wifi hotspots Archives

Tag Archive for: wifi hotspots

A Breakup Letter to Bad Cybersecurity Habits (Featuring Makayla Sileo)

Cybersecurity habits are a lot like dating – you have to weed out the bad to make room for the good. As we approach National Cybersecurity Awareness Month and my busiest speaking season, my radically creative daughter Makayla (💜) wrote a series of Breakup Letters to all of the bad cybersecurity habits that lead to huge organizational losses and reputational damage. To help protect yourself and your business, here are a few Breakup Letter Beginnings (and my suggestions on how to change the relationship) to get you started:

Dear Guessable Passwords (Easy Love),

It’s not you, it’s me. I can’t keep blaming you for my mistakes. I was seduced by your simplicity, lured into a false sense of security. Plus, I just love using my puppy’s name as my passcode! You were predictable and I thought I wanted that. But in all honesty, I know now that I am the problem. Starting today, I will make the effort to create long and strong passwords using a password manager to keep cyber criminals out of the middle of our private data. My newfound confidence will end in better relationships for both of us. So long.

Dear Re-Used Passcodes (Predictable Love),

I feel like our relationship is lacking the spark it used to have. We both deserve better. I’m looking for a more complex interaction, one that challenges me. So I am leaving you, same-ol, same-ol passphrase, for two-step logins, which will keep even the craftiest of hackers out of the middle of my private relationships. Now that’s what I call a spicy upgrade! Au revoir.

Dear Phishing Links (Manipulative Love),

I was intrigued by all that you had to offer. I got lost in your charm and smooth ways. I should’ve listened to my gut that screamed “Bad news! Do not engage!” Your calls are the “u up?” texts that I can’t stop answering. You’ve found sneaky ways to get me to pick up and open up and then you use my vulnerabilities against me. I’m done playing your phishy little games. Starting today, I will only engage with links, attachments, and requests that I trust deeply and am expecting. Consider yourself off the hook!

Dear Free WiFi Hotspots (Convenient Love),

I thought you would always be there for me when I needed you most. I was a romantic once, assuming our connection was a safe one. I can see now that I deserve a partner I can trust over simple convenience. I’m ready to settle down with a soulmate who communicates in safe ways, like using the cellular data connection on our smartphones or demanding that we protect our interests by installing a Virtual Private Network (VPN) on all of our devices. Over and out, Hotty.

Dear Eavesdropping Smart Devices (Clingy Love),

I think it’s time I go out on my own. Your constant tracking and sharing of my every move and desire has crossed the line. Our connection–once filled with convenience–has become suffocating and invasive. I am reclaiming my freedom. Am I scared to find my way in a world without you? Yes. But I know I am safer navigating life on my own than being stalked by you. Going forward, I promise to actually be smart about how I connect smart devices to the Internet, to change my privacy and security defaults and to limit location and behavior sharing on devices like my smartphone. This, my love, is where I go dark. Night, night.

Dear Gratuitous Social Media Sharing (PDA Love),

Enough with the public displays of affection. I don’t want the general public knowing every detail of my personal life. It’s become too unsettling knowing that nothing is private anymore. If I want to share my triumphs and defeats, I will communicate with you directly, via text, email, or private DMs. You deserve my full integrity, so I am limiting what I share. Duck face no more.

Dear Neglected Software Updates (Missed Love),

Our relationship has been a rollercoaster of missed opportunities. You–with your security patches and bug fixes–always doing your best to make my life better, while I foolishly ignored your messages. I should’ve known you were there the whole time. Please give me a second chance… I promise to upgrade my software every chance I get from today forward. Because our relationship is all about growth and evolution. Please take me back.

___________________________

Looking for a creative way to engage your audience to care more about cybersecurity and breakup with their bad cybersecurity habits? Call us directly to learn how John will humorously update your crowd on the latest cyber threats and simple solutions. Call 303.777.3221 or fill out our Contact Form to connect with Sue Bob Dean (yes, that’s a joke), John’s business manager extraordinaire.

John Sileo is a Hall of Fame Keynote Speaker who educates audiences on how cybersecurity has evolved and how they can remain ahead of trends in cybercrime. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s. But John is most proud of being an unforgiving helicopter dad to his two daughters, Sophie and Makayla.

Hackers Hot for Hotspots: Protect Your Remote Workforce

Your remote workforce is only as strong as its weakest link — which, believe it or not, may be a public WiFi hotspot. Insecure networks have been at the forefront of a recent spike in business-impacting cyber attacks, namely among organizations that have deployed a remote workforce who accessed malicious WiFi networks or hacker-enabled hotspots.

Have we become so dependent on the ubiquity and convenience of connectivity that remote employees will connect to any nearby network, so long as it looks legit? The answer is yes, and it’s the reason why 80% of security and business leaders said their organizations were more exposed to risk as a result of remote work.

Though remote work enables employees to work from anywhere, these harmful hotspots are everywhere, and many employees are simply none the wiser to the risks. The vulnerability of the remote workforce to these cyber attacks can no longer be ignored. Learn how to protect your remote workforce (and organization) from the harmful effects of network-induced cybercrime.

The Remote Workforce is Here to Stay

If 2020 was the year of remote work, 2021 was the year of the remote workforce — and recent data suggests it’s not going anywhere any time soon. While 70% of full-time workers were forced to switch to remote work in 2020, 69% still voluntarily worked remotely throughout 2021. Today, a whopping 81% would prefer a hybrid or remote working style indefinitely, even post-pandemic.

Plus, it’s not just employees who favor a permanently remote workforce. According to the 2021 State of Remote Work, 26% of employers have voluntarily chosen to maintain a fully remote workforce and 20% have opted for a hybrid work model. Not to mention, approximately 40% of employers have either reduced or closed their physical office spaces.

All signs point to an ongoing remote workforce. But if employers weren’t prepared for their teams to work from home in 2020, are they actually prepared now? Or will the risk of cybercrime dampen the otherwise fantastic benefits of remote work? Recent statistics suggest there’s still work to be done to protect both employees and organizations.

But Are Remote Workers Safe from Cyber Crime?

Are you familiar with the phrase, “One bad apple spoils the barrel?” Well, that’s a pretty accurate way to view public WiFi and free hotspots in relation to remote work. Though employees have the freedom and autonomy to dial in from anywhere in the world, they almost always require an internet connection to access company servers or internal databases.

98% of remote workers use a personal device for work daily, yet 71% of security leaders lack high or complete visibility into remote employee home networks — which could explain why 67% of cyber-attacks directly targeted remote workers. From the local café to a hotel across the globe, it’s far too easy for employees to unintentionally connect to an unsecured network.

A recent study, Cybersecurity in the New World of Work, found that 74% of organizations attribute recent business-impacting cyberattacks to vulnerabilities in technology put in place during the pandemic, namely migrating business-critical functions to the cloud. Two-thirds of security leaders plan to increase cybersecurity investments over the next two years, but what about right now?

So, Is Public WiFi a Trap Door for Hackers?

While security leaders scramble to implement better network practices for remote workers, this remote-work expert will let you in on a secret: Using free public WiFi is like licking the grade-school water fountain while you’re taking a drink. Sure, you get what you need out of the deal, but you open yourself up to a lot of nastiness… like, next-level gross. The same can be said for public WiFi.

Though a public, insecure internet connection allows remote employees to access whatever they need for work, it also provides cybercriminals with access to business-sensitive or customer-centric data. A hacker can examine every piece of information a worker enters on the network, from important emails to security credentials for your corporate network.

Unfortunately, many people consider tethering their laptop to their phone as too technical or lack the appropriate data plan, so they default to a local hotspot. These hotspots are often unencrypted and require no login or password — that’s like open season for hackers! And with slim chances of tracking a cybercrime to the hotspot (or hacker) in question, they continue to be a blind problem.

Why Public WiFi Makes a Hacker’s Job a Breeze

We as a society have become so dependent on connectivity, whether for remote work or pleasure, that the average person will connect to a random nearby network as long as it is named in a manner consistent with their place on the map. Near a café? FreeCafeWiFi it is! But why is it so easy for cybercriminals to create these malicious networks in the first place?

First and foremost, it’s because you don’t have to hack a public network, you just have to imitate one. With an average iPhone, anyone can set up an “evil twin” WiFi network at the nearest café, airport, or hotel, and sniff any unsecured traffic that passes through. Most people don’t know the difference between the various WiFi or tethering symbols on their phone, so they’re in the dark about the inherent risks.

With slightly more sophisticated equipment and the right software, a true “evil twin” can be set up in a matter of seconds. In fact, when I’m in the field as a cybersecurity speaker, I often rename my iPhone to the name of the hotel or conference center hosting the event, like !SECUREMarriotWiFi. This naming convention makes the hotspot rise to the top of the list, and I regularly have attendees joining my hotspot to collect their email, log in to work, and more.

It’s that easy, friends. And it’s not always criminals doing the involuntary data grab: Retailers have been known to offer free WiFi with the specific purpose of learning more about their customers, meaning even “legitimate WiFi” can be a risk. The average café or retailer doesn’t actually care about the safety of your data, they are just keeping expenses low and connections convenient.

Cybersecurity Expert Tips to Protect Your Remote Workforce

Would you trust and inject a vaccine someone handed you at your favorite Starbucks? Don’t delude yourself. Working on free WiFi with sensitive material will never be as safe as using a secure hotspot or WiFi connection you own. If your remote workforce is spread across the city, state, or country, there’s no way they can all access a company-backed Internet connection.

So, you must do the next-best thing — educate your team on how to safely work remotely. Here are five tips, as told by a cybersecurity expert who has seen behind the curtain, to improve your Wi-Fi safety and protect your business.

1. Connect (Work Remotely) via Cellular Data

When remote employees are working on something sensitive or confidential (read: internal data), it’s best to connect to the internet via cellular data connection whenever possible. Connection from a smartphone to a personal device is encrypted and far more secure than any free WiFi.

If they don’t have a dedicated hotspot, tether a smartphone to a laptop and use that to communicate instead. In many cases, an available 5G network is faster than what the free WiFi will be.

2. Utilize a Virtual Private Network (VPN)

A Virtual Private Network (VPN) extends access to a private network across a public network, so a user can send and receive data across a public network as if their personal device was directly connected to the private network. In layman’s terms, it’s like having a private tunnel between your device and your destination. If you haven’t already, install a VPN on every worker’s device to cyber secure your virtual office.

For the remote workforce, a VPN is an excellent method to add security to employee communication, especially when leveraging an insecure connection like public WiFi. Even if a hacker accesses an employee’s device, the data will be strongly encrypted and is more likely to be discarded than run through a lengthy decryption process.

3. Always Use HTTPS

Take a look at your browser bar. Right now, the current web address should begin with https:// — that’s on purpose. HTTPS (Hypertext Transfer Protocol Secure) is an extension used for secure communication over a computer network. The majority of trustworthy sites will leverage HTTPS to encrypt communication, especially those that require log-in credentials.

Entering those credentials in an unencrypted manner could open the door to a hacker, who can then repurpose those details to access your corporate or client network. So, be sure to personally enable (and encourage employees to enable) the “Always Use HTTPS” option of frequently-visited sites. Alternatively, install a web extension like HTTPS Everywhere for Chrome, Firefox, and Opera to essentially force each website you visit to connect using HTTPS.

4. Safeguard All Settings

The settings on a personal device are the difference between leaving the backdoor wide open for cybercriminals or dead-bolting that door shut. When your remote workforce connects to the internet at a public place, be sure their settings have been optimized to prevent a cyber attack as much as possible.

For one, turn off sharing from the system preferences or Control Panel. It’s unlikely your team has anything to share with the other patrons of a café, save the hacker lurking in the corner. Secondly, turn off Auto Connect for WiFi networks and log out of the WiFi when you leave, as many of today’s devices will automatically connect to the closest available network, without regard for safety.

5. Verify Legitimacy Whenever Possible

Lastly, if you or your remote workforce ever find the dire need to use public WiFi, make sure to verify with the business that any WiFi hotspot you join is the legitimate one — not the “evil twin” — and make sure it requires a password to join. Confirm details such as the connection’s name and IP address before connecting any personal devices to the business’s network.

Stay Protected with a Cybersecurity Overhaul

Even a remote workforce that takes every possible precaution against third-party networks can encounter a cybercriminal. That’s just a risk of doing business in this increasingly digital age. As cybercriminals continue to evolve, cybersecurity best practices will also progress; and it’s up to business leaders to continue to upgrade their security practices to remain protected.

Don’t let the threat of cybercrime impact the longevity or productivity of the remote workforce. Take action today by empowering your remote workforce with the tools they need to remain safe, even when dialing in from halfway around the globe. Now is the time to invest in a cybersecurity crash course, if not for the safety of your business, for the protection of your employees and customers.

Gladys Kravitz is Sniffing FREE WiFi Hotspots for Your Secrets

The free WiFi hotspot ritual is habitual. You head to your favorite café to get some work done “away from the office”. Justifying your $4 cup of 50 cent coffee with a Starbucks-approved rationalization (“I work so much more efficiently at my 3rd spot!”), you flip open your laptop, link to the free WiFi and get down to business. The caffeine primes your creativity, the bustling noise provides a canvass backdrop for your artful work and the hyper-convenient Internet access makes it easy for someone else (think organized criminal) to intercept everything you send through the air.

At the table next to you, drinking a free glass of water (these guys are too smart to pay that price for a cuppa joe), sits a hacker running a piece of software that sniffs the data you send over the free (unprotected) WiFi. They watch your private data like Gladys Kravitz stalking the very bewitching and often nose-wriggling Samantha. When you log in to your webmail account, they record your username (usually your email address) and password. Since you use the same password for many different websites, they run an automated computer program that attempts to log into every bank in the world using that username and password. When it fails, the program automatically increments your email password in every way possible until it eventually cracks your banking code.

By the time you head for a latte refill, you can no longer afford it. (This is one effective way to break the Starbucks habit). Most of us have been well trained to unthinkingly connect to the FREE WiFi hotspot at cafés, airports and hotels. Wireless technology is both useful and powerful, but operating it without protection is like skydiving with a parachute that you never deploy (it’s a fun ride while it lasts…). If you connect to any WiFi hotspot without first having to log in with a unique username and password, there is nothing that masks your data as it travels through the air. (Watch the 9News Investigation Video with Jeremy Jojola for a sample).

How to use a free WiFi hotspot without crash landing

Like our previously mentioned skydiver, you want not only to put on your parachute before you jump, but to pull the cord before you taste dirt. Here are some simple steps you can take, along with a “How To” video, before you jump on your next free WiFi hotspot:

HTTPS Surfing. If you absolutely must use the free WiFi hotspot, only exchange information over websites with encrypted connections. What’s an encrypted connection and how can you tell? Watch this short video to learn how to tell if you are on a safe, https internet connection. If you are, all of the data that goes between your device and the WiFi hotspot (and eventually onto the Internet), is scrambled and protected by a passcode (the encryption part) that makes it much harder to intercept. Banks (see video), Gmail and even Facebook (see video) offer HTTPS connections. Sometimes all you have to do on a website is to change your security defaults! If your connection is regular old http (no “s” at the end), just know that your data can be free for all to see (if they have the right tools).
Tethering. Also known as a personal WiFi hotspot, tethering is the act of using your smartphone’s encrypted cellular connection to the Internet to surf securely from your mobile device. Tethering works for laptops, tablets and iPods and is relatively simple and inexpensive to use. To tether your computing device to your smartphone, simply contact your mobile provider (Verizon, AT&T, Sprint, T-Mobile, etc.) and let them know that you want to be able to connect your computing device to your smartphone (you want to tether). They will let you know that it costs about $15 per month (well worth the protection), will turn it on and will walk you through setting up both your smartphone and device so that they communicate with the Internet in a well-protected manner. Note: Many tablets, like the iPad, now come with cellular data access built into the device. So, for example, if you have an iPad with Wireless + Cellular capability, you can almost always connect via your cellular connection (just like your phone connects) and never even have to utilize free WiFi (though it’s still safe to use the secure Wifi in your home and office). You can do the same thing by accessing the Internet via your smartphone that is NOT connected to WiFi. Cellular surfing can be a bit slower, but it is considerably more private.
VPN Software. Using a VPN (or virtual private network software), is a safer way to surf on free WiFi. Think of it like this: it takes the same protections you get when using an https connection and applies them to all of the URLs you visit. VPNs are standard gear for business users, but individuals need them just as much as corporations. One of the more popular VPNs for consumer use is Hotspot Shield VPN (this is not an educated endorsement of the product, just an example). The good part about a VPN is that it protects your data transmissions over the internet at all times, not just when using free WiFi.

Better yet, utilize all three solutions and find yourself 100% safer than the Frappuccino lover over at the next table. Mobile computing will increase your productivity, your connectivity and your flexibility. But to do it without a bit of security preparation is to court digital suicide.

John Sileo not only uses free WiFi hotspots (wisely), he is an internationally recognized keynote speaker on how to keep your employees from making poor data security decisions regarding identity, privacy and reputation protection. His happy clients included the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business. Tyler Tobin, the CEO and Chief Hacker for Tobin & Associates LLC, is a world renowned Professional White Hat Hacker. His firm specializes in performing compliance, GLBA and full-blown security assessments. His customer base is both regional and global. Assessments include social engineering, external and internal vulnerability and penetration testing and compliance examinations (SEC, SOX, SSAE and GLBA).