Symantec recently reported that 60 per cent of consumers think their information is safe when they are using public WiFi completely unaware ofthe danger, or of its severity.
In reality, using public Wifi is like having a conversation in a public place: other people can ‘hear’ it. The information is not encrypted, so anyone on the same network can see what another user is doing.
This makes users vulnerable, with hackers able to gain access to users’ ATM or M-PESA pin codes, mobile banking login details, email and social media credentials and passwords, or personal details such as their date of birth, and even their personal relationships.
In some instances, hackers can infect devices via a public Wi-Fi network, with malware that can sit inactive and undetected for several months before being remotely accessed to obtain sensitive information from the device.
Hackers can also gain access to users’ personal information on public Wi-Fi networks through ‘session hi-jacking’. This requires hacking skills. With right knowledge, hackers can enter or even take over an open session across an open email account, Facebook or any other account on the computer or smartphone, by stealing the browser cookie.
This is information stored on your computer by a website or account,and includes a user’s password, which means the website or account can recognize you, hence removing the need to enter a password. Once the hacker has that cookie, they can pretend to be you and gain access to any and all of your data.
Users can protect themselves. The easiest and most secure is to avoid using free Wifi. Those using free Wifi, limit usage to only the public domain, such as news websites, and to take care when filling out online forms that require personal details.
Security-sensitive users can ringfence personal data by restricting privacy infringing activities, such as social media, to home connections or mobile networks. Using mobile internet gives more protection, as these connections are encrypted and a lot harder to crack.
Users can look out for services using HTTPS links with Secure Socket Layer (SSL), instead of unencrypted HTTP. Information on HTTP is not secured, and can thus be easily intercepted by hackers. Another way is using a Virtual Private Network (VPN). An interesting feature to look out for is the two-factor authentication which creates an additional token or password exchange between a device and the internet service. This secondary code changes regularly, thus making it difficult for hackers to access data or even guess passwords. Additionally, users are notified via text message or email when someone is trying to log into their account and can immediately take action.
Keep the Operating System, firewall and anti-virus software enabled and up-to-date.
The writer is chief Business Development officer at poa! Internet.