Spoiler Alert: It’s Mostly Don’ts
Public Wi-Fi is really something, isn’t it?
30 years ago it was the stuff of sci-fi: a wireless connection you can access throughout much of any major city that offers you just about whatever of the world’s information you ask for.
Today, we take it for granted. Perhaps too much for granted.
The thing is, public Wi-Fi, as magical as it might seem, has a dark side. And using it for business work? It’s pretty risky.
So this week we’re giving you a guide of do’s and don’ts: if you find yourself out and about and you need to get a little work done, here’s how to stay safe.
The Problem with Public Wi-Fi
The big problem with public Wi-Fi is that it’s insecure. You can’t be sure whether what you’re doing is safe from prying eyes, or even that your connection won’t lead to some kind of compromise.
See, public Wi-Fi networks — at least the ones that don’t require any kind of authentication — are completely, horrendously insecure: it’s built right into the system.
A Wi-Fi network that you can join without a password or any kind of credentials is a Wi-Fi network that anyone, and anything, can join the exact same way. And with the right tools or skills, one of those people or devices can potentially spy on other devices connected to that Wi-Fi network.
So while you’re accessing business email at your friendly neighborhood Joe’s Coffee, bad actors or malware bots could be reading along
Two Specific Attacks
There are two specific attacks worth discussing here: man in the middle attacks and evil twin attacks. (Yeah, the names are goofy. Don’t blame us!)
Man in the Middle (MITM)
In a man-in-the-middle attack, someone positions themselves between your device and the Wi-Fi access point. Not literally (though it’s possible the culprit is really there at Joe’s), but in a network sense: your computer thinks it’s connected to the public Wi-Fi network, but someone else’s device is intercepting that traffic and “reading” it before it goes on to the Wi-Fi router.
Done correctly, this type of attack gives the bad guys the opportunity to see the data you’re sending and receiving. And that could be stuff like sensitive business documents, emails, credit card numbers, and even usernames and passwords!
Evil Twin
Evil Twin attacks are slightly easier to spot and avoid — chances are you’ve already come across one, and hopefully you successfully avoided the trap. But they’re still pretty effective at catching people who are in a new or unfamiliar place.
This type of attack mimics a legitimate network, using a similar network name or SSID. Things like “Free Airport Wifi” (notice the typo), or “FREEPUBLICWIFI_82LE2” or even innocuous-sounding things like “Library Network” could fit the bill.
With this attack, the impostor network was set up by someone to do something — and it wasn’t to offer you complimentary high-speed internet. Often these networks will seem broken and won’t let you access the internet, but they could be doing behind-the-scenes damage as long as you’re connected. Fortunately, your device’s security protocols may prevent you from connecting to known scams.
How to Stay Safe
So, what should you do to stay safe on public Wi-Fi networks? The best option is not to use them for business purposes at all. Use your smartphone’s data plan; tether your laptop if you have to.
If you absolutely must connect out in the wild, try to use known networks from reputable brands that require some form of authentication. For example, around town, Starbucks is a reasonably low-risk option. And at the airport, use the password-protected network in the lounge, not the open network run by the airport.
Last, stick to secure websites and services, like those that offer end-to-end encryption and websites using a secure protocol (you’ll see https instead of http), as these technologies encrypt whatever data the bad guys might steal.
That’s it for this week. Got questions? Reach out anytime!