Sign up for our free newsletter.
Many of us have to travel for our work, and that often means connecting to wireless networks. If you use unsecured public WiFi networks when working on client matters, that could mean trouble.
Most hotels, airports, and cafés don’t encrypt their public networks. That means it is up to you to ensure your data remains inviolate. If a hacker gains access to confidential client materials because you were using an unsecured or open WiFi network, you could be held liable for failing to take reasonable precautions to prevent them from doing so.
Knowing about the risks of using public and open WiFi networks and taking some basic precautions should keep your data — and your client’s — safe while traveling.
Malware can potentially give attackers access to everything on your device, including all of your files, photos, and even your built-in camera and microphone.
Darkhotel is just one example. Imagine you are staying in a luxury hotel, where the WiFi signal provided is promised to be very fast. After downloading the hotel’s “welcome package,” submitting your room number and last name at login, you see it is indeed fast. What you don’t see is the spy package that provided a backdoor to sophisticated hackers. Congratulations, you just fell prey to the “Darkhotels” scam.
Kaspersky Lab has researched the “Darkhotel” espionage campaign for years. Darkhotel Hackers have proven themselves extremely competent at hijacking many trusted commercial networks. Once this team places an information-stealing component into your computer, they can collect sensitive data with impunity, completely circumventing anti-malware software you may have installed. The hackers can gather every keystroke, hunt for passwords that you have cached, and then delete any trace that they have been there. With this information, they can continue to target your data, and even enlarge their hacking net to include your firm or employer’s data.
Another common type of attack involving public WiFi is the “man-in-the-middle” attack. Here attackers create their own networks and pose as public WiFi networks, intercepting all of the data flowing between unsuspecting users and the public network. Since all traffic is going through the fraudulent network device, it’s incredibly easy for the hackers to see everything, including data transmitted over encrypted HTTPS connections.
Widely available network equipment makes it easy enough for even a novice to create the spoofed websites and networks needed to perpetrate man-in-the-middle attacks.
When traveling, regard any network — even hotel networks — as an unsecured channel that can lead to an attack. Here are some tips to prevent the loss of your sensitive data:
Instead of public WiFi networks, you can use your mobile device as a mobile Internet hotspot. Most iPhone and Android devices have this feature built-in.
Connecting your laptop to WiFi through your phone or mobile device means you avoid the risks associated with public WiFi. Using a mobile hotspot requires a password, so it’s impossible for anyone else to eavesdrop on your connection unless they have physical access to your phone or the password.
As for speed, the 4G LTE network that your mobile device uses is usually as fast or faster than WiFi. The primary drawback is that mobile data can be expensive and coverage isn’t always perfect, particularly indoors in large buildings.
Sign up for our free newsletter.
Ask the Experts at 2Civility.org: Does your firm have the green light to accept this new method of payment?January 21, 2019 14 1 0