Signing on to a public Wi-Fi hotspot, especially for work-related activities on a computer that receives and transmits sensitive business data, should be avoided whenever possible. People who have to use a public internet connection, however, should follow some strict rules to protect confidential information from the unscrupulous. The internet and news media are full of horror stories of destructive hacks perpetrated via public internet access on those who fail to heed warnings about public Wi-Fi security risks.
The notorious “Dark Hotel” man-in-the-middle hack is a perfect example of the inherent dangers of public internet access points. According to Ronin Technology Advisors’ article, “The Dangers of Public WiFi,” the Dark Hotel corporate espionage campaign systematically tricked CEOs, American executives, government agencies and other high-profile targets to log onto what they assumed was a public Wi-Fi access point when visiting Asia for business.
The hackers waited for people to log onto their rogue hotspots then pushed malware to their computers under the guise of software updates, which many of their targets installed. The malware lay dormant for long periods before the hackers activated it and used it to steal sensitive data remotely.
Graduates of online cyber security master’s programs are likely to come across situations during their careers that require security software, policies and training programs designed to safeguard sensitive company data against public Wi-Fi mishaps. The topics tend to be covered as part of a modern cyber security curriculum.
List of Measures Taken to Safeguard Public Wi-Fi Access
First and foremost, people should avoid connecting internet-enabled devices containing sensitive information to any public Wi-Fi hotspot. Even something as innocuous as checking the weather or show times at a local movie theater can leave confidential data open to unauthorized access. If hackers gain access to a device, they can install a nearly invisible background program that lets them access information anytime and anywhere, even when people are connected to their own secure home network.
For businesspeople who absolutely must access the internet via a public hotspot while away from the office, chief security officer of Malwarebytes Justin Dolly offers some safety suggestions in his CSO Online article, “Why You Should Never, Ever Connect to Public WiFi.” Dolly’s suggestions include:
- Avoid Using Personally Identifiable Information: Hackers can use any information that is unique to an individual, from Social Security numbers to home addresses, phone numbers, account and credit card numbers, or login credentials to steal sensitive data.
According to David Nield’s Wired article, “Simple Steps to Protect Yourself on Public Wi-Fi,” some Wi-Fi hotspots ask for some personal information before granting access. The information is usually used for marketing purposes (for example, lists of names and emails for email blasts). But if the access point requests information beyond what it needs for advertising reasons, it might be a man-in-the-middle rogue hotspot operated by a hacker.
- Use Virtual Private Networks (VPNs): One way around the dangers posed by public Wi-Fi is to use a VPN, essentially a secure network that can be used to access other networks via encrypted traffic with a much lower incidence of prying eyes. A few free VPNs exist, but most require a monthly service fee.
However, in his Digital Trends post, “The Best VPN Services for 2019,” Mark Coppock warns to be wary of free services: “Know that all ‘free’ services are making money off of you somehow, whether it be from advertisements or something less innocuous.”
- Use Secure Socket Layer (SSL) Connections: In the absence of a secure VPN, accessing a website or service that has an SSL certificate can provide a suitable level of protection. Users can do this by enabling the “Always Use HTTPS” option on an internet browser.
“SSL certificates will protect the sensitive data transmitted from and to your website,” writes SiteGround CIO Ivailo Nikolov in “Why an SSL Certificate Is Important for Your Company Website” in Forbes. “Such information can be login details, signups, addresses and payment or personal information. SSL certificates will encrypt the connection and help protect your visitors’ data from being misused by attackers.”
- Invest in Unlimited Data Coverage: A significant percentage of people who use public Wi-Fi do so to avoid having to rely on their data plan for their smartphones, 4G-enabled tablets or laptops, or portable data hotspots. Unlimited data through a cell network service provider, however, allows for constant, fast access to mobile networks while avoiding public Wi-Fi altogether.
Hacking a cell phone’s mobile network data is much more difficult and time-consuming that hacking a public Wi-Fi, according to Motherboard contributor Lorenzo Franceschi-Bicchierai’s article, “The SIM Hijackers.” Hackers would need to socially engineer personal information, call a mobile network provider posing as the target, and convince the provider to port data to a new SIM card, which the hackers had in their possession. Most hackers have neither the ability nor the inclination to pull off a SIM hijack.
- Turn Off File Sharing: The likelihood of needing file sharing at a public Wi-Fi access point is pretty low, unless people happen to be with a co-worker at the same location. The file-sharing option is pretty easy to turn off on most computers and operating systems.
Mac file-sharing options are located in the Sharing folder under settings. Windows allows users to turn off file sharing under its settings menu’s Network and Sharing Center. Windows also allows users to select the option “public” when setting up a new Wi-Fi internet access point, which automatically turns file sharing off during set-up.
The best approach to public Wi-Fi, of course, is to avoid it altogether. However, for those who have to use it, these rules can help keep sensitive data secure and safe from would-be hackers.
University of North Dakota’s Master of Science in Cyber Security Program
To help fight cyber threats like those posed by public Wi-Fi, choosing the right online cyber security master’s program is an important decision. The best programs offer courses that keep current with today’s cyber security issues and concerns and offer concentrations that will be attractive to employers.
UND’s online cyber security master’s degree program is accredited by the Higher Learning Commission and is ranked in U.S. News & World Report’s Top 25 Most Innovative Schools (2018), alongside such prestigious institutions as Stanford, Harvard and MIT.
UND prepares students for careers in cyber security and offers concentrations in Autonomous Systems Cyber Security, Cyber Security and Behavior, Data Security, and General Cyber Security. For more information on UND’s MSCS online program, visit the program’s website.
The Dangers of Public WiFi – Roninpbr.com
Why You Should Never, Ever Connect to Public WiFi – CSOonline.com
Simple Steps to Protect Yourself on Public Wi-Fi – Wired.com
The Best VPN Services for 2019 – DigitalTrends.com
Why an SSL Certificate is Important – Forbes
The SIM Hijackers – Motherboard.vice.com