It wasn’t all that long ago since hotels, internet cafes and, believe it or not, many companies were so blasé about cyber-security that an array of holidaymakers, business people and visitors could just input the following:
We were all logged into the same Wi-Fi systems. Hotels abroad tended to charge for Wi-Fi per day until free Wi-Fi became as essential to visitors as a television in the room.
But this quiet evolution led to public Wi-Fi networks becoming particularly vulnerable to cyber-attacks. So vulnerable, in fact, that many people now simply avoid logging on to any public Wi-Fi network, whether it is free to join or not.
The pitfalls of public Wi-Fi include: unencrypted networks; man-in-the-middle attacks; snooping and sniffing.
If you cannot verify the integrity of the network you are on – always use a Virtual Private Network (VPN) otherwise you will be at a very high risk of sending out your own confidential information, such as passwords, over an unencrypted network. If you are out and about, 4G (and 5G) are so much safer than public Wi-Fi.
In this way, you avoid the possibility of man-in-the-middle attacks, where hackers position themselves between you and the connection point, to intercept your data.
OK - let’s be honest - passwords are boring, annoying and life has become far more complicated because of them. But the point to remember is that passwords are now an integral and essential part of life, so we need to accept them and realise why they are needed.
Your password is like a digital front door key to each of your applications – if you have a strong and unique password for each application/logon, then even if one password becomes known, the rest of the applications remain secure.
For example, if a site is breached and your email address and associated password for that site is realised, then the criminal will try ‘credential stuffing’ where they submit that email address and password into thousands of sites and see where they are successful.
Use 2 Factor Authentication (2FA) to help mitigate any compromise, but make sure all passwords are strong and unique to each site you have an account with.
Keep track of passwords using a password manager.
Set your security settings to notify you if your accounts are logged onto from devices that are not already trusted, or from different IP addresses.
Have you been pwned? To find out more about this, keep an eye out for our next blogpost.
Detective Constable Gareth Jordan has been a police officer for 13 years and prior to that, was employed in the IT and Pre-Press and Print sector.
Gareth is now based at Police HQ in Carmarthen and has been involved in investigating all forms of crime that have a cyber-element to them.
He has a wealth of knowledge regarding Cyber Security and continues to expand this by being involved in the day-to-day investigation of cyber-based crimes.
Gareth knows about the latest cyber scams and can explain how they are carried out – and more importantly – how you can avoid falling foul of them.