By Information Commissioner Elizabeth Denham. "I’ve been pleased to hear from many of you that the eight GDPR myth busting blogs we’ve run this year have…
Today’s working life can often demand that we work remotely, away from the office. It can be appealing to find the nearest coffee shop (or perhaps a cosy pub) and pull out your laptop or work phone and begin tapping away. It’s practically expected now that these establishments have free to use Wi-Fi for your convenience and is a good way to ensure you stay a little longer, have just one more coffee, and allows you to sit in comfort whilst answering those emails or sending those important files that are being requested. In this scenario you’d probably notice several other people, all working similarly, all on the same free Wi-Fi network.
A key starting point with cyber security is the oft-referred to triangle of Confidentiality, Integrity, and Availability (CIA triad) which is the model used in information security for guiding policies. Businesses regularly implement confidentiality by having a password and restricting access to only those who require it. It is common practice for businesses to have their own separate intranet that is only accessible by employees or authorised machines. We zealously guard access to the network behind passwords and firewalls because the information we process there is sensitive to the business. Once we begin using public Wi-Fi, we are on a network that anyone is allowed to just hop on to. That’s a problem.
An early part of many cyber-attacks is gaining access to a secured network but once we begin connecting to these free access points we’ve effectively removed that obstacle for any malicious individuals out there. In fact, there’s a chance that we may have even connected directly to their device. If you were to go to a city centre and turn on your phone’s Wi-Fi you will see the screen quickly populate with networks for you to choose. Can you know which one is legitimately “SunDollarTM” coffee shop’s network when you are faced with “SunDollar Wi-Fi” and “SunDollar – Free Public Wi-Fi”? Setting something like this up is quite simple to do and, if you choose incorrectly, you could just provide unfettered access to any data you send or receive as well as potential access to your device itself.
Even if we were on a legitimate network the first priority of people providing access to the internet here is rarely your digital
security and we should understand that even if these networks are password protected that does not make your data secure, it just means that the potential attacker has to buy a sandwich to get access. Some of these networks will also be unencrypted which means that everything you send or receive will be completely visible, including your passwords. It’s worth checking if the network is WPA2 or WPA3 encrypted though the latter isn’t fully implemented yet. We still require internet access whilst we are working on the go though. So what can be done about it?
We can use something called a Virtual Private Network (VPN) to encrypt all data we’re sending and receiving on our device. What this does is create a kind of “tunnel” for your data that’s private to you; anyone else on the network would only be able to see an encoded stream that they wouldn’t have access to. Many businesses require workers using laptops to connect remotely to their network to use a VPN of some form and it is worth checking with your IT department if you are unsure. From a private standpoint, there are many VPN’s out there to choose from that you can apply to laptops, phones, and even routers to secure your data. It would be worth doing some research into which VPN you would want to use to make sure you choose the most secure and relevant option for yourself.
Ensure your device has a firewall turned on if it is available. Windows will have its firewall on by default and this can be key to preventing unauthorised access. Alongside this is ensuring that your device has had all of its updates installed as these updates often fix holes in the security that were previously unknown. The combination of an active firewall and up-to-date security fixes goes a long way to ensuring the security of your device from unauthorised access.
When visiting websites, try to stick to ones using the “https://” prefix instead of just “http://”. The addition of the ‘s’ is for ‘secure’. When you visit a website and look at the address bar, if it’s using https, there will be a small padlock icon up there next to the URL. This means that traffic between you and the website will be encrypted, though anyone looking at the network will still be able to see what websites you are looking at.
Consider using your mobile phone as a personal hotspot. You can simply tether it to your laptop with a USB cable and easily share the data or create a Wi-Fi hotspot, though you should be sure to put a password on this. By doing this you’ll be keeping yourself separate from a public network and, therefore, a bit more secure. The downsides to this are that you may go over a pre set data limit and also your speeds may not be up to scratch depending on what it is you’re doing.
In conclusion, when using a public Wi-Fi, the first step is in understanding the risks. Ask yourself if the work you’re using your device for is something you’d be happy with being public. If it’s cat videos on YouTube then that could be considered harmless. If it’s private emails or access to a business network then consider some of the options outlined above to help mitigate this. Overall it would be suggested that any kind of internet usage that should remain confidential isn’t carried out on a public network. By being aware of the dangers you can take the steps necessary to reduce risk to yourself as an individual and to your business.