Coffee shops, restaurants, bookstores, airports, hotels, and other public places often provide free access to wireless Internet hotspots. But along with that convenience comes the danger of being digitally mugged. Here are some some simple tips you can use to make sure you’re not broadcasting your business to snoops and hackers while using Wi-Fi hotspots…
Understanding Wi-Fi Security Risks
While you’re sipping that latte and working on a business plan, someone at the next table, or in a car outside, may be stealing sensitive data from your laptop through the same wireless hotspot you are using. As you browse your email, someone nearby may be reading along with you. And you may never know your digital pocket has been picked. This is why it’s important to understand wireless hotspot security and use it wisely.
Unsecured wireless networks are convenient – you don’t have to enter a password, just fire up your laptop, tablet, or smartphone and let it connect to the wide-open wireless network. But anyone within range of that network can do the same, and without an encrypted connection you may be vulnerable to data theft.
It’s also a good idea to enable the firewall built into your laptop, even when using secured hotspots. A personal firewall can protect your data against other hotspot users. If you are connecting via Wi-Fi on a Windows computer, choose the “Public” option when asked what type of network you’re on.
I also recommend that you disable file and printer sharing on your laptop before going out in public with it. Whatever data you allow to be shared on a network is available to other users of a wireless hotspot.
Extra Layers of Wi-Fi Security
A few years ago, a group of Internet professionals, all of them sporting laptops with wireless connections to the hotel’s access point. On the second day of the conference, one of the attendees put up a slide showing logins and passwords from a dozen of the attendees. Needless to say, many jaws dropped open! He was running a “Wi-Fi sniffer” to spy on the internet traffic floating around in the air. Fortunately, he was a trusted colleague, and was nice enough to tell the group that they were caught with our virtual pants down.
If you use any website that requires you to login with a username and password, or has a form where you must enter personal information, look for the “https” in the website address. As long as you’re on a page with an address that begins with https, the data you send and receive is protected from sniffers and snoopers. That little “s” is your assurance that your connection is encrypted. It’s becoming more common, but not all sites use it.
If you use Outlook, Thunderbird or another desktop email program, adjust your account settings to require a secure connection when sending or receiving mail. Check with your Internet provider for help setting up a secure email connection.
Your connection is almost always encrypted when using online banking, or making a purchase on the web. But other venues, such as online forums or your web-based email may NOT use an encrypted connection. Gmail, Yahoo Mail, Hotmail/Outlook.com, and Facebook are fully encrypted, so you’re safe there. (For mobile users, the Gmail app on Android smartphones and tablets is secure, as is the Mail app on Apple iPhone/iPad.)
What does all this mean? If you don’t see HTTPS in the address bar of your browser, anything you read or post online, as well as any email you send or receive while using a public Wi-Fi connection may be exposed. If you enter a username and password on a website that doesn’t offer HTTPS encryption, it’s the equivalent to holding up a sign with your login credentials.
Remote Access and Other Wi-Fi Security Tips
If your employer has a Virtual Private Network (VPN), use it for all communications when on Wi-Fi. A VPN encrypts all data passing through it so that even if data is intercepted it cannot be read. If you’re not on company business, use one of the free remote access services to protect your data against thieves. You can use these tools to connect to your home computer, and do your surfing through your own secure internet connection.
Consider disabling your device’s Wi-Fi adapter when it’s not in use. This prevents your device from automatically connecting to any wireless hotspot you may pass. On smartphones, this will be found in the Settings dialog. Most laptops have a button or switch that makes enabling and disabling a Wi-Fi adapter quick and easy. You’ll also conserve battery power by turning off the Wi-Fi when it’s not needed.
Oh, and there are the “shoulder surfers” to watch out for. Just like when you’re entering your PIN code at an ATM, you need to keep an eye open for anyone who might be glancing over your shoulder while you hunt and peck. You can use two fingers when entering a pin or password… one presses the correct key and other is a decoy. So even if someone was watching from across the street with binoculars, it’s almost impossible to steal a password.
Wireless hotspots are essential these days. But just as you wouldn’t sit in a cafe with your wallet open on the table, you shouldn’t leave your laptop or other mobile device wide open to thieves. If you must use public Wi-Fi in an airport, coffee shop, or hotel room, awareness and encryption are paramount. If the web address displayed by your browser starts with HTTPS, you’re safe. If not, everything is potentially exposed to hackers or snoops in the vicinity.