When was the last time you used public Wi-Fi to work remotely? If you’re like 91% of recent survey respondents, you agree that public Wi-Fi is not secure. If you’re like 89% of the same respondents, you use it anyway.
“The convenience of using public Wi-Fi, for a variety of work and recreational uses, supersedes security, which puts both individuals and businesses at risk,” said Shane Buckley, CEO of Xirrus, the company who sponsored the survey.
Given the rising tide of remote workforces and avid work-from-homers, online security is and should be a growing concern for individuals and businesses alike.
“Users have a misguided trust in Wi-Fi networks,” explains Chris Covell, Chief Information Officer at Absolute. “They don’t think twice about logging on to public Wi-Fi—at a cafe, in their hotel room, during a conference, or while waiting at an airport. At home, many people have weak or no security.”
Yes, you read that last part correctly—even your home Wi-Fi network has vulnerabilities.
“As IT professionals, we know that Wi-Fi is prone to vulnerabilities and attacks,” Covell notes, citing the discovery of a vulnerability in a Wi-Fi router popular in the hotel industry that allowed attackers to distribute malware and monitor and record the data that sent over the hotel’s network. “Our users are not as aware of the risks.”
So how do we step up security when working off of Wi-Fi?
Ditch the defaults on your home router
“Is your home Wi-Fi still using the router’s default password? If so, anyone with a basic understanding of pen testing can get in within minutes,” explains Robert Nicholson of Concept Shifts. So change it. And be smart about the password you choose—anything containing your name, birthdate, address, pet, et cetera, is not a good option. (Related: An unhackable but easy to remember password)
Beyond switching to a smart password, be mindful when changing your SSID (the wireless network name) too. Don’t opt for an easy-to-remember SSID that is obvious. Again, this means avoiding mentions of your address or apartment number. If you are being personally targeted by a hacker, this will make his or her job far easier. With the network name already known, attackers can focus on obtaining your password through a variety of methods.
Don’t access sensitive information on open Wi-Fi
Most people are not out to get you. Even if they wanted to get you, most don’t have the skills needed to hack you. But it only takes one.
Kevin Shabazi, CEO of LogMeOnce, suggests, “Don’t access anything sensitive on open Wi-Fi like your bank account or sensitive company files. If you absolutely have to, then change your password as soon as you’re on a trusted connection.”
And don’t forget to properly log out of your sensitive accounts if or when you do need to access them on public Wi-Fi. This means using the site’s “sign out” or “log off” option, as closing a window does not automatically log you out from many sites.
Don’t trust public Wi-Fi just because it’s password protected
“A lot of Wi-Fi locations, even if they are password protected, do not change their password frequently,” Regan Marock, the CEO of SPC Cybersecurity, told us.
“An alternative is to use the hotspot on your iPhone for example, and do all your important online activities such as software updates and patches and paying bills only in locations that you trust.”
Don’t automatically connect to Wi-Fi hotspots
“Keep your computer or device from automatically connecting to available Wi-Fi hotspots to reduce the chances of connecting to a malicious hotspot set up to steal information,” explains Robert Siciliano, CEO of IDTheftSecurity. “For example, your home Wi-Fi may be called ‘Netgear’ and will reconnect to ‘Netgear’ anywhere.”
Moreover, recall the section above—many locations keep the same public Wi-Fi credentials indefinitely and hackers use this to their advantage. What’s to stop them from setting up a similar hotspot name in the same location or from snooping on regulars who don’t realize they have automatically re-joined the network?
Siciliano provides these instructions for disabling Wi-Fi auto-join:
For Windows: Make sure no “Connect Automatically” boxes are checked. Or, go to the control panel, then network sharing center, then click the network name. Hit wireless properties. Uncheck “Connect automatically when this network is in range.”
For Mac: Go to system preferences, then network. Under the Wi-Fi section hit the advanced button. Uncheck “Remember networks this computer has joined.”
For iOS: Go to settings, select the Wi-Fi network, then hit forget this network.
For Android: Get into your Wi-Fi network list, hit the network name, and select forget network.
Beyond disabling auto-join, LogMeOnce’s Shabazi suggests turning off Wi-Fi altogether when you are not using it.
Extra tip: What about Bluetooth? Covell warned us about leaving Bluetooth on, noting that “Many recent breaches have involved the use of unprotected Bluetooth devices such as home security systems, and even connected home appliances.”
Always use HTTPS
“Ensure that browser connections with any e-commerce transaction are facilitated via encrypted HTTPS,” advises Julian Weinberger, Director of Systems Engineering at NCP. “Even if the Wi-Fi network itself is not encrypted at least the website connection stays secure at the transport layer.”
Weinberger recommends the HTTPS Everywhere plug-in for Chrome, Firefox, or Opera, which automatically switches sites from HTTP to HTTPS in order to protect users from surveillance and account hijacking.
Use a VPN whenever you’re not in the office
VPN is short for virtual private network. A VPN lets users securely access private networks and share data remotely. Truth is, you might want to start using a VPN even if you are at the office, using your trusted home connection, or not even on Wi-Fi at all.
“While requiring a VPN connection first can be annoying to the employee since it may involve some extra steps, the unfortunate fact of life is that security will always involve some measure of inconvenience,” explains Tom Evans, Security Training at Ashton Technology Solutions. “The risk in not doing this involves exposing business data and correspondence to outsiders. Login credentials can be easily stolen over open Wi-Fi networks and used to infiltrate the business network.”
But don’t forget about the importance of firewall.
“The first step is to have a properly configured personal firewall on the end device that restricts network communication on public hotspots so that it is only possible to communicate via VPN,” said Weinberger. “On a Windows device, for example, configuration should encompass turning off folder sharing, network discovery and enforcing encryption for file sharing transfers.”
“There is no turning back from a mobile workforce and there is also no turning back from the increasing number of attackers that are out there,” said Evans, adding, “There is no reason to make it easier for them.”
Embrace a certain level of paranoia
“Take common sense precautions to protect yourself,”advises Gregg Scott, author of Bullseye Breach. “Don’t open email attachments, don’t visit suspicious websites, don’t download all those cute screensavers and other junk into your computers/phones, and don’t believe all the pitches flying around from all the con-artists.”
A final note
“It doesn’t matter what firewall or intrusion detection or VPN you use if your employees don’t understand the significance of data privacy and protection,” warns Anthony R. Howard. “No one in your organization will care about data security, privacy policies, intellectual property protection, or data breach until you tell them why it’s important, how it can impact them, and what to do to prevent it.”
While many small and medium business owners may feel that the education aspect of cyber security is too far out of reach in terms of time, knowledge, or other resources, Howard explains that it can be as simple as putting together a free annual webinar. And the payoff is worth it.
“In addition to showing them that you care, you are developing a privacy culture that can be applied to business and their personal life, and at the same time protecting your profits. A benefit both you and your employees will appreciate,” he says.
Remember when email used to make your life easier, not harder? SaneBox takes you back to that time so you can focus on things that actually matter. Take charge of your productivity today by starting your 14-day free trial.