signals are completely harmless, unless of course you make the decision to connect to one.

Cybercrime marks one of the most rapidly growing threats in today’s world. The culprits range from businesses interested in your data to individuals looking for your private information to resell on the black market. In 2017, hackers stole $172 billion from 978 million consumers in 20 countries. In the United States, that number topped $19.4 billion dollars and affected a total of 143 million people.

That’s more than half of the total online adult population. On a countrywide comparison, in 2017 alone, Colorado ranked ninth in the country for victims of cybercrime.

These facts are indicative of one thing: if you connect to a Wi-Fi network and send information either through websites or mobile apps, it has the potential to be accessed by someone else. Most Wi-Fi hotspots do not encrypt the information you send over the internet and are not secure.

Encryption refers to the process of converting information, in this case data, into a cipher or code to prevent unauthorized access. This means that on unsecured networks or on unencrypted sites other users on the network have the ability to see your screen as you see it.

Look Out!

While the advent of public Wi-Fi is an invaluable service for many people who lack access to the internet, there are a handful of risks that go along with accessing these networks. It’s important to protect yourself when transacting personal, sensitive, or financial information. This is especially true if the information belongs to other people or belongs to your district or company. For example, health and student records are subject to enormous regulatory scrutiny for digital security. Your district is liable to those regulations since many of them are based in Federal rather than state or local law. That means governmental immunity does not apply.

Here are some of the most common and the most harmful types of attacks or intrusions that you might encounter using an unsecured public Wi-Fi network:

Man-in-the-middle attacks

Man-in-the-middle (MitM) attacks are one of the most common threats on public Wi-Fi networks. MitM is an attack that consists of an attacker that alters communication between two parties that believe they are communicating with one another and without interruption. This would be the equivalent of the mailman opening all of your mail and resealing it before delivery. In both instances, you never know it happens, and even if you suffer from a data or identity theft event, the origin of that breach is unknown.

Malware distribution

Due to vulnerabilities with software such as programs and other operating information used by a computer, attackers can insert malware onto your computer or phone without the user ever being aware. Malware is a portmanteau for malicious software and refers to any software that is designed with the specific purpose to cause damage to a computer, server, or network.
Malware originated as nothing more than a prank, but it is used in today’s world to steal personal, financial, or sensitive business information. Many anti-virus scanners can find malware, but these services must be updated frequently to be up to date with the latest attacks.

Snooping and Sniffing

Two words that never seem to lead to anything good. These processes refer to how attackers, through the use of special software kits, can eavesdrop directly on Wi-Fi signals.
This technique allows attackers to see everything that you are doing while using that Wi-Fi network. That includes the ability to see any webpage you have viewed, the information filled out while on those web pages, such a login credentials, and the chance to hijack your accounts.

Malicious Hotspots

These are the trapdoors of the wireless internet world. Imagine you’re looking for Wi-Fi access at your favorite brunch spot, Grits and Grounds. You select what you perceive to be their open, free network, “Gritz and Groundz,” thinking everything is okay. In reality, you could not be more incorrect. In fact, you have just connected to a malicious hotspot set up by attackers who now have access to all your information.

However, there is little to stop a hacker from simply setting up a ‘Grits and Grounds’ network with a correctly spelled name. The cafe may not realize for some time that this is the case, as unsuspecting patrons fall victim to this trap. If you are in a cafe or airport that does not have signage indicating how to access their Wi-Fi service, just ask an employee. If they don’t have one, then assume that there is no network nearby that is safe to use.

How to stay safe

In today’s world, the need for fast and accessible internet access can sometimes trump the use of implementing adequate security measures. It’s understandable. Sometimes your mom wants to Skype, or a bill needs to be paid, and the use of public Wi-Fi is unavoidable.

For these moments, we have collected a few Do’s and Don’t’s that can help you navigate the wild west of public internet access.

Do’s:

  • Disable file sharing
  • Turn off Wi-Fi and Bluetooth when not in use
  • Only visit sites that use HTTPS, not just HTTP.
  • Use a virtual private network (VPN).
  • Enable your firewall and make sure anti-virus software is up to date.
  • Keep software patched and updated.

Don’t’s:

  • Stay permanently logged into accounts.
  • Log onto a network that isn’t protected by a password.
  • Access websites that transact personal information such as finances and healthcare while using unsecured Wi-Fi.
  • Leave your laptop, smartphone, or tablet unattended.
  • Shop online on an unsecured Wi-Fi.

Securing Your Office Wi-Fi

Just when you thought you were safe…you remembered your office’s wireless router. It’s true, public Wi-Fi poses the biggest opportunity for cybercriminals and attackers to access and retrieve your personal information, but it is also the case that any wireless router can be an access point for hackers, regardless if they are located at home or in the office. If not secured properly, anyone with a wireless enabled device has the opportunity to gain access to the network.

The steps to protection are relatively simple. Make sure your router has a password to prevent external sources from accessing it. Some routers come with default passwords, and you can change it by accessing the router’s settings using the instructions supplied with the unit.

Once there, create a name for your router, a strong password, and select a type of encryption (WPA2 is the most secure and the most recent). In addition, a strong firewall and up-to-date anti-virus protection can only add to the protection.

Those default passwords are well known to cybercriminals and are basically equivalent to setting your password as ‘password.’ It is critical that you change those passwords when you install the router, as well as periodically to avoid intrusions. If you have a former user (employee) leave your organization, that is an excellent time to change the Wi-Fi password.

Summary

The continually changing face of cybercriminals demonstrated by this article reminds us that every special district board, annually, must have a line item on their Agenda to review and discuss the protection of personally identifiable information within your organization in order to comply with Federal Red Flags Rule.

It is not enough to let IT handle things. The board must be educated on the exposure within the organization, assign responsibility, and review protections annually in order to avoid Federal actions. These details are specifically enumerated in the Red Flags Rules, so there’s no getting around it.

Setting up extra security measures when surfing the internet doesn’t take long, and the headaches it can save in the long-run are worth the trouble. Just remember, if you log onto a public Wi-Fi hotspot, it means others can as well.

You wouldn’t show perfect strangers your checkbook or give them your ATM code, so why would you let them have access to your wireless data? It’s the equivalent of keeping your car windows open when there are reports of car thefts. Just like you protect your home, and your car, and your possessions, please take precautions to protect your personal information or your district’s confidential information and be alert to how you surf.

Both comments and trackbacks are currently closed.