As we enter the busy holiday travel season, you may find yourself at a hotel, airport, or coffee shop trying to connect to a public Wi-Fi network that does not offer data encryption. While convenient, an ineffectively secured mobile device (smartphone, tablet, or laptop) that connects to a public Wi-Fi hotspot may expose sensitive data.
Because networks that lack data-in-transit protections are at risk of unauthorized Eavesdropping to access sensitive and personal information, or they may use those devices to remotely access organizational resources. Compromised information may lead to serious harm, financial loss, or reputational damage for an organization.
What is Eavesdropping?
Eavesdropping is when an adversary intercepts, modifies or deletes information that is transmitted between two devices. Such visibility could result in the theft of personally identifiable information (PII). PII theft is extremely dangerous and has far-reaching concerns. PII comes in many forms, such as:
- Login credentials
- Financial information
- Personal data
- Location data
- Unique device identifiers (e.g., Universal Device Identifier (UDID), International Mobile Equipment Identity (IMEI))
Mitigating the Threat
To mitigate this threat, be mindful of using secure connections to websites and resources.
A couple of options include:
- Avoid using a public Wi-Fi network whenever possible to conduct business, bank, or shop online.
- If you must check your bank balance or make an online purchase while you are traveling, turn off your device's Wi-Fi connection and use your mobile device's cellular data internet connection instead.
- Use a virtual private network (VPN) to ensure all communication to and from their applications is encrypted before leaving the device.
- Turn off the Bluetooth setting on your phone when devices are not in use. Cybercriminals can pair with your phone's open Bluetooth connection when you are not using it and steal personal information.
While public Wi-Fi networks may not provide data-in-transit protection, if the proper protections are in place their convenience can be fully utilized with increased confidence.
Source: NIST Computer Security Resource Center