Public WiFi and shared networks (like password-protected networks at work) are great ways to get work done away from home or amongst coworkers. But, did you know that using public WiFi and shared networks come with security risks? Here’s what we mean:
The Risks of Using Public WiFi or Shared Networks
When you’re on public WiFi or using your work’s password-protected shared network, anyone who is also on that same WiFi connection can “sniff your packets.” What this term means is that anyone on the same network can snoop on your browsing session to “sniff out” your usernames, passwords, and authentication cookies. It’s all possible because when computers talk to one another over networks — something that helps you login to a website or do the things you want to do — they send packets of data to each other to negotiate connections, transfer files, or authenticate passwords. If someone is trying to collect data from your computer, they can simply poke around this packet data as it’s being passed from one computer to the next. Moreover, if someone is using certain hacking tools, and you’re logging into a site without a secure HTTPS connection, they can actually find usernames and passwords in plain text.
Why HTTPS Websites Are Important
HTTP stands for Hypertext Transfer Protocol, and it’s the piece of text you see before a website’s web address. HTTPS is the same thing, but it represents a more secure version of the site, as it contains SSL/TLS protocol to encrypt communication and secure the identification of a network web server. This extra security is often represented by a lock symbol in the address bar. The more secure version of the site — i.e. the HTTPS version — helps protect your private information from people who might be trying to steal it. That’s because on a HTTPS site, your username or password gets encrypted prior to its transfer from computer to computer.
Most sensitive sites (like your bank account) now automatically display the HTTPS version of their site, but as a whole, there are still quite a few websites that do not offer a HTTPS version. Furthermore, there are still quite a few sites that do offer HTTPS for their site, but do not offer the same security for their cookies…
How Cookies Might Pose a Security Threat
Cookies are small strings of text that are used to track your behavior on a site or to maintain your preferred website settings. In terms of security, however, they can also pose a threat to users who are already logged into a server. When someone is already logged in, all the hacker needs to do is hijack the right cookie to masquerade as the user.
The good news is, if a site uses HTTPS for all of its connections, hackers will not be able to sniff out and use cookies.
How to Stay Safe on Public WiFi and Password-Protected Networks
Anytime you work online and away from your home’s limited-access network, it’s important to take the steps necessary to safeguard your private information. Take a look at the following actions before your next browsing session:
- Only work on networks with people you trust.
This extremely limiting option basically recommends that you don’t work in places with public WiFi (like local coffee shops), nor password-protected networks (like your office building). However, it does mean that you know data is secure, because you know exactly who is on your network.
- Always use HTTPS sites.
A properly encrypted HTTPS site will ensure that your data is not readable as it passes from one computer to the next. Many sites have transitioned to make the HTTPS site their default version when users type in the site’s URL, but others have not. If the site you’re visiting doesn’t automatically load a HTTPS version, see if they have one (but haven’t made it their default) by simply typing HTTPS:// (followed by the web address) in your address bar. Afterwards, check to see if the site allows you to make the HTTPS version your preferred setting for use on that particular site. For example, on sites like Twitter, you can select the “Always use HTTPS” option in your account settings.
- Automatically redirect your browser to HTTPS versions.
If the site you’re using doesn’t default to a HTTPS version, and it doesn’t offer an “always use HTTPS” option, you can use a HTTPS-forcing browser extension to automatically redirect you to HTTPS versions of sites.
- Use a VPN or SSH proxy.
A VPN or SSH proxy acts like a security guard between your computer an anything on the network by safely encrypting everything that passes between the two. Along with that, check out these other encryption methods for Androids and Macs.
- Web-filtering and security services.
IT companies like Integracon use web-filtering and security services to create online security plans that not only work, but take the guesswork out of online security. An extra bonus is that this option means zero performance sacrifices for you — a common complaint seen with VPN or SSH proxy gateways.
Rather than limit your options to where you and your employees can work safely and securely, give Integracon a call. We’d love to help devise a plan that makes your company more secure online.