The holidays are a wonderful time to be out enjoying the lights and decorations of the season, often in crowded public places. But while you’re soaking up the holiday spirit, adversaries are busy soaking up your personal information – and you could be making it easy for them.
Any time you use a public wireless network (also known as WiFi), you’re exposing your device – phone, laptop, tablet – to the unscrupulous bad guys who wait for that opportunity. As you sit in your favorite coffee shop sipping a peppermint latte and casually connect to the proffered free wireless anyone nearby connected to the same network can immediately access your device.
How can you safely stay connected while you’re out and about? Here are some important tips that will help protect your sensitive information from wireless snoopers and sniffers.
Turn Off Automatic Wireless Connections
If your device is set to automatically connect to any available wireless network – make it stop! This is extremely dangerous. It means that as you travel from one WiFi zone to another, your phone or tablet is connecting without your knowledge and anyone could be digitally picking your pocket along the way. The best strategy of all is to turn off your wireless connections before you leave your house and only turn them back on when you know you’ll be connecting with a trusted network.
Use a Virtual Private Network (VPN) for Safety
If you do need to connect to a public wireless network, do so using a simple application called a virtual private network (VPN). This handy application sets up an encrypted “tunnel” for your Internet traffic, and none of your data can escape the tunnel. Many businesses provide VPN software for traveling professionals, but there are many free or inexpensive VPN applications available from trusted sources. Even if you only plan to connect to free wireless for a short time – say between flights, or waiting for your sandwich, it’s worth it to use a VPN to keep your information secure.
Look for HTTPS
If you have to surf on a public wireless network, always use secure sites. You can tell that they’re secure by whether the URL starts with https:// and shows a little padlock symbol. When you browse a secure site, any information that you exchange with that site, such as your credit card number, is encrypted. Most major email providers, such as Google and Yahoo, are also secure, so any email messages that you send will be encrypted too. But not all sites are secure, so be sure to check before you fill in any forms or make payments.
Verify then Forget the Network
Before you connect to any public wireless network, make sure it’s really the right one associated with the business establishment or location. For example, if you’re in an airport and you see multiple options for free airport WiFi, you should immediately be wary. Not all of them are going to be the one legitimately offered by the airport. Don’t hesitate to ask which one to use, or look around for signs with the name of the network. Best of all, use the free networks that require a password, such as in hotels or restaurants. The passwords get changed with some frequency and it ensures that only those who have specifically asked for the password are on the network. Finally, when you’ve finished your session, actively disconnect from the network and tell your device to “forget the network.” This will prevent any accidental reconnection.
If free public wireless still sounds too risky to you, there’s an easy solution – just don’t use it! You could elect to just use your smart phone’s 3G or 4G data connection. Or, for your laptop you could create your own mobile hot spot using your smart phone’s data service or a “MiFi” device. These services and devices will cost you extra, but weigh the cost against having your sensitive information or identity stolen through use of public WiFi.
Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience in consulting, training, and public speaking. As the founder and CEO of Secure Anchor Consulting, Dr. Cole focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats.