blog-logo.png

A BLOG ABOUT CYBER SECURITY

Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

School's out for Summer...but Risky WiFi Is Always in Season

Posted by Gretel Egan on Jun 10, 2016 2:23:09 PM

Topics: Mobile/BYOD, Risk Management, Keys to Success, All Posts

Wombat_RiskyWiFi2016.jpgAs bus rides, classes, and homework are traded in for road trips, hotel rooms, and vacations, parents and kids alike are likely to find themselves far afield from the relatively safe confines of known, trusted networks. Mobile devices aren’t staying behind when we hit the road — so how can we maintain secure connections (without blowing our data budgets out of the water)?

A recent study by Avast Software, a developer of PC and mobile security products, showed that even IT-savvy people tend to have a reckless attitude about open-access WiFi (i.e., WiFi networks that are not password protected). Individuals who don’t have a good understanding of the principles of cybersecurity are likely to be even less cautious, which puts financial and personal data at greater risk.

Device counts per household continue to rise, and mobile users are getting younger and younger. There is no “innate” understanding of how to use WiFi safely; on the contrary, many users seek to connect whenever possible in order to minimize mobile data usage. It’s critical that new and existing users be brought up to speed on best practices for WiFi security.

Last summer, we provided a few key tips for taking cybersecurity on the road, but we wanted to take this opportunity to re-emphasize the importance of treating open-access WiFi — also known as free WiFi and WiFi hotspots — with the kid gloves it deserves. There are a number of ways that hackers — experienced and inexperienced alike — can compromise WiFi hotspots.

Though you cannot completely eliminate the risks associated with open WiFi, you can adopt better habits that can help to protect you and your data. Here are five best practices to make note of:

1. Restrict Your Activities

When on open WiFi, it’s important to limit your online activities. If you sign into email and social media accounts or make a purchase on compromised networks, attackers could easily log that information and use it for their own gain. It’s always best to refrain from logging into secure sites or doing anything financial in nature (like making purchases or checking account balances).

If you absolutely cannot wait until you’re on a secure network to complete one of these riskier actions, the best thing to do is switch over to your mobile data. If you can't do that, it's critical to ensure that https is present in the web addresses you use — https://facebook.com vs. http://facebook.com, for example. Many organizations now default to https because it helps secure the communications between you and the sites you visit.

In general, https is valuable addition to any online session that requires you to enter private information, not just those over WiFi. It’s important, however, that you do not confuse secure communications with safe sites.

2. Install a VPN

If you are regularly in situations where you use open-access WiFi to transmit personal or corporate data, don’t just rely on https; instead, install a VPN. A virtual private network (VPN) is a service that helps to protect your data when you are on a WiFi network. As we’ve noted, it is alarmingly easy for someone to snoop on open WiFi traffic; using a VPN is like creating a tunnel for your information to pass through. That tunnel creates a barrier between your data and an attacker.

Your options for a VPN will vary depending on the type of device you’re using, so do some research and choose an application that has been well-reviewed by reliable sources.

color_bar.png

Going abroad in the near future? Check out our international travel tips.
They can help you keep your devices and data secure.

Cyber Security Considerations for International Travel

color_bar.png


3. Confirm Before You Connect

Because the names of WiFi networks are manually created, hackers can mimic the names of reliable networks. They often set up “rogue” or “evil twin” hotspots with names that seem logical or are similar to other networks in a given location (Airport Lounge or Lobby Wifi, for example).

How do you confirm a network is valid? Before connecting, check with an employee or another trusted source (an official sign or brochure, for example). And be careful: just a little difference in the name — one letter or number, for instance — means it’s a different network than the one you’re looking for.

4. Turn Off WiFi When Not in Use

It’s safer for you — and less draining for your battery — if you disable WiFi when you are not using it. The problem with automatically connecting is that you could end up joining a network that is unsafe. Did you know that, for example, if you connected to a safe hotspot with the name “AirportWiFi,” you could end up automatically connecting to a malicious network with the same name in another location?

To turn WiFi on and off, go into your device’s settings (on many smartphones, this function is available in an easy-to-access menu). And when you do have WiFi on, make sure any connections you make are intentional.

5. Don’t Confuse a Trusted Location with a Trusted Network

When you travel in your local area and beyond, you’re likely to visit many upstanding establishments, including coffee shops, restaurants, stores, and hotels. But just because you trust those locations, that doesn’t mean you can trust the free WiFi they offer.

Take this as fact: No open WiFi network is 100% safe. The good news is that you can reduce your risk. Make the effort to create new mobile device security habits for yourself and help others — like your kids, parents, and spouse — learn these best practices as well.

 

icon-book.png

Try Our Interactive Security Awareness Training Modules

Our 25+ interactive training modules in topics like Email Security, URL Training, Mobile App Security, and more are proven to change the behavior of end users and reduce risk.

Try Our Modules