Public Wi-Fi has security risks, take steps to prevent them
The sounds of idle chitchat and espresso machines culminate in a dim roar within a downtown café. Patrons patiently pour over emails and social media, gulping their caffeinated beverages while stewing over errands.
All the while, many are unaware that the personal information they’re accessing online is floating in the air amidst the sounds of coffee machinery.
Despite being drawn into a sense of security at a favorite café or library, public Wi-Fi has risks. Even public Wi-Fi in apartment complexes is fraught with loopholes criminals can exploit to get ahold of bank accounts, credit cards and social security numbers.
It’s important to understand the risks of connecting to public Wi-Fi and how to avoid being attacked online.
One of the most common security risks on public networks is the man-in-the-middle attack, wherein the attacker takes control of a connection between two individuals and deceptively controls and relays messages. The man-in-the-middle attack is typically used to eavesdrop.
Tech-savvy thieves make hijacking information look relatively easy. Security analysis applications like DroidSheep and add-ons like Firefox’s Firesheep make the process more accessible.
DroidSheep and Firesheep, and software like them, are intended to detect poor security and holes in unencrypted networks. Using these tools and software like them for unintended purposes – like accessing others’ personal accounts through a public network such as the Wi-Fi in a café — is against the law.
However, people break the law. It’s inevitable. A home can be broken into with the right skillset, and a personal computer is no different.
When possible, browse with an encrypted connection. The beginning of a “secure” URL should read “https” as opposed to “http.” If you don’t want to sift through the link at the top of your browser for that, a small icon of a lock will show to the left of the URL if there is a secured connection.
According to PCWorld, some social media networks like Facebook will log the user in with an encrypted session, and then divert back to an unsecured session. This can be avoided by activating “secure browsing” in your Facebook account.
On top of sticking to encrypted connections, another common security tool is a virtual private network. A VPN encrypts the user’s traffic to a secured server where information is held. VPNs take multiple forms and there are multiple options, but it would be best to research the right type of VPN for consumer and corporate needs.
Windows computers come with a simple tool for configuring and connecting to VPNs. The process begins by searching “VPN” in the computer, clicking on “Set up a virtual private network (VPN) connection” and entering the appropriate domain name or IP address, either from the personal computer one is accessing or the company network.
The domain name and IP address can be obtained from the administrator of the network or by looking into your own computer’s IP address to remotely access its files.
Be sure to double-check which type of VPN Windows is connecting to, because there are multiple varieties.
Outside a VPN and checking encrypted connections, which can be frustrating, there are a few straightforward rules to follow. Don’t connect company computers to untrusted public networks. Don’t access bank accounts or type credit card information on a public network. Update apps. If possible, use two-step verification, which requires further identification if one logs in from an unknown device or browser.
This is by no means an exhaustive guide to being fully prepared, but researching how to implement some of these security procedures into one’s daily life will help in the long run.
Criminal activity has changed in the digital age. One used to be able to protect their valuables with a lock on the door, but now access to personal identity, information and wealth requires a more technical approach. I urge everyone to look further into securing digital content with the appropriate tools and procedures.
Jake Smith can be reached at [email protected] or on Twitter @notjakesmith