Protecting Yourself in the Wild

The Problem with Free Wi-Fi

Coffee shops started it and now everyone’s in on it. Free Wi-Fi is everywhere these days. That means client communication, catching up on industry news and collaborating on projects are all conveniently possible from almost anywhere. However, you must tread carefully. Connecting to public Wi-Fi poses a major security threat to the safety of client data, and to your data as well. There are ways to combat these threats.

 

Types of Attacks

One of the most common methods hackers use to steal data on public networks is called a man-in-the-middle (MITM) attack. Essentially this means the hacker positions themselves on the network between your computer and the access point or router. This allows the hacker to see and alter any data transmitted to and from your computer.

An example could be as simple as Jerry checking his bank account at a coffee shop while on vacation. Jerry would navigate to www.whateverbank.com just like he always does. The hacker captures this request for data from Jerry’s computer and redirects Jerry to a fake banking website set up on the hacker’s computer, one that looks exactly like Jerry’s bank. Jerry enters his banking username and password expecting to login, the hacker then captures this new information and redirects Jerry back to the real banking website login page. Jerry, assuming he must have just mistyped his password, simply logs in again, checks his email and continues about his day. Jerry has absolutely no idea … until he sees his new checking account balance a few days later at $0.00.

Another popular form of attack is the use of fake Wi-Fi hotspots. A hacker sets up a mobile hotspot in a crowded area and names it “Café Wifi.” You connect thinking you’ll simply be checking your email, but this connection gives the hacker the ability to see and alter your data — a dangerous situation.

 

Protection Options

Luckily, there are ways to protect yourself using browser extensions, desktop applications, 2-factor authentication and Virtual Private Network (VPN) connections.

Browser extensions are the perfect way to quickly add new functionality to your web browser. However, you must be wary of the extensions you use, as they have high-level access to the data flowing through your browser. Don’t install ‘shady’ extensions from developers that nobody’s ever heard of – trust your instinct: If it looks like malware, it’s probably malware.

Below is an explanation of one such extension, Ghostery, a top performer in blocking trackers on the web.

Ghostery: This is a web browser extension that works on most popular browsers. It operates by detecting and blocking thousands of third-party data-tracking technologies. These trackers are used to collect stats about web visitors, other sites they visit, the visitors’ locations, platforms used to browse, and various other stats that are mostly used in analytics for targeted advertising, but that can also be used for less benign purposes in the wrong hands. This extension also blocks ads to increase page load times so if you run into a website that isn’t loading correctly, or if you’d rather not use this extension on a certain webpage, simply pause Ghostery and reload the page to enable full functionality of the site again.

2-Factor Authentication (2FA): 2-Factor Authentication, sometimes called two-step verification, is an added layer of security to make sure someone accessing an online account is actually the person they are claiming to be. This can be done in a variety of ways including text messages wherein the user logging in will receive a text message from the account they’re logging into, that may contain a code that is to be typed into your computer to access the account. This prevents someone from accessing your account if they don’t also have your phone from which to retrieve the code.

To find out if a website you use supports 2FA check twofactorauth.org

VPN Connection: Microsoft explains this in detail on their website: “Using VPN connections, an organization can help secure private network traffic over an unsecured network, such as the Internet. VPNs help provide a secure mechanism for encrypting and encapsulating private network traffic and moving it through an intermediate network. Data is encrypted for confidentiality, and packets that might be intercepted [such as an MITM attack] on the shared or public network are indecipherable without the correct encryption keys. Data is also encapsulated [or wrapped] with an IP header containing routing information.”

In layman’s terms, a VPN connection creates a secured tunnel that data flows through between your computer and the internet or a server such as a client or work server. This provides protection from MITM attacks on public networks while browsing the internet, communicating, sharing project files and even while gaming. It also provides a safer browsing experience that goes beyond simply blocking site trackers like the Ghostery extension does; a VPN can disguise your IP address for anonymous, track-free browsing. It also gives you the ability to get though a firewall that may block certain websites, giving you free range of the internet from anywhere in the world.

Thenextweb.com always offers deals on VPN services, many of which are lifetime subscription deals. Windscribe is one of the VPN services offered and it’s very easy to set up. Create the account, download the extension, phone app or desktop app depending on what platform you’re using and simply turn it on. You’ll instantly be working securely and anonymously.

Data protection is imperative, especially when dealing with client data. So while you’re out traversing the world this summer remember to equip yourself with these tools and follow your instinct: If it looks like a scam it’s definitely a scam.