September 27, 2013 – In last week’s blog we addressed the security of e-mails, which as we noted, represents a component of data-in-transit security. In case you missed the article, data-in-transit is concerned with data that is traversing a network or being temporarily stored in computer memory. Therefore, in addition to e-mail, connecting to a public network represents a serious threat to your company’s, or even your own, personal information.
For many of us, we learned to use the internet at home or in the office, locations where we felt inherently secure. But, with the recent proliferation of public Wi-Fi, such an innate feeling of security can be your enemy. To better understand the difference between information threats at home versus in public, it is beneficial to think of security controls as clothing. Sure, it’s okay to walk around at home in your underwear, but when you leave the house, it’s recommended that you put on some extra layers.
Now, while it is strongly suggested that you speak with an expert if you have any concerns, the following tips can greatly reduce the risks associated with public Wi-Fi:
Public Wi-Fi – Seven Tips to Reduce your Security Risk
1. Understand your environment
It’s easy to forget that you’re surrounded by strangers when using a laptop or smartphone. And, not only are you surrounded by strangers, but you are sharing an Internet connection with them as well. So, unless what you’re doing on the connected device is something that you would be willing to share with everyone, it’s best to refrain until you are connected to a secure private network.
2. Don’t leave home without the basics
In the 21st century’s cyber-world, there exist certain controls that are so fundamental to good security, their omission would border on negligence. Going back to our clothes analogy, such controls can be viewed as the underwear; that is, whether at home or in public, they represent the bare minimum of protection. So, what are the controls? Well, in regard to this week’s topic, it is important to understand the criticality in utilizing an active firewall and updated antivirus software. Now, while I believe that the benefits of antivirus software are well understood by most, the benefits of a firewall are not. You see, unlike antivirus software, which is detective and corrective by nature, a firewall is a preventative control that blocks incoming data that is unsolicited. Therefore, on a public network, having an active firewall will help prevent against most automated attacks on your computer.
3. Know who you’re connecting to
So, you’re out in public at Jane’s Coffee Shop and you decide to catch up on some work. Your phone is going so slow that the connection must be -1G. You decide to connect to the free Wi-Fi, and five connections come up. How do you know which one is legitimate? Did you know that with laptops, and even most smartphones, not only do you have the ability to connect to a wireless connection, but it is possible to create your own connection as well? It is for this reason that you should always check with the proprietor to ensure that you are connecting to their official connection. Remember, even if the connection is labeled as Jane’s Official Wi-Fi, the only way to be certain that it’s their connection is by asking.
4. If you’ve got it use it – a VPN, that is
If you have access to a Virtual Private Network (VPN), then connecting to it should be the first thing you do when using the Internet in public. Simply put, a VPN creates a tunnel to a secure remote network and encrypts all traffic along the way, thereby resulting in a secure connection that you control.
5. Look for the lock
The internet’s little lock. If you particpate in online shopping or banking, it’s almost a certainty that you have seen this little beacon of security. But, are you seeing it enough? Most likely, the answer to this question is no. You see, when you visit most websites, you are viewing an unsecure webpage. That is, the information exchanged on the site is not protected, and you can’t be sure if you are interacting with a genuine site. Therefore, if you are using a site that contains any information that you wouldn’t want others to know, then it suggested that you type “https” at the beginning of the URL. For example, in regard to Google, the default page is unsecure, but you can search via their secure page by typing “https” at the beginning of the URL.
6. Be aware of what you share
Interconnectivity is one of the great powers of networked computing, but it is important to understand how to control what you share. If using a device that has a Windows based operating system, then you should be prompted with a screen asking you to select the type of network you are connecting to. Eager to start surfing the web, many are quick to just select ‘Home Network’, but in doing so, they are increasing their risk. If connecting to a public network, always select the ‘Public network’ option, which will limit what you share. For Apple users, file sharing can be turned off by going to ‘File’, ‘Home Sharing’ and then ‘Turn Off Home Sharing’.
So, you’ve finished using the public network, but that doesn’t mean you’re out of the weeds. Regardless of how secure you felt the connection was, it is important to run a full virus scan before connecting to your home or work network. Most hackers are opportunists who prey on the unsecure, and it is important to know that no computer is safe from a motivated hacker. Therefore, unlike the previous six controls which were preventative in nature, a full virus scan is an excellent detective and corrective control to utilize.
If you are unsure that your business is adequately protected, our Information Security Baseline Review is an ideal starting point for answering all of your questions, and providing you and your key managers with a basic education of both the threats your company’s information faces and what practical approaches you can take to protect it.
Remember, a false sense of security is worse than being unsure. We have a variety of tools and resources to help you. I encourage you to call to take proactive action.
About the Author
William Prohn CISSP, CISA, CGEIT, CRISC, CMMC-AB RP
Bill oversees all aspects of information technology for the firm, and provides consulting services to a wide spectrum of Dopkins’ clients. He has over 30 years of experience in accounting and business information systems. His specific interests include creating meaningful, practical management information using computer technologies, and the security of business information and systems.