Forward: Over the last year or so of researching and writing this blog, I’ve come to the conclusion that there really are only about ten cybersecurity tips, and they are mostly common sense. The rest are just minor variations. With that in mind, I’m going to repeat and rework a few from the last year over the next weeks. Please read on, as these are all really the essence of cybersecurity. Please also pay attention to the bonus tip at the end.
Whether you’re vacationing, at a coffee shop, visiting a friend, or waiting in an airport, wifi hotspots are becoming ubiquitous. Sometimes the hotspots will cost a small fee, and other times they are free. In either case, be careful! Frequently, free wifi can be a scam setup by criminals just to see what information they can glean.
In broad terms, this is how the scam works:
- the unsuspecting victim browses their network connections to find a wifi network in the area
- you find a network called “Free Wifi” or some such thing and decide to connect
- this free wifi network is not actually a hot spot, but rather a computer-to-computer network that has been setup as a trap
- while you believe you are using the internet as normal, you are actually browsing through the hacker’s computer, and as a result, they can see everything you are doing online including usernames and passwords
This is an especially big problem if you are doing any online banking or checking email or anything else where you are accessing accounts. Finally, if your device is setup for file-sharing, the attacker can now access all your files and data, and even possibly install spyware or malware on your device.
Beware of the evil-twin.
Sometimes hackers will setup a real hot spot near to a place that offers free wifi. Ask the business you are in if there is a hot spot available and get the name of it. Only connect to that network and if you see two hot spots with the same name, don’t connect to either of them. One of them could be the phoney evil-twin, setup solely to trick you into connecting to it.
The easiest way to protect yourself from these sorts of scams is to be very cautious when using public wifi. If you’re in a place that has a legitimate network for a small fee, use it. It will be worth the peace of mind. If you do choose to connect to a free wifi network, keep the following things in mind;
- anybody can name a wifi network whatever they want, so even though a free network may have a name that is correct within context (eg: “Pearson Airport Customer WiFi” if in Pearson International Airport) that is no guarantee it is legitimate
- avoid all financial transactions and online banking if you are not using a network that you know and trust
- avoid using VPNs* or accessing sensitive information when using public wifi
- use https to access webmail and avoid non-encrypted protocols like http or ftp
- turn off your computer’s file-sharing capabilities when using public wifi
- when choosing a wireless network, check out the description and never connect to a ‘computer-to-computer’ network
- if your device has a firewall, use it
* In this context I mean avoid connecting to corporate or institutional Virtual Private Network while using public Wifi. This is not the same as using a VPN anonymizing service for security. I’ll discuss that in a future post.
Special Bonus Tip
Given yet another major data breach in the news and another large collection of usernames and passwords being shared by hackers on the internet, it seems prudent to again mention the terrific service to check Have I Been Pawned and Is My Password Floating Around. If you are not subscribed to this terrific service, please do so now.
If you have more questions about these topics, please contact UTS and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.