Editor’s note: October is National Cybersecurity Awareness Month, and each week Blue Sky will be featuring a story about cybersecurity and related issues to highlight the importance of digital safety in airports and beyond.
You’ve packed, woken up early and arrived at the airport with plenty of time. But you forgot to pay the credit card bill at home.
Do you risk late fees and interest, or do you log on to unsecure public WiFi to pay the bill, transmitting personal and financial data over a network accessible to anyone in the world?
These days, you can confidently pay the bill, most experts say. Just don’t make it a habit.
Encryption and other firewalls have made public WiFi far safer than it once was. But it’s still vulnerable to aggressive hackers, cybersecurity experts say, so people should know a few things before using it.
“I would worry more about public computers, say, at a hotel business center than I do about public WiFi,” said Nick Barendt, a computer science professor and executive director of the Institute for Smart, Secure and Connected Systems (ISSACS) and co-executive director of the Internet of Things (IoT) Collaborative at Case Western Reserve University in Cleveland.
“Occasionally, you have to use WiFi to do something like pay a bill,” he said.
Simple steps minimize risk
Barendt and other experts say users can take proactive measures that minimize the risk of having personal data hacked:
- Avoid rogue WiFi access points. Fake WiFi access can be deceptive and often includes the name of the business or facility that nearby WiFi users might know. If there’s any doubt, ask an employee at the location for the legitimate WiFi access point, the connection’s name and its IP address.
“Scammers are effective at creating websites that look real. You’ve got to be careful. Fake access points often look like the real thing,” said Martin Weiss, associate dean for academic affairs and research at the University of Pittsburgh’s School of Information Sciences.
Secure websites are identified by a URL that includes HTTPS instead of simply HTTP. The “s” stands for “secure” and is an increasingly common security feature that encrypts all data.
- Use two-step verification. Now ubiquitous with banks and credit card companies, the two-step process includes sending a second temporary password to a customer’s cell phone or e-mail account. “You won’t get into the bank account without the second password,” Weiss said.
The two-step feature is also an option with popular e-mail services like Yahoo! Mail and Gmail. “These systems, especially anything financial, are designed to be as secure as possible,” said Case Western’s Barendt said.
- Avoid registration. Public WiFi sometimes requires registration, which Barendt said should ask for no more than your name and e-mail address. “Don’t sign up for WiFi that asks for your phone number, home address or, obviously, a Social Security number,” he said.
- Use a VPN. Virtual private networks, or VPNs, encrypt everything you send through public WiFi. VPNs are commonly used in internet communications for businesses, government and educational institutions, but individuals who rely on public WiFi can also pay for a VPN service. Some VPNs, such as one offered by the browser opera.com, are free.
More tips: Accessing websites that store or require the input of any sensitive information — social networking, online shopping and banking — are more secure on a mobile phone network than on public WiFi, Barendt said.
While high-profile data breaches, like those at Facebook, Yahoo, Target and Equifax, are well-publicized, hacked WiFi is another matter, said Weiss.
“It’s much more anecdotal, the information about hacked WiFi. We don’t really have reliable data about how often it goes on,” he said.