What do public libraries, gyms, hospitals and coffee shops have in common? Wireless internet access that invites theft of your sensitive information.

These days even the air comes at some health cost in many areas of the globe. Free wireless internet (Wi-Fi) often comes at a cost, too: it is possible to intercept or steal sensitive information such as account credentials to your online banking account. In fact, some could argue that such information is handed over rather than stolen; to gain access, the user often agrees to terms and conditions stipulating such information may be vulnerable.

How much free can you stand?

Handing over personal information is all the rage these days. Everybody with a Facebook or Gmail account has already enriched a handful of billionaires by doing so. Same with all those free apps on smartphones and tablets and websites. But surely there are limits to what a person will just give away.

We hope that nobody would willingly give up their social security number (or personal tax ID), their bank account number, nor their online banking ID and password. But they can, and often do, send that information over the (free) air to a (free) internet access point that lots of other people (including a thief) can also connect (for free). At which point a thief can pluck your information out of the air also for free and do with it what he or she wants—sell it for money and get a huge return on investment, or just cause you to burn a lot of resources defending and protecting yourself.

Save by avoiding the cost of “free.”

If your sensitive information and your time are valuable, then follow these suggestions to avoid charges against them from free public Wi-Fi.

  • Don’t assume the public Wi-Fi is secure. Most aren’t, even if they require a password. They may not be using WPA or WPA-2 security schemes, but more important, those who are logged on to it are all on the same network and can see all the connected devices.
  • When using a public Wi-Fi, login or send personal information only to websites you know are fully encrypted (such as https://www.peoplesbanknc.com). To be secure, your entire visit to the website should be to pages with that “https:” prefix.
  • Log off sites before you disconnect from the Wi-Fi. Never leave a website without first logging out. Some sites (including Peoples Bank) will log you off automatically after a period of inactivity, but you could be leaving the session open long enough for someone to hijack your connection.
  • Do not use the same password for multiple sites. If a thief intercepts a password from an unencrypted page, he will assume the same password for other sites.
  • If you must regularly use free public internet access, consider using a VPN to protect all your internet traffic.

Our best advice is to avoid public Wi-Fi. If the information on your computer and that you intend to view on your computer is valuable, you should use a trusted, secure wireless hotspot such as that from your phone or dedicated cellular hotspot. Why? Consider the likely technical savviness and security consciousness of your average coffee shop employee. Compare your level of concern for IT security to theirs. Do you think they secured the router well when they set it up, and that all the connections to it are legitimate? Do you think admin password to the router is the same or closely similar to the public password? Do you think some kid sitting in the corner who spent all day on Google would find it funny to hack the router and try to install some ransomware on a networked computer?

If you own or operate a business, you should talk to an IT professional about how to develop a security policy that works for your organization. Chances are it will include a way to minimize threats from free public Wi-Fi access. Business owners should probably not allow their employees to use corporate IT assets with public WiFi unless they have two-factor authentication routines in place or some other robust security monitoring solution. Because end-point security is problematic, especially for remote workers, current security best-practice is to connect to corporate resources via Remote Desktop Connection (RDC) rather than via external devices connecting through a VPN tunnel.

Other resources about using Wi-Fi

Peoples Bank provides online security tips, including issues related to Wi-Fi, via our Online Banking Security web page. The Federal Trade Commission (FTC) also provides good information about public Wi-Fi. Some good links are below. We urge you to review the information below – available at no charge. 😉