In our connected world, using free public Wi-Fi has become a daily routine for some people. But secure and reliable connections are not always what they seem.
Public Wi-Fi access points are easy targets for cybercriminals who can use them to invade your privacy and steal your data.
This is what happened with WSpot, a WiFi management software company based in Brazil. It exposed data from about 2 million user companies, 5% of its customer base was affected by this leak.
About the leak and the relationship with public WiFi
Security research firm SafetyDetectives discovered the leak and warned that WSpot had an incorrectly configured Amazon Web Services S3 asset. Supposedly, the vulnerability found was unprotected and open to public access, which generated 10 GB of visitor data exposure.
About 226,000 files were exposed in this data leak. The leaked information includes personal details of at least 2.5 million users who have connected to the WSpot client’s public WiFi networks.
In addition, the information exposed included details of individuals who accessed the companies WiFi service, leaking information such as name, home address, email and taxpayer registration numbers, and plain-text login credentials created by users when getting registered to the service.
The company explained that the leak was caused by a lack of “standardization in information management”, which was stored in a specific folder. The company also noted that it has been dealing with the problem since SafetyDetectives notified it and the technical procedures were completed on November 18.
Why can using public Wi-Fi connections be dangerous?
Among the main dangers of public Wi-Fi are the risks of data breaches and malware infections. In the first scenario, cybercriminals can intercept the information you transmit over an unprotected connection.
In the second scenario, digital criminals may present you with an imitation of a legitimate website, tricking you into downloading malware.
Using an insecure public Wi-Fi network offers cybercriminals a great opportunity. Here is what makes it a vulnerable wireless network:
- No or weak password protection;
- Improperly configured Wi-Fi routers;
- Outdated router software;
- Many careless users;
- Logging into a fake Wi-Fi access point.
By 2023, there will be almost 628 million public Wi-Fi access points. And as their number increases, so do the potential dangers. Let’s see what you risk by connecting to a free public Wi-Fi network.
What are the risks of using public WiFi?
Those who don’t know how to use public Wi-Fi safely can quickly find themselves in trouble. To avoid this, you should always keep your guard up against the following dangers of open wireless networks.
Identity Theft
Identity theft is a cyber crime with the primary goal of illegally obtaining someone’s data.
Most commonly, cybercriminals use public Wi-Fi hotspots to steal people’s credit card information and commit financial fraud. With enough information about an individual, criminals can apply for loans, withdraw money, make purchases, and commit other crimes, all in their name.
Data breach
Using public Wi-Fi safely is essential to avoid data breaches, which happen when criminals illegally access private information. While identity theft primarily involves financial information, data breaches can affect any type of information you store on your device.
If you don’t know how to use public Wi-Fi safely, cybercriminals can steal your photos, videos, documents, and contacts, among others.
Malware Infection
Using public Wi-Fi makes you an easy target for browser hijackers who distribute malware to unsuspecting surfers. You may just be opening a news website when a supposedly innocent-looking pop-up ad appears on your screen. What you don’t know is that by accidentally clicking on it, you get dangerous software directly on your phone or laptop.
How to stay safe on public WiFi networks
Here’s what you need to do if you want to minimize the security risks of public Wi-Fi:
Use a VPN on a public WiFi network
To stay secure on a public Wi-Fi network, use a Virtual Private Network (VPN) application. The application hides your IP address and encrypts the information you send online, making it unreadable to third parties.
Do not access or send your confidential data when accessing a public WiFi
You don’t want your sensitive data to be intercepted, so make sure you don’t expose any. Forget about online banking, shopping, and remote work when connecting to a public Wi-Fi.
Do not use any application that may contain confidential data. The sad truth is that many applications have security holes, so anything you do in them can be visible to hackers.
Use an antivirus
Unfortunately, an antivirus program does not save your personal data from interception, but it can protect your device from various malware. This includes malicious programs that hackers secretly send to your phone or laptop on a public Wi-Fi network.
Turn on the firewall when accessing via public WiFi
Enabling the firewall can save your laptop from suspicious data packets. Simply put, a firewall analyzes data traffic and protects your device from unauthorized access. So whenever you connect to a public Wi-Fi network, don’t forget to activate the protection.
There is no magic solution for data security. While website owners and retailers should clearly up their game in protecting our privacy, we also need to do our part to at least eliminate the easiest fruit for hackers.
Fortunately, with just a little attention and these simple steps, you can protect your data and still enjoy the convenience of public Wi-Fi.
Invest in data protection in 2022 and beyond.
The CipherTrust Data Security Platform solution allows companies to protect their structure against attacks even with access via public WiFi.
According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.
To handle the complexity of where data is stored, CipherTrust Data Security Platform provides strong capabilities to protect and control access to sensitive data in databases, files, and containers. Specific technologies include:
CipherTrust Transparent Encryption
Encrypt data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.
CipherTrust Database Protection
It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses.
CipherTrust Application Data Protection
It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.
CipherTrust Tokenization
It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.
CipherTrust Batch Data Transformation
Provides static data masking services to remove sensitive information from production databases so that compliance and security issues are alleviated when sharing a database with a third party for analysis, testing, or other processing.
CipherTrust Manager
It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.
CipherTrust Cloud Key Manager
It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.
CipherTrust KMIP Server
It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.
CipherTrust TDE Key Manager
Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.
The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables companies to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.
It simplifies data security, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.
The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading security company.
Tool portfolio that guarantees data protection also with access via public WiFi
With data protection products from the CipherTrust Data Security Platform, your company can:
Strengthen security and compliance even when using a public WiFi
CipherTrust data protection products and solutions address the demands of a range of security and privacy requirements, including electronic identification, authentication and trust, Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Act (LGPD), and other compliance requirements.
Optimizes team and resource efficiency
CipherTrust Data Security Platform offers the broadest support for data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.
With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.
In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.
Reduces total cost of ownership
CipherTrust Data Security Platform’s data protection portfolio offers a broad set of data security products and solutions that can be easily scaled, expanded for new use cases, and have a proven track record of protecting new and traditional technologies.
With CipherTrust Data Security Platform, companies can prepare their investments for the future while reducing operating costs and capital expenditures.
About Eval
EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.
With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.
Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.
Eval, safety is value.