It doesn’t seem long ago that business travellers used free or paid-for Wi-Fi hotspots without much of a thought about the security issues they posed.
However, by 2013 security experts were warning that many public Wi-Fi networks were at risk from at least one cyber criminal snooping around per network, trying to steal users’ passcodes, bank details, personal contacts and other information.
In January last year, Action Fraud, an agency of the City of London police which collects all known cases of fraud in the UK, advised of security risks presented by using Wi-Fi hotspots.
Free and paid-for Wi-Fi hotspots create risks by issuing passcodes. Hotels, bars, restaurants, airports, each give their own passcode to customers upon request, exposing them to criminals who, having acted as customers, gain the passcode.
The typical modus operandi is to look for users on the network and attempt to hack into any unsecured tablets, phones or laptops; or observe what the users are doing online and gather any information that could be useful in hijacking their ID or committing another fraudulent act.
“Evil twin” connection
One method of such criminals is to fool customers into thinking they have a connection to the Wi-Fi hotspot they are at, whereas in fact they have connected to an “evil twin” network, created by the criminal, who is between the customer and the genuine hotspot.
The “evil twin” is a spoof network that uses the name of a hotel, café or shop etc. and allows the criminal to gain access to devices when their owners click the network name and try to log on.
As a result, customers may send information – credit card details and emails, with their email address, of course to the criminal’s device, not to the intended website.
In possession of personal information, criminals can pretend to be a customer, although bank log-in details are such that they might not be so successful in logging into a bank account, unless the details are stored on the device that they have, in effect, hacked into.
A further risk in such situations is malware, with criminals triggering a pop up message advising users to upgrade their software. By clicking the message, in good faith, customers infect their device and can face mayhem and a ransom demand if their device has been “locked” by the malware.
How to stay safe at a Wi-Fi hotspot
- Don’t be an easy target. Ensure you really are connecting to the Wi-Fi hotspot, not a spoof, evil twin connection. If in doubt, double-check the precise name of the connection with the hotspot owner. Hackers might have set up a near-identical connection name and trick the unwary.
- Use a VPN (Virtual Private Network). That way, any data you send will be encrypted, meaning that even if a criminal has broken into your connection, they’ll be more likely to dump the data rather that try to decrypt it, unless they have good reason to believe your data is of value.
- Turn the “sharing” option off on your device, if it’s “on”. That will help ensure your data isn’t shared with anyone on the network.
- Browse the web using a secured browser. It will make you safer online and help keep you away from rogue, phishing websites, but cannot guarantee 100% security. However, it’s another step in the right direction.
- Keep your anti-malware program up to date to help guard against viruses and spyware. That’s key even if you believe your device is safe because you’ve taken steps like those above. Determined hackers will still have a go and might succeed in getting your device infected.
- Use a device that contains no confidential information. Smartphones can be hired, a useful option if you want to go down that route. Hired smartphones can be particularly useful when visiting the US, because strict regulations there mean that a traveller’s smartphone can be taken away for inspection and its passcode demanded, potentially putting its data and information at risk.
- Create your own private hotspot – a mobile, MiFi hotspot – that goes where you go.
The private MiFi hotspot
Business travellers don’t have to stop using Wi-Fi hotspots, but they should be careful when on one; or use their own private, mobile MiFi hotspot instead.
A mobile hotspot is automatically created by a MiFi, a small, portable, battery (optionally, mains) operated router. A MiFi behaves just like a home or office router but fits into a pocket. The device, along with country and, in some cases, continent-specific data SIM cards can be hired in 30 day slots.
Apart from its security aspect, a MiFi often provides noticeably superior speeds when online, compared to the connection at Wi-Fi hotspots.
The MiFi has its own passcode, a robust first-line defence against easy or determined hacking. Its value in that regard is multiplied depending on how many friends/relatives you allow to use it at the same time (or not). As with a home or office router, a number of people can use it at the same time but can only do so via the provided passcode.
As our world becomes ever more digital, it’s up to everyone to take personal responsibility for their digital security. Using internet security solutions such as anti-malware and anti-phishing programs are only part of the picture. Our online behaviour and how to handle Wi-Fi hotspots is another, as is keeping backups of our data and information.
Backups are important because if we do succumb to a ransomware attack and face a demand to pay a lot to unlock our infected device, we can ignore that and load our backups onto another device. Using cloud-based options for storage of our work – and backups – might be fine but perhaps not for confidential work or personal information, which is where offline backups come into their own.
An offline backup is unhackable unless the computer it’s attached to is connected to the web. It’s advisable to perform backups to your own local backup device when disconnected.
A final security tip
When travelling on business or on holiday look upon your smartphone, tablet or laptop – and all data they contain – and any MiFi you have, as if they’re the crown jewels and you have been entrusted with their safekeeping.