By Paul Johnson - Managed Security Services Operations Manager, Logicalis CI
Airports are obvious places to catch up on emails and go online, whether you’re at the end of a business trip, transferring between flights or just filling time while you wait to be called. It helps that there is often free Wi-Fi and a few ticks in a few boxes will usually get you at least 30 free minutes – enough to check emails, the weather and the latest news and sport.
But does the convenience of airport Wi-Fi come at the personal cost of risking your personal identity? Unfortunately, the bustle of a departures lounge is fertile ground for cyber-fraudsters but there are some simple steps you can take to stay safe.
Verify the airport Wi-Fi network name
A fraudster doesn’t need a lot of fancy equipment to create a fake Wi-Fi network. He or she only needs a battery-powered hotspot that fits into a palm or small travel backpack pocket. Although it’s probably harder to join a scam Wi-Fi hotspot in an airport compared to a coffee shop or restaurant, you still need to be on your guard. Many airports will publish their Wi-Fi network names in prominent places like columns, walls, or displays near charging stations. Before you join the first network that appears on the list, read the full name of the hotspot network to make sure it matches the name posted on the official airport Wi-Fi literature. Identical-looking network names are called ‘evil twins’ because you have to look very closely to make sure you choose the right one. You should look for some of these differences to make help spot one:
Look for an opt-in page
Another clue after you’ve connected to a network might be if the network has an opt-in page asking you to agree to the terms of service. Most airport, hotel, and restaurant Wi-Fi networks require you to enter an email address and agree to the terms and service before you can access the network. If the network doesn’t have an opt-in page or the page looks dodgy, it could potentially be a fake hotspot.
Access airport lounge Wi-Fi networks
If you can access an airport lounge you will be joining a more secure network that isn't available in the terminal. Reducing the number of people who can access the network also reduces the probability of identity theft. Besides having special Wi-Fi access, you might also enjoy a dedicated work space and a more relaxing environment.
Use a Fon hotspot or subscribe to Boingo Wireless
Most UK airports have Fon and/or Boingo Wireless hotspots, which are encrypted and safer than a regular public airport Wi-Fi hotspot network. Some broadband customers in the Channel Islands will be able to access Fon hotspots by signing up through their local internet provider.
Only visit sites with https encryption
Most internet browsers will warn you if they think you’re about to open a dangerous website. If that happens, you have to either click a special button to proceed or click ‘Back to Safety’ to return to the previous page. Many websites have now switched to an ‘https://’ URL address instead of the universal ‘http://’ that has preceded every internet website address for the last 20 years.
Every browser tells you whether or not a site is secure in a slightly different way, but you should see two common features:
Being on a secure website doesn’t mean your browsing activity is hack-proof but it makes it a lot harder to steal your information. If you need to check your email, seat selection, or book a hotel room, you can browse more carefully than a few years ago when only banking websites went the extra step to encrypt their data. You should still try to avoid transmitting your personal data using a public airport Wi-Fi network as much as possible to keep your internet footprint to a minimum. It is worth avoiding accessing important information, such as your bank account details, unless you absolutely have to.
Always use a VPN
Even if you join a password-protected Wi-Fi hotspot at the airport, hotel or cafe, you should still consider using a VPN – or Virtual Person Network. Connecting to a VPN encrypts all your data at the source, your computer. Only visiting ‘https’ websites is an excellent rule but you’re relying on the website to encrypt the data after you click ‘Submit’, and the username and password were transmitted over the Wi-Fi network.
Activating a VPN browsing session between joining an airport Wi-Fi network and starting browsing creates a personal sub-network that only you can access. It’s an extra layer of security that a hacker needs to break through to access your personal information. If you've travelled for business, there might be certain work applications you can’t access unless you’re connected to a VPN.
Disable file and print sharing
Now that the default storage location for many devices is the cloud, your laptop or tablet might be transmitting information over the public airport Wi-Fi hotspot that you didn’t know about. One way to limit the transmission of delicate files is to disable the file and print sharing features on your device. This can be done in the user settings menus. If you have an iPhone, you might also consider disabling AirDrop which is another way to wirelessly transmit information between Apple devices.
Install the latest security updates
Make sure your laptop or mobile device has the latest security updates installed. You want to make it as difficult for potential hackers to compromise your data as possible. Regularly installing firmware updates for your operating system, web browser and apps are one way to keep your computer on lockdown. You might also consider using a third-party internet security programme to block against malware and other internet threats.
Look who is watching
Lastly, identity theft can be as simple as someone looking over your shoulder while you type to glean personal details and passwords. As well as taking care of what network you’re on, check out the people around you. If you’re not comfortable, move to a quieter part of the terminal. The last thing you need is for somebody to run away with your identity while you’re 35,000 feet in the air and none the wiser until it’s too late.