Verify the network name
One extremely common attack involves a hacker setting up a public Wi-Fi hotspot of their own at your favorite Wi-Fi watering hole. It will likely have a name very similar to the hotspot the legitimate business is offering. This attack is effective because the nefarious hotspot actually works, allowing you to browse the web as you normally would. The problem is that all of your emails, site logins and social media activity are being routed through the hacker’s network, where they can be monitored and collected. Before connecting to any hotspot, ask an employee for the shop’s full network name and carefully check that it matches the one you see in your Wi-Fi menu.
Look for “https” in the url bar
Encrypting the communication between your computer and any site you visit can go a long way towards maintaining privacy and security. Fortunately, the most widely implemented form of encryption involves nothing more on your end than taking a careful look at your browser’s url bar. A site address begining with “https” – it’s the “s” that’s crucial – indicates that SSL encryption is active. Your browser will also display a padlock icon in the address bar to indicate an SSL connection is active. With SSL encryption, the information you send and receive appears garbled to prying eyes, so that even if your communication is intercepted, it’s unreadable. The SSL protocol is one that websites implement on their back-end and it has long been standard practice for financial institutions and communication sites like Gmail, Facebook, and Twitter. Certainly any online shopping site you visit should have SSL enabled when you reach a login page, view your account information, or enter payment details.
A crucial part of SSL’s effectiveness lies in the fact that before the encryption process is even begun, the website actually verifies its identity to your browser. If your browser cannot verify that the site is actually what it claims to be, you’ll get a pop-up window alerting you to an “untrusted” security certificate. While there can be benign reasons behind an SSL verification warning, Kennedy advises that when using public Wi-Fi, “If you see this warning, do not visit the site. Period.”
Use a VPN service
If you’d like to ensure that all of your browsing traffic is encrypted, no matter what sites you visit or mobile apps you use, consider signing up for a VPN (virtual private network) service. A VPN service adds a physical barrier between you and the web by routing all of your communications, in an encrypted format, through a physical server controlled by the VPN company. It is only after your encrypted communication passes through the VPN server that it reaches the web. Someone snooping on traffic over the Wi-Fi network will just see garbled data passing between your computer or device and this secondary VPN server. Because the interaction with the web is actually happening through a middleman – the VPN server – a measure of user anonymity is provided as well. Two reliable and low-cost VPN services that I use regularly are Private Internet Access and TunnelBear. Both can be used with desktop computers as well as Android and iOS devices, with monthly subscriptions available for less than $7 and prepaid annual plans offered at a discounted rate. You can read a related story I wrote on the benefits of a VPN.
Keep your software up to date
Data security is an arms race, and to keep your defenses up, it is crucial that you’re running the latest updates for your operating system and web browser. This point was emphasized just last month, as was forced toissue updates to its iOS and OS X users to fix a bug that compromised SSL encryption.
There’s no magic bullet for data security. While site owners and retailers must clearly step up their game in protecting our privacy, we also need to do our part in eliminating at least the low-hanging fruit for hackers. Fortunately, with just a little awareness, and these simple steps, you can protect your data and still enjoy the convenience of public Wi-Fi.
–
–
No comments:
Post a Comment