There has been a huge cultural shift recently with regards to fixed offices and remote working – more and more people are taking the opportunity to work from home, coffee shops, conference rooms, and other locations out in public.
Whilst this increase in flexibility has shown to have many benefits to mental health and productivity, one area I believe is being overlooked is security – specifically, the data we store on our devices and transmit over the internet.
This new shift to remote working is a golden opportunity for hackers and other cyber criminals to take advantage of a workforce no longer residing within their buildings private network structure – instead, often relying on whichever Wi-Fi networks happen to be available at our favourite barista.
How often in the past few months have you sat down at a new location, opened your laptop, and pursued the local selection of Wi-Fi choices in order to avoid having to tether to your phone and use up the precious gigabytes of mobile internet often reserved for looking at cat pictures and arguing on Twitter?
All it takes is a small USB antenna and a laptop, and anyone with ill intent could spoof a Wi-Fi hotspot with the name ‘Starbucks Guest’ and hang around the local caffeinated beverage dispensary waiting for unsuspecting individuals to connect with their multitude of smart devices. Routing all your network traffic, login requests, and instant messaging chats right through their machine ready to analyse the data.
Once you are on their network, executing a man-in-the-middle attack is fairly straightforward, allowing an attacker to intercept the traffic heading to your machine, and display anything they want instead – often realistic looking login pages for various social media platforms which instead of logging you in, sends the inputted usernames and passwords directly to their machine.
Once a criminally minded individual has a set of working login details, then there’s a lot of damage they can cause – especially if you’re one of the many people that use the same password across multiple accounts.
So how can you protect against this?
Software security has taken a big leap in the last decade, and protocols such as HTTPS and SSL certificates are becoming a standard feature on most websites and are here to help keep our data private whilst being transmitted across the internet – even when prying eyes try to intrude. However, even these efforts can be thwarted and spoofed, tricking your devices into thinking that it is connecting to a secure page when it is not, allowing your traffic to be analysed.
One way to protect your data whilst out and about is to use a VPN service.
What is a VPN?
VPN stands for Virtual Private Network. It’s a way of encrypting all your network traffic before it leaves your machine, routing it through a trusted network which in turn returns the information you requested (Cat pictures, or twitter arguments) encrypted back to your machine.
This way, even if a bad actor manages to get you on their spoofed network to analyse your traffic, it will be encrypted. Your logins, emails, and chats will be unreadable and remain safe. They also won’t be able to inject their own devious network packets into the data entering your devices.
Most VPN services offer an easy to use application, all you have to do is install it onto your devices, and the app will do the rest – giving you the peace of mind that your data is protected, even on an unsecured public Wi-Fi network.
A VPN service should be a necessity to anyone working outside of private home or office networks. If you’re a business owner or a manger, just think about how much information and data the average remote employee has access to, including; emails, contracts, logins, client data, and finance data. By not using a VPN on public networks, this data is all at risk of falling in to the wrong hands.
Here is a quick list of VPN services I recommend looking in to (Please note, I am not affiliated or sponsored by anyone on this list):