Keep your data secure when you travel
Oh, the temptations of travel. And one of the biggest is public Wi-Fi.
Even if you have unlimited data for your smartphone, free public Wi-Fi is calling you. You won’t have to worry about buffering and stuttering when you stream music, watch videos, shop or try to get some work done on the road. But while the price is right, there’s a great risk.
“Sure, it’s free, but there's also a chance someone else is looking at your data,” said Clifton Poole, an information security architect at Raytheon. “Assume your connection is being monitored, and never log into accounts like email or social media, since your login credentials can be easily stolen. Free hotspots offer no protection, and the data that travels from the computer to the access point is ‘sniffable’ by hackers using the right tools.”
As part of October’s National Cyber Security Awareness Month, Raytheon asked some of its experts about how business road warriors can protect themselves from attack when they’re online and away from home.
Ensure the Network is Legit
Don’t trust that a hotspot is legitimate just because the hotel name appears in the network's name. Poole said there’s no way to know if a hotspot really belongs to the hotel.
“Stated another way, there’s no way to know when the hotspot belongs to the hacker sitting in the room next to yours,” he said. “Hackers can spoof a hotspot by placing the hotel name’s in the SSID (Service Set Identifier). A strong signal strength and an access point’s name with the word ‘guest,’ ‘free,’ or ‘public’ can be very attractive to an internet-starved user.”
Poole recommends asking the front desk or manager for the name of network and whether it is encrypted. “Don’t scan for listed SSIDs, but ask the manager if they have a hidden SSID,” he said.
Randall Brooks, a Raytheon cyber engineering fellow and instructor for the Cyber Learning Center, adds that signal strength can be compelling, but doesn't signify legitimacy.
“The ‘Evil Twin’ attack is very common, and often Wi-Fi-enabled devices will connect to the access point with the strongest signal," he said. "Most hotel Wi-Fi starts with a landing page and typically use the secure SSL technology."
Avoid Apps and stick to Secure Websites
If you’re connected to the web on your mobile phone or tablet, it’s better to use your browser than apps, because browsers are pickier when it comes to verifying secure HTTPS connections. Apps might accept spoofed security credentials, potentially exposing your personal information when you’re banking online or internet shopping.
“SSL creates an encrypted session between the browser and the server,” Poole said. “The server and browser use a common code to encrypt and decrypt the data sent between them. Once the session is established, the information remains more confidential.”
Use a Virtual Private Network
Virtual Private Networks, or VPNs, reroute your traffic through dedicated, protected servers, creating an encrypted, virtual tunnel for your data between your mobile phone or laptop and the sites you’re browsing on public wi-fi.
“VPN is the single best tool a person can use to protect their data while traveling,” Poole said. “Data sent from a computer to a server is protected by encryption and cannot be seen by prying eyes. VPN also hides your physical location and assigns an alternate exit location for the data. For instance, when I want to see the UK version of a particular server, I can select a VPN server in London to exit my data."
According to Brooks, connecting to a VPN is the first thing that you should do when using public Wi-Fi.
“At a minimum, everybody should be using VPN when they’re on a public Wi-Fi network,” he said. “You also need a good firewall and anti-virus.”
Turn Off Your Phone’s Wi-Fi
Many cyber-savvy travelers forgo Wi-Fi, and rely completely on their phones' data plans. If you ever find yourself asking the question “Is it safe?” and there’s a kilobyte of doubt, then use cell data.
“Using your carrier’s data plan so you can use your phone as a hotspot while connected to VPN is optimal,” Poole said.
Create Strong Passwords
Poole said that most password-cracking tools use huge dictionaries of common words to crack passwords, and those passwords that contain common words are more likely to be cracked.
Poole said he creates passwords using the Schneier Method, which takes letters and numbers from a sentence to generate a password.
“For example, I take the sentence, ‘I stay at the Grand Paris Hotel in room 4432. It had a wood door and a perfect view,'" Poole said. "The password could be isatGPH4432WoDoPeVi! That would be pretty hard to crack.”
Another common mistake, Brooks said, is reusing the same passwords for multiple accounts: social media apps, shopping apps, banking or email. Brooks suggests two-factor authentication, which requires several separate pieces of identification before it allows you into an account.
“It provides a much stronger level of protection,” Brooks said. “If your password is compromised, then the bad guy must defeat one or more other factors to gain access.”
Both Poole and Brooks offered a few other common-sense tips. Don't open attachments from unknown email addresses. Don't download or install anything as a condition for getting free Wi-Fi. Double-check that all of your system software is up to date.
Also, log out of websites and apps when you’re finished with them. When you’re finished surfing that free internet with your smartphone, make sure you go to your Wi-Fi settings and click “Forget this network” to lessen your security risks.
This document does not contain Technical Data or Technology controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. E16-K9M2
Last Updated: 10/20/2016