The Worst Places To Connect To Public Wi-Fi

Uploaded on 2023-09-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

If you or members of your workforce are travelling for business, you should be particularly cautious of business email compromise (BEC). This involves hackers attempting to access email accounts to carry out fraud, such as transferring funds. Another method cyber criminals may try is identity theft or compromising accounts.

Hackers can intercept data sent over an unsecure network, therefore, any information that you input, such as passwords, could be used to break into your online accounts such as business accounts or even steal your identity via compromised passport information.

Here are some of the worst public places currently used for Wi-Fi connection. 

Restaurants/Coffee shops:   Large restaurants or coffee shops see numerous customers pass through their doors daily, all of whom have access to the public Wi-Fi that the venue offers. This open access can leave users vulnerable to hackers who are able to exploit the lack of security in the Wi-Fi network and utilise this to access user data, otherwise known as a MITM (Man in the Middle) attack.

From this, hackers can access information on websites that users visit, browsing activity, and more personal information such as passwords and financial transactions. This can leave user logins and other personal data vulnerable being stolen by a hacker. 

Hotels:   Hotel Wi-FI can prove useful to your employees whether they are on a business trip or catching up on uncompleted work, however, hotel Wi-Fi often provides full public access, meaning anyone can access and monitor it. 

Router hacking is just one of the ways hackers can take advantage of open access hotel Wi-Fi. This involves hackers or cyber criminals gaining control of a router in order to take advantage of its vulnerabilities, resulting in access to personal and sensitive information. 

This can be a threat to anyone who is on the hotel’s Wi-Fi as their personal cyber information can become available to hackers using this method.

Public Transport:   Despite many employees working in a remote or hybrid capacity, certain roles will still require travel to and from work meetings from time to time, and Wi-Fi on public transport such as trains can be useful if employees have work to complete before getting to their destination. 

Nevertheless, its safety and security can be easily compromised by hackers due to its open access, making it a frequent target for attack.

As such, using Wi-Fi on trains for completing work whilst commuting can leave many employees susceptible to hackers who could gain access to important business data, financial data, or even private and personal information such as logins.

One way hackers may exploit data via transport Wi-Fi is through Malware attacks. This entails cyber criminals interfering with a device in order to gain access to its information. This is common on unsecure networks, as hackers can easily access devices when connected to the same Wi-Fi as their victims.

 Airports:  If on a business trip, you should make your employees aware that they should be vigilant when using airport Wi-Fi, as airports are hotspots for cybercriminals looking to target personal information such as passwords, financial data, or business data.

Commenting on these Wi-Fi dangers Venky Sundar, President of application security firm Indusface said  “Public Wi-Fi is more vulnerable to attacks. If your employees use public Wi-Fi networks, the chances of getting a malware infection is high"  

To minimise the potential damage, Indusface recommend that employers focus on two aspects: 

  •  Endpoint Security. In endpoint security it is all about using good antivirus software and making sure to instal automatic updates
  • Application Security. Application security is the second layer of defence, Iin case your employee’s computer does get compromised, so the chance of malware infecting your company infrastructure is high. "This is where putting your applications behind a WAAP becomes critical. That way, even in case of a compromise, the WAAP blocks attacks and protects the infrastructure and applications.” Veky advises.

It is vital not only for employees, but for businesses, to ensure that they are adequately protected when using public Wi-Fi. There are numerous methods you can use to do so. Additional steps businesses and employees can take to help protect against cyber attacks include:-

  • Turn off the auto-connect Wi-Fi setting, as this can automatically connect you to open access public networks nearby that may not be secure, and can leave you vulnerable to attack.
  • Use a VPN (Virtual Private Network), as this can help ensure your data isn’t visible to hackers as it goes through the network you are on. If it becomes visible, hackers can breach your digital privacy and gain access to your private company or personal data.
  • Ensure you have anti-virus software installed on your device. This can help protect you whilst using public Wi-Fi, as it has the ability to detect malware that may find its way into your system whilst using the public network. The software will issue an alert to you if any viruses are on your device, if there is any suspicious activity, or attack.
  • Perform gray box DAST scans on all your web and mobile applications so that you know the exact risk when the admin or user credentials get compromised. Once you understand the risks, mitigate them on code.
  • Implement a Web application and API Protection (WAAP) solution so that when your employee's endpoint gets compromised, the attacks that originate out of that compromised endpoint get blocked at the WAAP. 

The best protection is to not use these public Wi-Fi networks at all, as you can never be sure about how your remote employees will comply with these guidelines.

Image: Christine Hume

You Might Also Read: 

Cyber Criminals Exploit Lockdown Workers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Why DNS Protection Should Be A Crucial Part In Building Cyber Defense
Enterprise Cybersecurity Today: A Vast Landscape To Secure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

Bricata

Bricata

Bricata offers industry-leading IPS solutions for enterprise-wide threat prevention and unparalleled situational awareness.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

World Cyber Security Summit

World Cyber Security Summit

World Cyber Security Summit, by Trescon, is a thought-leadership driven platform for CISOs who are looking to explore new-age threats and the technologies/strategies that can help mitigate them.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

Testhouse Ltd

Testhouse Ltd

Testhouse is a thought leader in the Quality Assurance, software testing and DevOps space. Founded in the year 2000 in London, UK, with a mission to contribute towards a world of high-quality software

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

Global Market Innovators (GMI)

Global Market Innovators (GMI)

Global Market Innovators (GMI) delivers secure technology solutions to organizations in need.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Mitigo Group

Mitigo Group

Mitigo offers a well considered and effective approach to keeping businesses completely secure from any digital attacks.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.

Security Awareness Special Interest Group (SASIG)

Security Awareness Special Interest Group (SASIG)

The Security Awareness Special Interest Group (SASIG) addresses the human aspects of security and fraud prevention in an initiative to improve trust and confidence in the online environment.