This very interesting article in Tech Republic breaks down the threats facing mobile workers and everyone else who accesses the Internet on public WiFi.
While corporate IT departments fret about BYOD policies and how to keep their enterprise data secure, the reality is that there are a few simple tricks to minimize those threats and even counter some emerging threats.
All it takes, according to Tech Republic, is educating users and enforcing some simple policies. Below are some “Facts” from the article along with our opinions on why this makes sense, whether you’re working for a large organization or work independently.
Fact: “Public hotspots all have one thing in common; they are open networks that are vulnerable to attacks and security breaches. Most, if not all, public hotspots do not encrypt data, allowing passwords, email messages, and other information to be intercepted by nefarious types.”
This is absolutely true, and one strategy is to disable WiFi so that it’s turned off until needed. That way, you’re alerted when actively using a Wi-Fi hotspot.
Fact: “An evil twin hotspot is a WiFi access point set up by cybercriminals, which is designed to impersonate a legitimate hotspot. Evil twin hotspots are on the rise and are starting appear most anywhere a business, such as a coffee shop, retail establishment or restaurant provides free WiFi access to its patrons. Evil twin hotspots mimic legitimate hotspots so effectively that many users are unaware that they even exist. However, evil twin hotspots have one sinister intention in mind, stealing information and intercepting data.”
Again, this is what we’ve been warning for years. An evil twin allows a hacker to eavesdrop on network traffic by tricking users into connecting to the fake hotspot. Often, someone is completely unaware they are even connected to an evil twin because the bad guys use the SSID (network name) of the legitimate access point. But this allows the bad guys to secretly eavesdrop on the network traffic and steal information, such as logins, credit card numbers, and data files.
Fact: “In the past, two factor authentication and VPNs would only fit into the budgets of large enterprises, making the extra level of security unaffordable to most businesses. Today, many online (cloud based) services have hit the market that only charge a few dollars a month for VPN services that could potentially solve the evil twin hotspot attack.”
PRIVATE WiFi is, of course, one of those services. Remember that WiFi signals are just radio waves. So the guy sitting a few tables away in a coffee shop, in a hotel room down the hall, or a few rows away on an airplane can access everything you send or receive.
It is the individual’s responsibility to protect their data while using a WiFi hotspot; it’s not the WiFi provider’s, ISP’s, or the website’s responsibility.
Look at it this way: It is just like antivirus and firewall. Your email provider probably does some filtering for malware on its server, but you would not think of using a computer without having your own antivirus and firewall protection. We see protecting WiFi as the third leg of this online security requirement.