IT Security Tip #13: DON’T use public WiFi until you read this
We’re all guilty of it: connecting to free public WiFi. Whether it’s at the coffee shop, hotel or airport, the temptation to check e-mail and surf the web is just too strong to resist. So BEFORE you connect to any free, public WiFi, make sure the connection is legitimate.
It is exceedingly easy for anyone (I mean anyone) to fool your mobile device or laptop into joining THEIR wifi signal and you’ll never know it happened. (if you ever want me to show you, I’ll show you how your phone will be connected to your “home” wifi when you’re at your office!).
This scenario involves a “man in the middle” scenario where your device connects to a WiFi signal, but that signal is provided by a literal person “in the middle” and then it can inspect (and steal) any text that’s readable coming from your computer or device on the way to the site you’re trying to access (or login to!).
Here’s how it works: the bad guy sets up a device that tells your phone (or laptop) that IT is the wifi signal your phone is seeking (it remembers every wifi signal it every has connected to). Your phone or device trusts its found “home” (or Hilton Honors or McDonalds or Starbucks) and connects, no questions asked. You’re now sending all traffic thru the bad guys’ system.
Ways to not fall victim to this requires your active involvement. At any place that has public WiFi, ask them for the exact name of the wifi and if it has a passcode. If it does not require a passcode, DON’T USE IT! The criminal will never put a passcode on their fake wifi because you’d never connect to it! The only other method of not falling victim is to use a VPN (virtual private network) connection immediately upon connecting to the wifi. This will encrypt the path from your computer to the other end of the VPN ‘tunnel’ and the bad guy can’t read that info.
NEVER, access financial, medical or other sensitive data while on public WiFi. Also, don’t shop online and enter your credit card information unless you’re absolutely certain the connection point you’re on is safe and secure. Lastly, if your email system is not using “SSL” or “TLS” and it automatically logs you in when you bring your email program up on your laptop, your email password is being ‘sent’ over the network in plain-text. Get with your IT or email service provider to get this fixed asap!