Using Public Wi-Fi
Most of us will travel and want to use public/free Wi-Fi at some point. Let’s talk about one of the most easy hacks bad guys will use to access your data. You walk into a coffee shop in a hotel or high tourist area and hook up to the local Wi-Fi. What you didn’t know is that a “bad actor” got their first and set up his own Wi-Fi signal. He/She will use a Wi-Fi name that looks legit and since they are sitting probably within feet of you it has the strongest signal. They even setup some “fake” term pages to have you agree to usage rules, just like you expect when you connect to a public Wi-Fi. Now here is the problem. They give you internet access but remember you have told your device that this connection is “trusted”. That means your security is probably not going to stop anything it does. So, unless you are using a VPN they can see every website you go to, every username you type/select, every password you enter, every credit card you use, etc….
How would you protect yourself? First, don’t use public Wi-Fi for financial transactions (i.e., don’t pay for something). Using it for surfing the web, watching a video, etc… is relatively safe. Next, really look at the “I agree” pages that come up. Does it have misspelled words, does the URL look like it is from a different website/company, are the details what you expect, etc….and most importantly, do NOT remember and automatically connect to this connection. Especially in a hotel restaurant, coffee house, or lobby, the bad guy will setup up shop and you “trust and remember his connection”. Then at night he/she will walk through the hotel with their device on, checking to see if anyone left their computer, smartphone, tablet on so it will automatically connect when he/she is in range. Now, when you are sleeping, and he/she can access your device without worrying about you noticing anything is happening.
Use a VPN if you can. A virtually private network (VPN) can best be described as your device (when on the internet) is on a highway system (like a car) and there are entrance/exit ramps all the time that go to specific website locations or addresses. When you use a VPN, it creates a tunnel or wall around your device, so none of those ramps are available except for the one you specifically want to use, nobody can drive up beside you and “see in your windows”, nobody can make eye contact with you because they cannot see in the windshield, etc… Sometimes VPNs will prevent a website from working properly (Ex. if you are watching TV via an app from your cable provider they need to know your physical location to be in compliance with various broadcasting agreements because some content it location specific therefore the VPN blocks with information transfer or provides false information that will prevent the website from functioning).
Have antivirus and a firewall installed and active. This will not prevent the bad guys from seeing your data but will help prevent any “care package” of malware they leave behind from working correctly.
Connect with your cellular connection instead of using free/public Wi-Fi. Your cellular connection has some built-in security features, and your phone technology is hardwired to ensure it can ONLY connect to a legitimate connection via cellular signal. Especially when on international travel this may be prohibitively expensive, so weigh the risk vs. benefits before using your cellular connectivity for data.
Use a password or network key protected Wi-Fi that has encryption when possible. Even if it is used by lots of customers, it should be more secure than something accessible to anybody within physical range that can answer the terms with “I agree”. An example of this would be a bed and breakfast that only gives out the Wi-Fi password to paying clients.
Pay attention to your account/device activity. If you start seeing transactions you didn’t authorize, emails sending you didn’t send, etc… make sure you run a “stinger” to check for a malware BEFORE you start using that same device to change passwords. If the bad actor has access as you start changing account passwords, he is going to know the new ones the same way he accessed the original passwords. Give me or some geek you trust a call if this is happening, and make sure you leave the device OFF until you get it checked out. Do this quickly, not days later when you have “time”. The more time they bad guys have access to your accounts, the more damage they can do.
