Come on – let's admit it. We’ve all been in that desperate situation where we need Wi-Fi access but the only Wi-Fi around is “unsecured”. In other words, there is no lock symbol next to the familiar Wi-Fi symbol. It’s FREE, or so we think – as some economists put it..."there is no such thing as a free lunch".
Airports, cafes, community spaces, etc., don’t require a password to connect to the Wi-Fi. It is a great community service to offer free Wi-Fi, but users should know the guidelines and best practices when connecting to an unsecured Wi-Fi.
There are several ways an unsecured Wi-Fi connection can be a threat, but let’s focus on the top two basic scenarios:
1. Unsecured Wi-Fi set up as a legitimate public service.
2. Unsecured Wi-Fi set up to look like a legitimate public service.
Scenario 1 are your libraries, cafes, airports, etc. Everyone in that café is also using the same unsecure network. This means that with the right tools, which are easily accessible and don’t require a great deal of skill, adversaries can “sniff” for credentials being typed in or retrieve sensitive data. Zero-trust networks are the latest and greatest protections in this space, but VPN is an extra layer of protection. Try connecting to a hot spot on your phone, connect to your VPN service, and then connect to the free community Wi-Fi.
Scenario 2 are your Wi-Fi networks that are set up to trick users. These are especially devious because it takes less effort by adversaries to obtain the information your device is sending across the network. Even if you’re not doing anything on your device, by design, your applications send information the moment they are connected.
In either scenario above, you’ll want to avoid typing and entering credentials, especially for business or financial accounts, and especially if you’re not connected to a VPN. There are tools that can capture your keystrokes so be careful what you’re typing!
These videos are brought to you by Adobe, National Cyber Security Alliance, and Speechless Inc.
More from this series:
Cybersecurity Awareness Episode 1: Passwords
Cybersecurity Awareness Episode 2: Data Handling
Cybersecurity Awareness Episode 3: Computer Theft
Cybersecurity Awareness Episode 4: Phishing and Ransomware
Cybersecurity Awareness Episode 5: Removable Media
Cybersecurity Awareness Episode 6: Vishing
Cybersecurity Awareness Episode 7: Internet Downloads
Cybersecurity Awareness Episode 8: Wi-Fi