The dangers of public wifi computer connection
Public wifi computer connection is great – but is it safe?
During the Covid-19 pandemic, when people worked from home and weren’t allowed out to work from public places, incidents of cyberattack on companies’ systems were relatively low and manageable. The following year, when the remote working necessity became a remote working trend that wouldn’t die out, but people were able to work from any public place they felt like, cyberattacks on company systems soared to unprecedented levels, to the extent that many companies got hit with cyberinsurance premiums that were jacked up to the sky – those who weren’t hit with ransomware or phishing attacks, that is. The dangers of public wifi computer connection seemed clear – but what exactly are they, and what can you do to mitigate them?
It’s trite but true to say that one of the greatest dangers of public wifi computer connection is… the public. The reason cybercrime went up the more people worked from public places is that systems were suddenly exposed to more of the public, meaning a higher percentage chance of encountering either a long-term or an opportunistic cybercriminal with your unsecured system.
The lack of encryption.
The one thing that in-office and at-home wifi has in common is that it probably comes with at least basic security elements, to stop opportunistic cybercrime. Those common security elements, like encryption for file sharing, are likely to be missing from public wifi. That means if you take your laptop to a coffee shop, you’re likely to be browsing – and waltzing past all your company’s security protocols – on a network that has nothing to prevent any opportunistic cybercriminal.
If you’re sharing files on your company’s latest top secret acquisition from a corner table in Starbucks, there’s a good chance an opportunistic cybercriminal just got wind of your secrets, because the likelihood of public venues having encryption engaged for file sharing is slim.
What’s more, if they know what they’re doing – and the chances are they do – cybercriminals on an unencrypted network can inject malicious JavaScript onto your laptop, because you’re really not that hard to identify (assuming they care which machine belongs to whom), and attack this way on a public wifi network.
The lack of sufficient encryption and other security features is the “gateway” danger of public wifi computer connections – it leaves your system prey to all sorts of other dangers from unscrupulous cyberattackers.
Snooping.
Network snooping is a common danger of public wifi. It happens when you use your laptop on public wifi and cybercriminals use software on the network to literally “snoop” on users’ activities – including the passwords, credit card details, or company details you type into your laptop to get into your systems.
Unless either the venue or you make it particularly difficult to do, you can be an open book in very little time to a network snooper, it’s the cyber-equivalent of carjacking. And if they manage to get into your company’s systems this way, then the company itself could be hit with malware, ransomware, or a colossal data breach.
Malare.
That brings us to one of the most common dangers of public wifi computer connection – malware. Whether it’s a virus, a worm, a tiny piece of machine-seeking code, or some other thing that shouldn’t be on your machine, malware is an ocean that exists permanently, seeking a weak spot and a way in to any computer and any system. It’s not fussy, and it doesn’t discriminate, except it has a weakness for weakness. When you’re in your office or at home, the chances are high that your connection is protected from at least some of this encroaching malware ocean.
Connect to a public wifi, without the same level of protection, and boom! – you become the weakness that malware is looking for.
There are a massively wide variety of malwares out there. Some will just mess with your life by, for instance, deleting all your files, forever, no take-backs. Some can really mess with you, stealing your credit card details, your login details to your work systems, your company’s financial data, and then you have a major ransomware incident at your company, and it’s all traceable back to the entry point, where malware hitched a ride on your laptop, like an electronic headlouse, because you made a public wifi computer connection without proper protection in place.
Rogue networks.
None of these cybercriminal techniques are exactly what you’d call “above board,” but a rogue network is sneaky even by their standards. They set up a backdoor within the venue’s wifi network, and pretend that this backdoor is a legitimate network. If you click to connect to that network, which will look like something you should do, they can implant any malware they have onto your system, or use snooping techniques to steal your logins, card details, company access, etc, because your laptop has made a ‘consensual’ connection to their network.
Session hijacking.
Another form of subterfuge that cybercriminals can use in areas with public wifi is session hijacking. In the same way as a rogue network makes you think you’re connecting legitimately and safely, so a session hijack allows criminals to literally hijack – essentially, to steal – your legitimate connection-time, so they can scoop up all that you’ve done while you’re on the public wifi at your favorite venue. So again, if you’ve accessed company systems via the public wifi, the criminals may well have access to that information – and perversely, you might never know at the time that you’ve been hijacked. You – and your company – will only feel the effects at a distance in time, when the cybercriminals are ready.
Mitigation.
There are things you can do to make yourself safer when using public wifi. Using a VPN (Virtual Private Network) can help, because it effectively “scrambles” your location as far as your service provider is concerned.
Make sure you always have your firewall software turned on, and any anti-virus software running, to deal with anything nasty that comes your way looking to latch on. Similarly, always have your wifi autoconnect switched off when you’re out and about – autoconnect acts like a welcome mat to cybercriminals, and the same is true of Bluetooth discoverability. The truth is, you’re unlikely to need to be discoverable while working on public wifi, so turn it off – you’ll stand a much better chance of only connecting to legitimate networks if you do.
If possible, use a mobile hotspot provided by a reputable carrier, rather than relying on public wifi. Why? As with your home wifi, it’s likely the hotspot will have more safeguards built into it than a public wifi network will.
Above all, start thinking about the power of your laptop, phone, or tablet. If you work on them, you’re likely connecting straight into the heart of your company’s systems. That’s a potentially valuable highway for cybercriminals. If your protection is weak or negligent, they will target you, because you’ve made it too easy for them to ignore. Do everything you can to make it harder – if nothing else, it will discourage them, and make them look for easier prey.
5 March 2024
