By Dirk-Jan (DJ) Koeman
Symantec recently reported that 60 per cent of consumers think their information is safe when they are using public Wi-Fi – completely unaware of the danger, or of its severity. The US software company further reported that only half of consumers believe they need to secure their information, 17 per cent think websites are responsible for protecting data, while another 17 per cent think the Wi-Fi provider is.
These revelations come at a time when public Wi-Fi has become a basic utility and necessity, widely available in airports, cafés and libraries: where customers now view no Internet as an extreme irritant and deterrent.
But, in reality, using public Wi-Fi is like having a conversation in a public place: other people can ‘hear’ it. The information is not encrypted, so anyone on the same network can see what another user is doing, using nothing but simple and cheap software and tools.
This makes the personal and financial vulnerability extreme, with hackers able to gain access to users’ ATM or MPESA pin codes, mobile banking login details, email and social media credentials and passwords, or personal details such as their date of birth, and even their personal relationships.
Studies from Kaspersky Lab show that in some instances, hackers can infect devices via a public Wi-Fi network, with malware that can sit inactive and undetected for several months before being remotely accessed to obtain sensitive information from the device.
Hackers can also gain access to users’ personal information on public Wi-Fi networks through something that is called ‘session hi-jacking’. This is more advanced and requires a degree of hacking skills. But with the right knowledge, hackers can enter or even take over an open session, across an open email account, Facebook or any other account on the computer or smartphone, by stealing the browser cookie.
This cookie, which is information stored on your computer by a website or account, includes a user’s password, which means the website or account can recognize you, removing the need to enter a password. Once the hacker has that cookie, they can pretend to be you and gain access to any and all of your data.
Fortunately, there are concrete actions that users can take to protect themselves. The easiest and most secure protection is to avoid using free Wi-Fi networks. But for those using free Wi-Fi, a wise move is to limit usage to only the public domain, such as news websites, and to take care when filling out online forms that require personal details.
Security-sensitive users can ring-fence their personal data by restricting privacy infringing activities, such as social media, to home connections or mobile networks. Using mobile internet gives more protection, as these connections are encrypted and a lot harder to crack.
Users can also look out for services that use HTTPS links with Secure Socket Layer (SSL), instead of unencrypted HTTP. Information on HTTP is not secured, and can thus be easily intercepted by hackers. But on HTTPS links, a secure encrypted connection is established between two systems and data cannot be intercepted by a third party.
You can verify the level of security around any website by checking the address bar on the browser. It will usually show a lock, positioned on different browsers as in the image below.
Another way forward is by using a Virtual Private Network (VPN). This creates a secure connection between a device and the Internet service it is using. This ensures that all data is encrypted and makes it much more difficult to access by any stranger. Users can obtain a VPN subscription from many different sources, with costs and quality varying widely.
An interesting feature to look out for is the 2-factor authentication which creates an additional token or password exchange between a device and the Internet service. This secondary code changes regularly, thus making it difficult for hackers to access data or even guess passwords.
Additionally, users are notified via text message or email when someone is trying to log into their account and can immediately take action.
Users should additionally keep their Operating System (OS), firewall and anti-virus software enabled and up-to- date. An out-of- date computer, software, and/or disabled anti-virus software all make it easier for hackers to access private information.
Furthermore, users can set their device to ‘file sharing disabled’ so that when they are connected to the internet, others cannot access files on the laptop or smartphone.
Finally, since malware can be spread through shared networks, it is worth switching off Wi-Fi when not using it and installing privacy-protecting browser extensions, for instance, an ad-blocker.
These remedies are not all-encompassing, and can still leave windows open, but together they make ‘free’ Wi-Fi networks a lot safer to use. This has been central to us at poa! internet. As a low-income internet service provider, we allow the masses access to the internet with a guarantee to secure, fast and reliable Wi-Fi connectivity.
Overall, the technological advancement and the increasing need for cheaper and/or free internet access via public Wi-Fi means both users and service providers must work to close the gaps that expose data and devices to security risks.
(Dirk-Jan Koeman is the Chief Business Development Officer at poa! Internet).