One of the dangers when working while on the road is using public Wi-Fi access points, such as the ones you find in your hotel, airport or local cafe. Public Wi-Fi is incredibly convenient, but does come with its own unique risks. The two biggest threats is bad buys either setting up rogue Wi-Fi access points, or compromising legitimate Wi-Fi access points, to do their bidding. While such attacks are not as common as many other attacks, they do happen, as seen by a recent BBC article on how one Starbucks' Wi-Fi made computers mine crypto-currency. Here are a couple of key behaviors to reinforce for people traveling and using public wifi.
- Updated: Make sure all your systems, browsers and apps are updated. Cyber attackers are constantly finding new vulnerabilities in the software you use, and your vendors are constantly patching it. Current and updated systems are much more difficult for cyber attackers to hack into.
- Encryption: Encrypt everything you do online, from email to browsing. In a perfect world, this would mean using a VPN (Virtual Private Network) which means everything you do online is encrypted. If you get a warning banner about SSL certificates being used, best to not trust that network.
- Tethering: When in doubt, tether your network connection off your smartphone instead of using the public Wi-Fi. This may not always be possible, especially when traveling internationally, but it is one of the most secure methods to connect while traveling.
- Yourself: Ultimately you are the best defense. If something about the Wi-Fi connection seems odd or suspicious, simply don't connect. In fact, it was a person and not technology that found the Starbucks Wi-Fi issue in the article mentioned above. As always, a trained employee is one of the best defenses you can have.
A key element to a successful awareness program is making sure you are not scaring people into action. Instead, you want to focus on enabling them, how to make the most of technology safely and securely. Telling people to never use public Wi-Fi is in most cases not only impractical, but can have a negative impact to productivity. The goal is to manage your human risk by enabling people to secure themselves in simple steps that anyone can follow.