Is it Safe to Use Wifi Hotspots?

No, it isn’t.  Thanks so much for reading, and we’ll talk to you next month!

Ok, I should probably apologize.  I have been in the habit these last few months of writing headlines that contain loaded questions.  While it may be true that the short answer to Is it safe to use wifi hotspots? is “nope”, there are certainly steps you can take to better protect yourself as you venture out on the Web.  Let’s explore a few of these in more detail before you connect up to the wireless at your local coffee shop:

Antivirus, security patches, firewalls = a no-brainer

Having antivirus installed (and up to date!) is a basic step towards protecting your online activities, but do not let it give you a false sense of security.  About a year ago, I heard someone compare antivirus software to immunizations you receive at the doctor’s office.  In other words, antivirus software is great at catching “icky” stuff that has been out in the wild for a while.  But just because you received a tetanus shot, are you going to run around with reckless abandon near sharp objects and manure?  Of course not.  You would still proceed with caution and awareness.  The same goes true for antivirus on your computer – it gives you some fundamental protection, but not a free pass to surf wherever you like and click every link you receive in an email.

In the same vein, you should ensure that your system is completely up to date with patches released for your operating system.  Much like antivirus vendors release signatures for known infections, Microsoft and other operating system providers regularly release patches to fix bugs and plug security holes.  Microsoft has a nice article to help you configure your machine to automatically receive and install these updates.

Make sure whatever Web browser you use is also current.  Though browser comparisons could be an entirely separate article, I would generally recommend Firefox or Chrome over Internet Explorer, which historically has been plagued with some pretty serious security issues.  Chrome is nice – especially for non-tech users – as it does some self-updating and patching automatically behind the scenes, without requiring user intervention.

Finally, make sure that your software firewall is enabled for public networks.  Here’s another good Microsoft article to help steer you in the right direction.

Beware of offers for “free” wireless

So, you have your antivirus, computer and Web browser all patched up, your firewall is on, and you are ready to connect to wireless.  You open up your laptop at the local Caribou and see this:

You should be able to go ahead and just click Caribou Coffee and be on your way, right?  Well what if I told you that in this particular case, if you had connected to the Caribou Coffee access point, you would have actually connected to my tablet, which is configured in such a way to monitor your online activity and potentially steal sensitive information?

This is a very feasible example, so when you join a wireless network, ensure that you know the right one to join.  In this example, asking someone who works at Caribou would reveal that the network named Caribou is the one you want – not Caribou Coffee.  (Note: yes, it would certainly be possible for a bad guy to also setup a wireless connection named Caribou, in which case detecting that is a bit more difficult.  But for the sake of this article, we are sticking to wireless hotspot security basics.)

Also, as a general rule of thumb, do not click unknown networks that appear to offer free wifi.  Some network names I’ve seen out in the wild that you should probably stay away from:

  • Free Wireless
  • Free Public Wifi
  • Hpsetup
  • Default
  • Public Wifi
  • City Public Wireless

Curb your itchy clicker finger

Finally, one of the most important things you can do to protect yourself online is to not click anything.  No links in email, no tempting banner ads, no Facebook videos with tantalizing subject lines like, “His face got bit off by a shark…AND YOU WON’T BELIEVE WHAT HAPPENS NEXT!!!”

In seriousness though, it is crucial to develop a critical eye and defensive attitude when you’re cruising from site to site or reading email.  This is more art than science, and can’t really be taught, as it comes with time and experience.  But here are some tips to consider before you click that link:

  • If you don’t recognize the sender of a message containing a link, don’t click it.
  • If you do recognize the sender of a message that contains a link, be weary of the subject and context.  Does the tone of the email sound like this person you know?  Does this person usually have decent grammar and spelling, yet the message you are reading seems like it was written by a Kindergartner?  If in doubt, call the person directly to be sure.  It may be that their email account was hijacked, or the message was sent unbeknownst to them due to a malware infection.
  • If an email contains an offer that is too good to be true, it probably is.  Check snopes.com and search for the subject of your message.  You will find there’s no such thing as a free Applebee’s gift card, Chipotle burritos, or just about any other type of free lunch.
  • This one is personal preference, but I don’t click Facebook links or banner ads.  Ever.  If I see an ad for a product I’m interested in, I open a new browser window, Google the product, and go right to the vendor site.  If it’s a “must see” video, I go to YouTube and search for it.
  • If you’re on the fence as far as judging the legitimacy of a link, hover your mouse over it.  That can help you avoid a trap.  For example, hovering over this link…

Hit up this link for free lunch at Applebees!!!  http://www.applebees.com/free-food 

…will reveal that you will actually take you here:

i-am-a-bad-guy-ha-ha.org/heres-a-virus-for-you

  • Additionally, you could right-click the link, copy it, and then paste it into one of several online services (such as URLVoid) to help you make a judgment call.

As a quick real life example, I recently made some changes to an online account, and I received an email asking me to click a link from transfer-approval.com to confirm the changes.  That looked suspicious.  So I headed to Google and typed in the domain there.  Looks like I’m not the only one who had doubts:

Reading through the Google results, it looked like transfer-approval.com was a legitimate.  But just to be sure, I typed the domain name into URLVoid:

Finally, just to be extra sure, I searched the vendor’s Web site knowledge base and found that indeed, emails from transfer-approval.com were to be expected:

When you start a domain transfer the first thing we do is look in the current Whois for the administrative contact email address associated with your domain. We also look for the registrant email address. If these two email addresses are different then each will receive an authorization email. This authorization email will come from [email protected] and will include text explaining that a transfer has been requested. It will include a link that you must click on to continue the transfer process.

Conclusion

There is a lot to think about when connecting to wireless networks – and just being online in general.  Be sure to keep your computer up to date with the latest security patches, watch what you click, and surf Web sites with a critical eye.

If you have questions about wireless/online security, I would welcome the chance to talk with you.  I can be reached at 952-467-6385 or at [email protected].

Coming up next

September is going to be all about passwords!  Are you still sticking notes on your monitor or hiding them under your computer keyboard?  I’ll help you manage and remember passwords without burning your brain cells.

Then in October, we will talk specifically about online privacy.  Can your boss really read all your email and see what sites you’re visiting?  What about at home – can your Internet provider see everything you are doing online?  Stay tuned.


FRSecure on FacebookFRSecure on LinkedinFRSecure on TwitterFRSecure on Youtube
FRSecure
FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *