A journalist named Steven was on a flight from Dallas to Raleigh. During the flight he connected to the in-flight Wi-Fi while working on a very sensitive and controversial article. He checked and wrote several email messages during the flight.
As the plane landed and everyone stood up to deplane, a man in the row just behind Steven tapped him on the shoulder and asked to talk to him after they left the plane. Steven thought it was a little strange, but agreed.
In the gate area, the stranger told Steven that he had hacked his device during the flight, and could read everything that Steven had sent and received, including information about Steven’s confidential informants. In fact, the stranger admitted that he had hacked most of the devices connected to the in-flight Wi-Fi.
Given the sensitive nature of the article, the stranger just wanted to warn Steven that he needed to be more careful.
The Risks From Unsecure Wi-Fi
I’m sure that almost all of you use Wi-Fi, either in your home, office or in public places that provide a free connection.
Wi-Fi that is not properly secured could put your identity, your data, and your finances at risk.
Think about the types of data you are transmitting when you connect to the Internet
- Access to your email
- Login credentials for any network or website
- Data related to online banking or investments
- Credit card numbers
- Text messages
Data stored on your devices that you might prefer to keep private might also be at risk.
Wi-Fi has become so widespread that we tend to take it for granted without questioning whether it is secure. Here are the facts:
- Hundreds of thousands of home and office Internet routers have been hacked, as the default passwords and SSID names (Service Set Identifier) were never changed on the devices. (An SSID is the Wi-Fi network name.)
- Even more routers have been successfully attacked because the password was easily guessed.
- People connect to public Wi-Fi in airports, hotels, train stations, sporting events and conferences because it’s convenient and free, and doesn’t require them to use data minutes from their cellular provider.
- In some situations, Wi-Fi providers who require a password do not really have secured systems.
- Even your home or office Wi-Fi router may have already been compromised.
- With the recent U.S. government change in policy toward “net neutrality,” your Internet Service Provider (ISP) can now legally watch your Internet activity and use this data for advertising, or even sell your data to other companies.
Do You Know How to Use Wi-Fi Securely?
Probably the most important step you can take to improve the security of your Wi-Fi connections is to use a Virtual Private Network, or VPN.
Without a VPN, your Wi-Fi traffic could possibly be intercepted, and if your device has file-sharing activated, an attacker might even be able to access the data stored on the device.
Hackers could also use techniques that allow them to plant malware on your device.
Your Internet Service Provider (ISP) can see all of your Internet activity if you are not using a VPN.
In simple terms, a VPN creates a secure, encrypted tunnel between your device and one of the remote servers of the VPN provider.
A VPN not only encrypts the data transmitted between your device and the server, but it also hides your Internet Protocol (IP) address. This masks your location and can make it appear that you are located somewhere else.
Once your traffic exits the VPN server, if you are accessing a website protected with HTTPS then your communication is still secure. HTTPS stands for “HyperText Transfer Protocol Secure,” which encrypts the traffic between your device and a website.
However, if the website does not have HTTPS, keep in mind that an outside party monitoring traffic from the VPN server could conceivably intercept your traffic, but it would be more difficult to trace it back to you depending on the nature and content of the transmission.
One potential downside to using a VPN is that the VPN service provider may be able to see all of your Internet traffic, so you will need to trust it to keep your data confidential. Some providers do not maintain any logs of user activity, but many do, so make sure you research providers before you decide which service to use.
A VPN won’t protect you if you click on an infected attached file or link, so you should still consider anti-malware protection for all of your devices.
How to Choose a VPN?
Choosing the best VPN depends on your situation and individual or organizational needs.
Some VPNs are free, but most offer paid versions with other services, such as faster bandwidth, a larger variety of services, multi-device plans, and more.
Remember that a VPN does NOT make you completely anonymous, and will NOT protect you from malware.
Most VPN services are software-based, but there are some that also offer VPN capability built into an Internet router.
Other services will help you to reprogram your existing router to use their service, but this almost always requires a paid subscription.
Some questions that you might want to ask:
- How confidential will my Internet activity be?
- What kind of data, if any, does the VPN provider collect about my browsing?
- How long does it keep this data?
- Are there any restrictions on bandwidth?
- Where are the VPN servers?
- How do you pay for the VPN service?
- There are lots of reviews and recommendations about the best VPN services, and you should read several to find the best choice for you.
I am providing some links to help you get started:
- That One Privacy Site – https://thatoneprivacysite.net/simple-vpn-comparison-chart/
And these are links to several VPN services for more detailed information:
- Freedome VPN – https://www.f-secure.com
- IPVanish VPN – https://www.ipvanish.com
- Nord VPN – https://nordvpn.com/
- ProtonVPN – https://protonvpn.com/
- Mullvad – https://www.mullvad.net/en/
- StrongVPN – https://strongvpn.com/
- Tunnelbear VPN – https://www.tunnelbear.com/
- Vyper VPN – https://www.goldenfrog.com/vyprvpn
Additional Options to Explore
- Turn Wi-Fi off on all your devices when it isn’t needed.
- Think about using a browser that focuses on privacy instead of tracking your activities.
- Use the “HTTPS Everywhere” browser extension at https://www.eff.org/https-everywhere.
- Research other browser extensions or add-ons designed to protect your privacy
- If you store your data anywhere in the “cloud,” seriously consider either using a service that encrypts your data or encrypting the data yourself before it is uploaded to your cloud account.
- Consider the use of a search engine that does not track your search activities, such as StartPage.com or DuckDuckGo.com.
The risks from techno-crime grow every day, but there are relatively simple and easy things you can all do to minimize the dangers you are exposed to.
I recommend that you never, ever connect to an unsecured Wi-Fi signal without using a VPN.
On every device.
All the time.
Remember…just because you think a Wi-Fi signal is secure, there is no guarantee.
Stay safe and please take this one step to protect yourself from one of your biggest techno-crime risks.