“If it seems too good to be true, it probably is. Free wi-fi is no exception to this adage. Security company Avast tested this theory by setting up a number of free fake Wi-Fi hotspots to see how many people would take the bait. They caught a lot of fish.” – Jen A Miller, CIO Magazine, 29 July, 2016.
On one day Avast set up a number of free, but fake, wi-fi hot spots during the Republican National Convention in Cleveland, USA. During the day, more than 1,200 people logged into the fake hot spots. Of those logging in, 68.3% exposed their identities when they connected and 44.5% checked their emails or chatted via messenger apps.
When travelling the temptation to access free wi-fi is often difficult to resist. Hackers will often set up hotspots which are designed to appear as though they are provided by businesses or organisations.
So while a hotspot may look legitimate, you need to be vigilant. Here are eight tips to help you protect your information when using wi-fi while travelling. I do not want to get technical so while there are technical terms in the article, I have attempted to explain them in plain language.
Your password gives instant access to your information such as your email, social media or online banking. It is therefore important to ensure that you put effort into selecting and protecting your passwords.
Do not use basic passwords. Examples of basic passwords include:
Research by password manager, Keeper using an external, public data source examined about one million passwords from data breaches that happened in 2016. The results of that research included:
Do not reuse passwords on more than one account. If you use the same password and one of your accounts is compromised, you will have given access to your other accounts to the cyber-criminals.
Note: No 12 was mynoob!
Use passwords of more than eight characters that have a mix of lowercase and uppercase letters, numbers and symbols.
Check the strength of your password. Some websites you log into will analyse the strength of your password. If it is not a strong password, change it.
But how do you remember all those passwords if you have a different password for each account? Make use of a password manager such as LastPass. Password managers create strong passwords for you and will securely store your account information in such a way that you don’t have to remember every password. You select how many characters you want your password to be, what combination you need of upper and lower-case letters, numbers and characters and a password is generated for you. The reason password managers are so easy to use is that you need to remember one strong password and the software remembers the others. LastPass also allows you two factor authentication through Google Authenticator (see Tip 2). To access LastPass you can either log in via the web or via an app downloaded to your mobile phone. LastPass offers a free version with these features.
Using a service such as LastPass does take time to set up. You need to enter details of each of your usernames and passwords for each of your accounts. But after this is done, LastPass also provides the benefit of notifying you where passwords are used more than once, allowing you to update your password before heading off on your travels.
A final tip in relation to passwords is to never save your username and password into your browser. Each time you enter user credentials into a website or online service the browser will often ask if you want to save the password. Whilst this is convenient if your computer is stolen it won’t matter how strong your password is as it will be automatically entered.
Entering your username and password is considered to be single factor authentication and if your password is compromised or lost, your account can be accessed. Two factor authentication requires an additional level of authentication which can include the receipt of an additional password / security code by text, use of a separate security token (key fob) or using a tool such as Google Authenticator on your mobile phone.
The use of a two-factor authentication does result in an additional step when logging in and therefore additional time. However, that additional time is minimal and the added security is worth it. Another benefit of two-factor authentication is that it can be a way of knowing that your password has been compromised. If you receive a text with a security token that you have not requested this is often a sign that someone has attempted to log into an account with your correct username and password. Without the token the attacker will not be able to access your account and the text message will warn you of which account password may have been lost.
But is there a downside? If using a security token / key fob, you may be charged by the issuer (eg. your bank) for it to be issued and it takes times for the token to be ordered and delivered. When you are travelling you also need to carry the token. This is compared to receiving a security code by text or using a tool such as Google Authenticator which requires you to have access to your mobile phone.
Before you travel, check if you can access two-factor authentication on accounts such as online banking and email, which you may need access to while away. If you can, arrange for this additional security.
If you receive a text with a security token that you have not requested this is often a sign that someone has attempted to log into one of your accounts with your correct username and password.
Anti-virus software is an important tool that should be on every computer including your laptop. So how does anti-virus software work? It usually uses two methods to protect your computer. Firstly it examines your computer for files that are known viruses. It also tries to identify suspicious behaviour from any computer program that might indicate it is a virus.
So what should you look for in a good anti-virus software? These include:
So should you chose a free or paid anti-virus software? An anti-virus program such as Bitdefender offers both free and paid versions. As with any free v paid comparison, the free version will usually offer less features. You need to compare both versions and determine if the free version is sufficient for your needs.
Using public wi-fi is like having a conversation in public. Your conversation can be overheard.
Sharing files and printers with family on a home network can make life easier but when you are travelling and accessing public wi-fi it can put data stored on your laptop at risk. Make sure that file and printer sharing is disabled.
To further protect your data, before travelling back up all files you do not need on your trip and remove them from your laptop.
Also, make sure you do all necessary application and operating system updates on your laptop. Avoid doing these updates using free / public wi-fi.
What is Encryption?
Encryption encodes your data so that only those authorised to have access to it, actually can access it. Encryption protects the confidentiality of digital data when it is stored on your computer and transmitted via the internet.
So what is a VPN? A VPN is a Virtual Private Network. A VPN encrypts all traffic to and from your laptop which makes it difficult for any cyber-criminal to gain access to your data.
When you connect to the internet, you usually connect to an Internet Service Provider (ISP), which then connects to the website that you are wanting to visit. All of the internet traffic passes through the ISP’s servers and your ISP can view that traffic.
By using a VPN, rather than connecting to the ISP you connect to a server run by the VPN provider via an encrypted connection. This means that any data travelling between your laptop and the VPN server is encrypted.
When you are travelling and log into a public wi-fi, the internet connection between your laptop and the VPN server is encrypted. Even if a cyber-criminal accesses your data by you accessing an unsecure hot-spot, your data is safe because it is encrypted.
How do you set up a VPN. While you can run your own VPN, you do need to have a good IT knowledge. The other option is to use a reputable third party VPN provider. You can use either a free VPN provider such as CyberGhost or a paid VPN provider such as ExpressVPN or Vyprvpn. The free version of VPNs will usually be slower, may have some restrictions and have less servers around the world. Paid VPNs will usually have multiple servers around the world and are faster as well as being available on multiple devices.
While the option to automatically connect to a hotspot is usually not enabled by default, it is important to check that this is the case. You do not want your laptop to automatically connect to a wi-fi hotspot when you are travelling. You want to make sure that you make the decision on whether or not to connect to the wi-fi.
When connecting to wi-fi with your laptop, make sure the connection is secured. In the image you can see that the first network is Open while the second is listed as Secured. Do not connect to an Open network. Rather connect to a Secured network which will mean you will need a username and password such as those networks you regularly find in hotels.
Firstly, what is HTTPs? HTTPs protocol means that the flow of data or traffic between the browser on your laptop and the remote server where the website is stored, is encrypted.
When travelling you might think your web browsing is harmless. You might log onto wi-fi to check opening times for a local attraction, check for a great bar or restaurant near your hotel or check the weather conditions. But when combined with other information, cyber-criminals could determine, for example, when your hotel room will be empty because you are going to a restaurant. But is that all you are doing on your laptop when travelling? Have you done any of the following:
Having HTTPs on a website you visit is particularly important when visiting a website where you need to enter a username and password. But it also important to make sure that all pages on the website you visit use HTTPs and not just the login or home page.
So how do you know if a website is protected? You need to look to the area just next to the left hand side of the web address at the top of your web browser. Having a pad lock and the word “Secure” shows that the information you send or receive from the site is private. You may also find that rather than the word “Secure” is the name of the company who owns the website. However, even if this icon is present, always be careful if you are sharing your private information and make sure you know the site you are visiting.
Sites such as banks, web based email, airlines, hotel bookings and social media usually use secure sites.
The “i” in a circle means Info or Not Secure. The website is not using a private connection and some of your information might be able to be viewed. If you are visiting sites such as these, be aware about how you are interacting with the site. In this example, news.com.au is a news site and will usually be accessed to catch up on the latest news.
I have not included an example site with this warning as I do not want to visit a site that is not secure. The “Not Secure” warning means to proceed with caution as there could be serious issues with the privacy of this site and others may be able to see the information you send to or receive from this site. The “Dangerous” warning means to avoid the site. For example, if you are using Google Chrome, you may see a full-page red warning screen which means it has been flagged as unsafe by Safe Browsing and if you proceed to the site you will likely put your private information at risk.
A firewall is your first line of defence for you laptop when you log into wi-fi. It is designed to prevent unauthorised access to your computer. It screens incoming and outgoing access requests to ensure they are legitimate.
Both Windows and Mac operating systems have built-in firewalls. You should ensure the firewall is enabled prior to connecting to any wi-fi hotspot. You can see in the image that the “guest or public networks” is set at Connected (this is using Windows 10 operating system).
No matter how much protection you set up on your laptop, you need to remain vigilant when using public wi-fi. The rule is simple – if in doubt, don’t log on.