In today's modern IT world with the advancement in cloud technologies and improved connectivity, we have the flexibility to work from anywhere. So why not work from your local independent cafe while eating your favourite cake, or sitting on a beach in The Caribbean?
Working on public wireless networks has its dangers, the problem with open networks is you can’t be entirely sure that the network is actually a legitimate public Wi-FI network and not one set up by a cybercriminal in an attempt to trick people into connecting. We call this a man in the middle attack.
How does a man in the middle attack work?
These attacks work by fooling a user into connecting to a wifi network they believe to be a trusted. Lets, for instance, say you're in Starbucks, they will set up a device that will have the name "Starbucks Free WiFi" they may even copy the true SSID name so that devices that have connected previously will automatically connect to the fake network. Users will connect, as usual, they may just get an internet connection, or they will be presented with a login as is common on public WiFi.
The login form is the first potential risk, with lots of people sharing logins and passwords across sites and devices by completing this form how many other sites could the criminal access?
With a man in the middle attack is the cybercriminal will be able to view all your traffic, see what sites are accessed and any information completed in forms. That means they'll be able to see login information, email contents and other private information.
The criminal can also redirect your internet traffic, meaning that you goto for example gmail.com, they redirect you to their spoofed login page that will look identical to the genuine Gmail, you put in your details but it doesn't log you on. The criminal now has your email credentials. They could also redirect you to a malware infected website.
What can I do to stay safe?
The best way to stay safe is to not view any private information over public WiFi.
Never access your banking information. If you have to its better to tether from a mobile device.
Ensure you have turned off sharing:
In Windows: Open your Control Panel, browse to Network and Internet > Network and Sharing Centre, then click Choose Change Advanced Sharing Settings. From here turn off file and printer sharing, Public folder sharing, password protected sharing and media streaming.
If you choose 'Public WiFi' from the network selection screen this will happen automatically.
In OS X: Go to System Preferences > Sharing and untick all the boxes.
Standard internet traffic is not encrypted, so forms are submitted in plain text, meaning anything sent will be readable, with SSL the data is encrypted, always look for https://
So if I use SSL sites I'll be ok?
You are safer using https, all major sites will direct you to their secure version, however you have to ensure that you are always using the secure site. The cybercriminals are able to strip the SSL and redirect you to non-secure sites. They can also redirect you to 'secure' clones of the sites you are accessing, meaning you'll be entering information 'securely' into the criminal's database.
Click the padlock and view details (as in the screenshot) to ensure you're using the right site.
Disable automatically connect to known wireless connections
This can be tricky in Windows as you have to do it for each individual connection, however its worth doing to stay secure.
Use a VPN
VPNs traditionally were used by companies to allow employees to securely connect back to head office, but now if you want to protect your traffic, consider using a personal VPN service, a VPN service will encrypt your browsing data meaning it can't be intercepted by 3rd parties, PC Mag has covered some of the best in this article. Though there is a cost associated with these services if you're regularly using public WiFi its a sensible investment.
As always use best practice, including keeping your applications up to date, have a multi-layered security suite and always be wary when using any sites containing personal information.
If you'd like to discuss any area of cybersecurity, please get in touch, always happy to offer advice on how you can stay protected.