Okay. So, you’re on the road. And you suddenly remember that vital email you neglected to send, before leaving the office. Or you get an urge to post that selfie you just took to your Instagram account. Laptop or mobile device at the ready, you connect to the Web using the free service at the hotel, conference center, or train station where you’re currently sitting.
It sounds great in principle. But connecting to the Internet from a WiFi hotspot is fraught with hidden dangers. But there’s no need to panic as this guide will help you minimize the risk.
What are The Risks?
Recent survey results suggest that 70% of people who own tablets and 53% of smartphone users regularly use public WiFi hotspots. But sensitive data sent across public WiFi networks – things like credit card details, login information and digital credentials – can be intercepted fairly easily by unscrupulous parties. That’s why cybercriminals target public WiFi so often.
Any WiFi connection that’s unsecured is an opportunity for hackers to gain access to sensitive (and potentially valuable) information – and even to take control of the network, itself.
Securing Your Home Network
A broadband router (also known as a wireless router, access point, or hub) is usually required to set up and access a home WiFi network. The manufacturers of these devices typically set up a website with a login screen, where users can enter their username and password, then input details like their account information and network address. These pages are initially accessed via a default administrator password and username, specific to each manufacturer and well-known to most hackers. You should change both immediately.
Routers ship with a manufacturer-specific network name called the Service Set Identifier or SSID. Although knowing an SSID won’t allow access in itself, a hacker who sees a network still using the default value will assume that your network isn’t well configured and potentially vulnerable. So you should change the SSID as well.
Once WiFi is up, the hub will broadcast the SSID at regular intervals to allow WiFi clients that roam in and out of the signal range to reconnect. As network administrator, you can disable SSID broadcasting. But know this, first: In Windows 7 and above, an SSID that’s not broadcast will still display as an “Other Network”. And a hacker spotting a network that someone’s attempting to hide may assume that it contains something worth hiding.
In a home network, the position of the wireless router determines the reach of its signal. If you want your WiFi to be accessible to all and sundry, place the hub near a window or out in the open. Otherwise, try to keep it near the center of the house.
If you’re away on holiday, or offline for extended periods, consider turning off the equipment, entirely. Whenever you are online, be sure that you have a firewall in place. Most modern routers have one built in, but they can be disabled. So make sure it’s turned on, at all times. You might also consider installing personal firewall software on each device that connects to the network.
Your greatest protection will come from encryption, however. Even if encrypted data is intercepted by hackers, it will take some major effort on their part to unscramble that information, and use it. So be sure to enable the encryption option that comes with your network hardware.
The earliest routers used Wired Equivalent Privacy (WEP), but this encryption method was soon displaced by the more secure WiFi Protected Access (WPA) system. This has evolved to WPA2.
WPA and WPA2 can operate in two different modes. Pre-Shared Key or PSK mode is the Personal setting, designed for home networks. To use it, you set up a password on your router and grant access to each device on your network via that same password. It’s essential to use a strong password, i.e. a mix of alphanumeric characters (small and caps) and symbols.
RADIUS, or Remote Authentication Dial In User Server is the Enterprise encryption setting, designed for corporations and agencies. It gives a higher level of encryption security, but requires the use of a RADIUS server or hosted RADIUS service.
You may have to determine a common setting, as all devices on a home network need to use the same encryption protocol.
Being Safe, in Public
By its very nature (open to everybody), public WiFi is insecure. And that risk can manifest from the very beginning.
A malicious user can easily set up a bogus WiFi link. So don’t connect to any network whose name you don’t recognize. Even if you are familiar with the name, it may be a spoof. Cybercriminals love setting up bogus WiFi links with names similar to established brands or popular locations.
Before connecting, talk to the staff at the venue where WiFi is being offered. Find out the IP address and connection name of their legitimate service – and compare them to the data that’s being given by the link, before you proceed.
Don’t share. If your home or office settings enable resources like printers and collaborative files to be shared, turn these off, when you’re connecting in public. Otherwise, these facilities will be available to the general public.
Once again, encryption is your best defense. Use HTTPS (HTTP Secure, an encryption protocol) when visiting websites and enable SSL (Secure Sockets Layer) or TLS (Transport Layer Security), to scramble data as it moves between your machine and various Web servers. If you use a desktop client like Outlook to access your email, make sure to set your accounts for SSL encryption. Check the Help documentation, to ensure you set this up correctly.
The “https” prefix in the address bar of your Web browser indicates a securely encrypted connection. If those letters disappear, you should log out. Many sites will use HTTPS by default; others will support the protocol if you type it in.
A virtual private network or VPN will shield your data, encrypting information as it passes through the WiFi network. This can be your best bet when dealing with sites that don’t support SSL. A VPN service will re-route your data through a secure private network, like a tunnel shielding you from the potential threat of the public one.
Your Safest Course…
• Trust nothing, till it’s been verified. Check out the validity of the hotspot before you connect.
• Protect your system. Enable your firewalls, anti-malware and security settings.
• Use encryption. Enable WPA2 or WPA. Look for HTTPS support on the sites you visit. Consider using a VPN service.
• Don’t connect unless you have to. If that email can wait till you’re back on the office network, wait till you get back to the office.