From online banking and shopping to social networking and streaming entertainment, the internet has become an essential part of our daily lives. We rely on the internet for a vast range of business and leisure activities.
However, alongside the many benefits, there are also clear and present dangers to be aware of. In particular, the increasing number of cyber threats out there and the dire consequences they can have. As such, it’s vital for anyone using the internet to prioritize their online security and privacy – even more so when you’re a business user.
There are lots of potential pitfalls to watch out for, and in our ongoing blog series, we’ll be exploring each of these and sharing our expert advice on how to protect yourself. Today, we’re going to look at one of the biggest mistakes people make and that is using public Wi-Fi without protection. We will explain why you must stop using public Wi-Fi asap and provide alternative solutions to keep your data safe.
Problem: Public WiFi and Online Privacy Risks
Using a public Wi-Fi network exposes your data to a plethora of security risks. Hackers can easily intercept your connection, gaining access to your personal information, such as login credentials, financial details, and private messages. Moreover, some public Wi-Fi networks may be set up by cybercriminals to lure unsuspecting users into their traps.
The main issue with public Wi-Fi networks is the lack of trust. As an end-user, you have no way to check who controls and accesses such a network. One of the most common and dangerous public Wi-Fi hazards on the internet is the Man-in-the-Middle attack. This takes place when you are trying to connect to a service that contains confidential or valuable data, such as your mail provider website (Office365 or Google workspace for example) or financial institutions such as banks or crypto-trading platforms.
The attacker – who has either taken control of the public wireless network, or who has simply set up their own, has a powerful position if make the mistake of connecting as they can now monitor your online activity and traffic. They can redirect requests and present different websites when you try to access the internet. We know of at least popular three potential scenarios which cyber criminals can use to attack your device based on public or semi-public networks (such as hotels).
- Create a Wireless network with the name of a local business and allow connection without a password. This could be used in situations when the business does not provide its own network. Alternatively, they could use a more complex approach by jamming the original network signal rendering it unusable and providing a fake access point with the same name.
- Attack the original public network and start controlling how the traffic is routed.
- Access the network and try to intercept data which is sent between your devices and the internet.
All three of these scenarios can have catastrophic consequences for you and your business, from emptying bank accounts to identify theft and worse.
The Consequences of Ignoring Privacy and Security
Ignoring online privacy and security can lead to devastating results as we have mentioned above. Identity theft, financial losses, and reputational damage are just a few of the potential outcomes. By using unprotected public Wi-Fi networks, or even semi-public Wi-Fi networks, you put your sensitive data at risk, making it easier for cybercriminals to exploit your personal information. It is important for you to fully appreciate how serious such a breach can be. I do understand that scaremongering is the worst way to keep people safe, but without realizing what the worst-case scenario could be, it’s very hard to make a balanced decision about protecting yourself online.
Whenever we connect to the internet and perform day-to-day transactions such as buying products, transferring money, or simply sending an email or message, we are potentially a target. Therefore, you must be aware of the ways criminals can attack you and the consequences of such attacks. Let’s take a look:
Breach to your email: This is one of the easiest breaches to achieve as we use our emails most frequently and literally anyone can put something inside your mailbox. Just knowing your email address allows someone to send you an email with an attachment. It’s as easy as that to launch an attack. Make sure you check out our blog on phishing emails and how to protect yourself for more on this subject.
Attack on your bank account or Debit/Credit card: These attacks are among the most severe as any criminal who has managed to access your account, or your card, will try to extract all available funds as quickly as possible.
Breaches to your online accounts: For example, Amazon.co.uk, online supermarkets, shopping websites, or even social media accounts. Accessing an E-commerce website such as Amazon is another opportunity for criminals to potentially steal your money and data, whereas a breach of your social media accounts is more of a reputational risk but can have equally unpleasant consequences. Criminals can blackmail a person under the threat of sharing private photos or conversations. A good example of this was the attack on Apple iCloud when many celebrities’ personal and very private photos were leaked online.
Attack on your computer or mobile device: This could be a stepping stone to obtaining access to your emails and then subsequently breaching your bank accounts. However, your emails and files on your local computer can be a true treasure trove of information about you. This can lead to the most severe attack across a range of platforms.
Identity theft: If criminals manage to collect enough information about you, they will be able to impersonate you. Frequently, people will keep information in their mailbox, or as files saved on their computer, such as scans and copies of their ID such as passports, driving licenses, national ID cards, and National Insurance cards. Clearly, if any one or more of these documents are stolen, it can be extremely damaging.
Financial statements: Obtaining statements from banks, building societies, or mortgage providers, can make life much easier for criminals as they can assess how much money they can extract from their victim and where that money is located. This enables criminals to be laser-focused on stealing the maximum amount from their victim. I know someone whose identity was stolen, which led to a cyber-criminal obtaining a mortgage in this person’s name and purchasing a house. The only way to clear their name was to undergo a lengthy, expensive, and stressful legal ordeal, where they were finally cleared. However, during the two years, it took to resolve, the victim of this attack suffered intimidation from bailiffs who were trying to seize their property, severe reputational damage, and even the loss of their job. This is what we mean when we talk about catastrophic consequences. We are definitely not exaggerating. Cyber-crime can ruin lives.
Alternatives for Safe and Secure Internet Access
Instead of using public Wi-Fi networks, or even semi-public Wi-Fi networks consider the following alternatives to ensure your online privacy and security:
Mobile Hotspot: My favourite would be a mobile hotspot. If you have a mobile data plan, you can use your smartphone as a hotspot to create a secure connection for your other devices such as laptops, tablets, smartwatches etc. This provides a layer of protection against potential threats on public Wi-Fi networks as you are not connecting to the network and completely rely on your 4G/5G connection instead. If you are travelling abroad and need access to the internet, but your roaming contract is not providing enough data, then it’s a good idea to buy a local hotspot. Usually, you can purchase a temporary mobile hotspot on a rolling 30-day contract. If you decide to go with this option, I would strongly recommend talking to local people to select the network that provides the best coverage where you will be travelling and/or staying. However, there are situations where such a solution is not available due to bad network coverage, and insufficient data on roaming plans so it’s worth doing your research before you travel.
Virtual Private Network (VPN): VPN services encrypt your internet connection, making it difficult for hackers to intercept your data. They also hide your IP address, providing an additional layer of privacy. There are numerous reputable Virtual Private Networks service providers, such as NordVPN, ExpressVPN, and CyberGhost, offering excellent security features and simultaneous connections for multiple devices. Try to select a provider that offers multi-device support and offers an app for your phones/tablets. Please check out our blog for other articles, which go in depth about the benefits of VPNs to help you decide if it’s a solution that fits your needs.
Antivirus and Security Software: Invest in reliable antivirus and security software, such as Bitdefender Mobile Security or Eset Protect Advance Security, to add extra layers of protection to your devices. These software programs come with features like real-time scanning, a firewall, and automatic Wi-Fi protection to safeguard your online activities. If you need help and advice on which software to choose and how to install it, contact one of our friendly team today – Click Here to get in touch
Updates: There is a saying in the world of developers that in every 100 lines of code there is a bunch of bugs, so any program that is longer the 100 lines will have some issues, whether this is faulty logic or unsafe execution of the code. To give you an idea, Windows 11 has 50 million lines of code. On top of that, think about the constant updates to any program on your computer. Each one can have hundreds of thousands, if not millions, lines of code. Keeping all this software up to date, not only introduces new features and can potentially speed up your computer but most importantly those updates can fix system vulnerabilities that can allow criminals to attack your computer.
Device Encryption: Encrypt your mobile devices and laptops to protect your data even if your device is lost or stolen. Windows 10 and subsequently Windows 11, for example, come with a built-in encryption feature called BitLocker. On Apple Mac, the same feature is called FileVault. Mobile devices such as iPhones and iPad are encrypted by default when you set up FaceID or TouchID, while in the Android world most of the devices should be encrypted starting from Android 6.0 (Marshmallow). However, as the Android market is much more fragmented, it is prudent to check and ensure that your device is encrypted. In the past, some manufacturers provided facilities to encrypt but left it to the end user to enable it, so don’t take it for granted that your device is secure.
Be Mindful of Online Activities: Limit sensitive activities, like online banking or entering personal information, while connected to public Wi-Fi networks. Instead, only perform these tasks on secure connections, such as your home network or a VPN connection. Keep an eye on your bank statements and enable immediate notifications in case of unauthorised online payments and transfers. Additionally, set a reminder every few months to check authorised devices on your online accounts such as Amazon, Facebook, eBay etc, to make sure only your devices are linked. Below, I’ve listed a few popular online services that you should check out. This is just an example so make sure you adapt this list to your own personal situation. I would recommend setting up a regular reminder every 1-3 months just to check all the accounts.
- Open your preferred web browser and navigate to the Microsoft account website: https://account.microsoft.com/
- Sign into your Microsoft account using your email address and password.
- Once you are signed in, click on the “Devices” tab located in the top menu.
- You will now see a list of all devices connected to your Microsoft account. This may include PCs, laptops, tablets, and smartphones that have been associated with your account.
- Open your preferred web browser and navigate to the Apple ID website: https://appleid.apple.com/
- Sign into your Apple ID account using your email address and password. You might be prompted to enter a two-factor authentication code if you have it enabled.
- Once you are signed in, scroll down to the “Devices” section.
- You will now see a list of all devices connected to your Apple ID. This list may include iPhones, iPads, Macs, iPods, and Apple Watches that have been associated with your account.
- Go to the Amazon website and sign into your account.
- Hover over “Account & Lists” in the top-right corner and click on “Your Account” in the dropdown menu.
- Under “Login & Security,” click on “Edit” next to “Secure your account.”
- You will see a list of devices logged in to your Amazon account. Review this list and click “Sign-Out” next to any device you don’t recognize or want to remove.
- Go to the Facebook website and sign into your account.
- Click the downward-facing arrow in the top-right corner and select “Settings & Privacy” from the dropdown menu.
- Click on “Settings.”
- In the left sidebar, click on “Security and Login.”
You will see a section called “Where You’re Logged In.” This shows a list of devices and locations currently logged in to your Facebook account. Click on “See More” to view the full list.
- Review this list and click on the three-dot menu next to any device you don’t recognize or want to remove. Then, click “Log Out” to sign out from that device.
- Go to the LinkedIn website and sign into your account.
- Click on your profile icon in the top-right corner and select “Settings & Privacy” from the dropdown menu.
- Under the “Account” tab, click on “Account access and security” in the left sidebar.
- You will see a section called “Where you’re signed in.” This shows a list of devices and locations currently logged in to your LinkedIn account.
- Review this list and click on “Sign out” next to any device you don’t recognize or want to remove.
It is vitally important to check that all the devices on the lists belong to you. If you notice a device that you no longer use, or do not recognise, you should follow the instructions to remove it from the account. This kind of housekeeping is a necessary foundation for increasing your cybersecurity for both business users and private alike.
What should you do if you spot a device you don’t recognise?
If you notice a device that you don’t recognise it could be an old phone, tablet, or computer, but it could be something much more serious. It might be worth keeping a list of old devices just to be safe. However, assuming that the device is not yours and it is not one you recognise, I would suggest you do the following:
1. Do not delay. Act immediately!
2. Remove the device from the list of trusted devices.
3. Check if the recovery details are correct. Is your recovery email up to date? Is it an address you recognise? Do you have access to this address? If not, you should update it to your current email now.
4. Enable Multifactor on the account if is not activated yet.
5. Reset the password for the account and ensure only you have access.
6. Change passwords to ALL online accounts that have used the same password. If you do use the same password, log on to any of your local devices as well.
7. Consult with an IT expert to run a check on your devices to ensure your IT setup is not compromised. Our friendly team is always ready to help – Click Here to get in touch
Internet security is a complex subject, but as we’ve explained the consequences can be simply disastrous. It is worth keeping in mind that in 2021 alone UK victims lost £1.3 Billion to online fraud and there were 195,996 incidents.
That means on average, victims lost £6,633.57 each! That is a frightening figure, but the true number is even higher as not all online fraud is reported and thus the losses can be much higher.
In today’s interconnected world, online privacy and security is more important than ever. By avoiding public Wi-Fi networks and implementing the solutions mentioned above, you can protect your sensitive information from cyber threats. Remember, taking proactive measures is crucial to safeguard your online activities and ensure a safe browsing experience. If your business does not have an online security policy, or you feel there are gaps in your defences, I would strongly recommend talking to a trusted Managed Service Provider. If you don’t know who to contact, I can recommend the friendly team of experts at Operum.Tech. We’re one of the most trusted IT service providers in London and Croydon, and work with clients across the country and around the world. If you would like to find out more about what our team can do for your business, simply get in touch!
Sign up below to join the Operum newsletter