Coffee shop owner and techno journalist Simon Rhodes, on why public WiFi networks aren’t secure.
With the shift in modern working patterns, the advancements in connected technology and the demise of the traditional office environment, we have a rise in employees working remotely.
Today, remote working can mean a day a week undertaking business activity in a coffee shop, using hot-desking facilities near meeting locations or even living that elusive digital nomad lifestyle, working from countries spanning the globe. But there is one thing connects all of these facets: public WiFi .
Yet, how often do you stop and think about that public WiFi hotspot you’re connecting to?
Probably never, but you aren’t alone. The reality is, that we enter a space, scan for the available Wi-Fi networks, enter the required details and go about our cyber business. That’s as much thought as we commit to this act of connection.
How do we know that the hotspot we just connected to is legitimate?
If we are brutally honest, no public Wi-Fi network is completely secure and can be compromised by hackers with little effort. But perhaps more concerning is the thought that we could be connecting to a rogue access point, set up to mimic an establishment’s authentic network. How familiar is the following –
Any of the above could be an ‘evil twin’ network.
The chances are, once you’ve hit ‘connect’, you will be none the wiser that you have connected to an illegitimate hotspot. The hackers will go to great lengths to make their hotspot appear genuine, using the same SSID address and clone the MAC address of the true hotspot. They can even boost its signal strength so that it overpowers the true WiFi connection.
Let’s be very clear here: your browsing will not be affected and your device’s behaviour or performance won’t make you suspicious about the validity of your connection or online security. But, from the moment you connect, the criminals can eavesdrop on your activity and collect personal information such as log-in details and passwords, they could even view files that are uploaded or downloaded.
The truth is, the company providing a WiFi connection, as part of their offering to customers, wants it to be simple and convenient for you to use. They will have little in the way of IT support, if any at all, because that would be an added expense and not provide any further benefits for their business, as they know that the connection is going to be used regardless.
The reality is that while they may have some web-based security software running, the onus is on the user to invest in high-level security to protect themselves. You may assume that wireless encryption will work, right? WRONG. The method doesn’t encrypt your data until after the connection between your device and the network has been established.
Now let’s turn our attention to the activity we execute once we are connected; we access our social media, we send personal emails, we check our bank balances or make purchases that require both personal and financial information, all without a second thought to the security of the connection.
And from a business perspective? By the time you’ve carried out the business activity required from your remote working location, you might as well have passed over the keys to you organisation. Even if you haven’t directly accessed financial information or business banking details, hackers may have access to sensitive data sent via email, customer details or access to websites or other platforms that can be used to extort money or damage the business’ reputation.
A data-breach can result in irreversible destruction for a business. Under the new GDPR ruling, you have a maximum of 72 hours to notice the ICO (Information Commissioner’s Office) and if the right processes haven’t been put in place, it’s likely that any insurance you have to protect yourself against such instances won’t pay out. So, not only will your business data be compromised, you could also face dire consequences from regulatory bodies, and find your brand reputation tarnished.
It’s not just small chains or independent businesses that fall prey to these cyber breaches; those that are long established or considered corporate giants are just as unsecure.
Just earlier this year Atlanta airport, hailed as the world’s busiest airport, had to shut down its entire WiFi network, along with part of its website due to a cyber breach on its unsecure, unencrypted access point. Those who had been using the connection were informed they could have been affected; leaving 275,000 passengers without a WiFi connection and a very bitter taste.
So how can you stay safe? Firstly, you need to become vary careful with regards to the networks that you connect too, and stick to connecting to as few as possible. While you are browsing, stick to HTTPS encrypted sites, limit the personal or business data you share along with file sharing. However, the trouble here is that, realistically this is going to limit your productivity. The other option of course, is to invest in anti-malware and antivirus software, install privacy-protecting browser extensions that prevent attacks such as session hijacking or clickjacking, or a VPN service, a virtual private network that encrypts data end to end.
While we may think that we have nothing to hide when we are carrying out our online activity, whether business or personal, perhaps a better question to ask yourself is would you hand over your device to a complete stranger? The answer of course, is a resounding ‘no’, and with this being the case, we urge you to be proactive in protecting yours, your employees and your business’ online activity, regardless of where they take place.