You’re out in public, you want to browse the Internet, you don’t want to use your phone data, but you can’t find a Wi-Fi connection. It’s a common problem, so when a network pops up, we’re all too eager to connect. Rarely do we stop to consider who’s providing that network or how secure it is.
Still, you might think that as long as you’re not checking your online bank account or accessing any other sensitive information, you don’t have anything to worry about. However, even innocuous browsing habits can be dangerous if cyber criminals are lurking.
What are the risks?
“Wherever there is an unsecured public Wi-Fi network, there is the threat of an attack,” says an iPass report on mobile security.
Whether or not the network is password-protected is largely academic when it comes to public Wi-Fi. The fact that the network is set up for anybody to use means the password has to be somewhat public (such as posted on a cafe’s chalkboard). Criminals can gain access to the network just as easily as anyone else, and they can inflict plenty of damage.
You should be more concerned about visiting sites that don’t implement SSL. This technology encrypts data sent between the user and the server, and any time you visit a site that doesn’t use it, you leave yourself open to being traced by cyber criminals.
You can tell if a site implements SSL if it has a padlock icon next to the web page. This will be the case for most social media sites, banks and email providers.
According to iPass’s report, people are most at risk of being traced at cafes and coffee shops. That’s because these places provide the perfect environment for cyber crime: there are plenty of targets, criminals can stay close to their victims without arousing suspicion and they know their victims will be in one place for some time.
Criminals also have the ability to create networks and siphon off your data that way. This has been a problem for years, but cyber criminals’ advances and individuals’ nonchalance towards safe browsing habits mean it’s still an issue. Stuart Hyde, a member of the now-defunct Association of Chief Police Officers, referred to the issue in 2011:
“All [criminals] need is to set themselves up in a public place with a laptop and a mobile router called […] ‘Free Wifi’ and unsuspecting members of the public come along and connect to them. Once that happens, there is software out there that enables them to gather usernames and passwords for each site a user signs in to while surfing the net.”
If you connect to a criminal’s network, not even secure web pages are safe. Criminals can change the router’s settings to take you to bogus versions of the websites you search for, which they can use to track your login credentials or plant an exploit that infects your device.
Know your security obligations
For more information on cyber threats, you should take a look at our Information Security & ISO27001 Staff Awareness E-Learning Course.
This course helps employees gain a better understanding of information security and their responsibilities for keeping their organisation secure. For example, should an employee access work documents or the company intranet while a cyber criminal traces their actions, they could leave the organisation’s entire systems vulnerable to a data breach or cyber attack.
With our course, your employees will learn about real-life examples of threats, how they can stay secure and the importance of ISO 27001, the international standard that describes best practice for an information security management system (ISMS).