Many of us have to travel for our work, and that often means connecting to wireless networks. If you use unsecured public WiFi networks when working on client matters, that could mean trouble.
Most hotels, airports, and cafés don’t encrypt their public networks. That means it is up to you to ensure your data remains inviolate. If a hacker gains access to confidential client materials because you were using an unsecured or open WiFi network, you could be held liable for failing to take reasonable precautions to prevent them from doing so.
Knowing about the risks of using public and open WiFi networks and taking some basic precautions should keep your data — and your client’s — safe while traveling.
Darkhotels and Malware
Malware can potentially give attackers access to everything on your device, including all of your files, photos, and even your built-in camera and microphone.
Darkhotel is just one example. Imagine you are staying in a luxury hotel, where the WiFi signal provided is promised to be very fast. After downloading the hotel’s “welcome package,” submitting your room number and last name at login, you see it is indeed fast. What you don’t see is the spy package that provided a backdoor to sophisticated hackers. Congratulations, you just fell prey to the “Darkhotels” scam.
Kaspersky Lab has researched the “Darkhotel” espionage campaign for years. Darkhotel Hackers have proven themselves extremely competent at hijacking many trusted commercial networks. Once this team places an information-stealing component into your computer, they can collect sensitive data with impunity, completely circumventing anti-malware software you may have installed. The hackers can gather every keystroke, hunt for passwords that you have cached, and then delete any trace that they have been there. With this information, they can continue to target your data, and even enlarge their hacking net to include your firm or employer’s data.
Another common type of attack involving public WiFi is the “man-in-the-middle” attack. Here attackers create their own networks and pose as public WiFi networks, intercepting all of the data flowing between unsuspecting users and the public network. Since all traffic is going through the fraudulent network device, it’s incredibly easy for the hackers to see everything, including data transmitted over encrypted HTTPS connections.
Widely available network equipment makes it easy enough for even a novice to create the spoofed websites and networks needed to perpetrate man-in-the-middle attacks.
View Any WiFi as Potentially Dangerous
When traveling, regard any network — even hotel networks — as an unsecured channel that can lead to an attack. Here are some tips to prevent the loss of your sensitive data:
- Avoid software updates while you’re traveling. If you absolutely must perform a software update, verify the update is legitimate by visiting the vendor’s website and social media platform.
- Choose a Virtual Private Network (VPN) provider — the encrypted communication tunnel protects your data over public or semi-public WiFi.
- Before you travel, be sure to update all of your Internet security software as well as any internal threat databases used by the software. As an attorney, you need more than basic antivirus protection.
- Utilize two-factor authentication on services that support it. Two-factor authentication requires you to login with a username and password, as usual, but also requires that you enter a code sent to your mobile device. Two-factor authentication greatly reduces the likelihood of someone being able to impersonate you just by using your username and password.
Instead of public WiFi networks, you can use your mobile device as a mobile Internet hotspot. Most iPhone and Android devices have this feature built-in.
Connecting your laptop to WiFi through your phone or mobile device means you avoid the risks associated with public WiFi. Using a mobile hotspot requires a password, so it’s impossible for anyone else to eavesdrop on your connection unless they have physical access to your phone or the password.
As for speed, the 4G LTE network that your mobile device uses is usually as fast or faster than WiFi. The primary drawback is that mobile data can be expensive and coverage isn’t always perfect, particularly indoors in large buildings.