Summertime, and the living is easy, right? After all, you have your laptop, your tablet, and your smart phone.
You’re on your way to the beach, in the hotel lobby. You could jump onto the hotel network and do your email and webinars, but that little coffee shop across the street looks so much more inviting. So you head over, and voila! You’re in business. You connect to the “secure” network by typing in the password the barista gives you…the password that hasn’t changed in five years.
The next thing you notice, you’re receiving emails from your professional contacts asking if your email has been hacked. Embarrassing, no? But it’s a true story that’s repeated every single day.
When you take your laptop, tablet or even your smart phone into the real world, you put your device, your data, and all of your relationships at risk. How does it happen? One of the most common ways that hackers gain access to your systems is by using a man-in-the-middle attack.
The basic idea behind a man-in-the-middle attack is that malicious code or compromised devices are placed between a sender (you) and a receiver (the website you want to visit). From this middle vantage point, hackers or bots can collect or intercept all of the messages and data that travels between the sender and the receiver. Now imagine what a hacker can do with your login information, account numbers and passwords. The damage can be immediate and real.
Another version of the man-in-the-middle attack is the man-in-the-browser attack. In this case, malicious code is planted on a victim’s machine that runs inside the browser and silently records any data sent between the browser and various target sites, such as Gmail, Amazon, or other commonly accessed sites where login credentials or financial information may be shared. It’s this man-in-the-browser attack that commonly causes spam to be sent from your Gmail or webmail account. Hackers like this type of attack because they can quickly and easily access a wider number of potential victims by mailing malware links to your entire email address book.
How do you protect yourself from these kinds of situations? Well, there are a number of things you can do to ensure safe browsing when you’re on-the-go. First, make sure that the websites you’re visiting are protected and the connection is encrypted end-to-end (the address should start with “https”, not “http”). If you must use an untrusted network, then employ a browser plug-in such as HTTPS Everywhere or ForceTLS that uses a secure communication connection, if possible. You should also make sure that you have strong log-in passwords and if you have a Windows PC, make sure you enable Windows Firewall.
Though these suggestions greatly increase your level of security when using unfamiliar networks, they are no substitute for a controlled, secured personal network. If you are going to be traveling a lot, you might find it worthwhile to purchase your own Wi-Fi hot spot from a telecommunications vendor. Bear in mind that even some hotspots connected to your smart phone can be hacked, as was the case with the T-Mobile Android phone in March of 2013.
Your best option? Talk to your CMIT trusted advisor, and find out what works best for your situation. Protecting your data and your relationships is worth the phone call. Plan ahead and enjoy your summer travel.