It’s a scene most of us are familiar with: a sleek coffee house with tables and chairs scattered. Customers with their silver laptops bearing an illuminated piece of fruit, maybe with earphones in and a steaming latte beside them as they type, click and scroll away. Working at a cafe has become a ubiquitous piece of the modern workplace, practically a standard, especially in today’s gig economy. But what seems like a pleasant contemporary workspace is actually a cornucopia of sensitive information ripe for the plucking by an ill-intentioned scammer because of the unsecured wifi network.
Don’t believe it? Consider this scenario presented by Maurits Martijn for Medium. Writer Maurits watched as Dutch hacker Wouter Slotboom quickly and easily swiped the information of his fellow coffee shop-ers in just a few minutes:
We learn that Joris had previously visited McDonald’s, probably spent his vacation in Spain (lots of Spanish-language network names), and had been kart-racing (he had connected to a network belonging to a well-known local kart-racing center). Martin, another café visitor, had been logged on to the network of Heathrow airport and the American airline Southwest. In Amsterdam, he’s probably staying at the White Tulip Hostel. He had also paid a visit to a coffee shop called The Bulldog.
If that seems like routine information that anyone browsing your social media pages might pick up, it doesn’t stop there. Using a device that allows him to create a fictitious wifi network, Slotboom sits back and watches as unsuspecting cafe visitors connect to it, allowing him to get almost any information he’d like:
Already 20 smartphones and laptops are ours. If he wanted to, Slotboom could now completely ruin the lives of the people connected: He can retrieve their passwords, steal their identity, and plunder their bank accounts.
It’s almost impossible to read through the entire piece without the hair on the back of your neck standing on end, especially if you’re reading it over a public wifi network.
So what’s a digitally-savvy person to do, especially one who happens to be addicted to working latte-in-hand? While you can never be 100 percent sure that a public unsecured wifi network is safe, here are a few strategies you can employ to make yourself less vulnerable to a hacker:
- Instead of connecting to the public network, consider enabling personal hotspot on your phone and use that to connect your computer or tablet to the Internet.
- Periodically confirm which WiFi network your computer is connected to.
- Make sure your browser is up-to-date, as it is more likely to detect and alert you to a bogus SSL certificate (a security measure that makes sure sensitive information entered in a website is encrypted during transmission).
- Use https:// sites and check for the little lock icon in the corner of your browser, but don’t rely on that as a sole means of protection. Even secure sites can be vulnerable at times.
- Close all applications other than your web browser, such as Outlook, that may send and receive information in the background.
- Consider taking your work “offline”, downloading your project files and material so you can work remotely without connecting to the Internet–you may even enjoy the additional focus!
- If you must use public wifi, understand the increased risk that any of the information you exchange with websites is vulnerable to exposure.
While startling, the article is a good reminder of the importance of constant vigilance when it comes to digital security. In minutes, with relatively little technical knowledge or equipment, a cyber villain can take hold of a transaction and manipulate it any way he or she chooses. Keeping up with the CertifID blog and following the above advice is a great start but we know not everyone will do the same. In many successful frauds the criminals enter the transaction through one compromised identity and use it to fool other parties whose security was not defeated.
Use CertifID to have confidence that you know who you’re doing business with when it really counts, with $500,000 instant protection on money transfers.*
*Rights and restrictions apply.