Free Wi-fi while you sit and have coffee or lunch? It’s often a great way to get some work done when you’re out of the office, but it’s also a high security risk.

Next time you grab your laptop and connect to a public wi-fi hotspot, remember this article!

Why you need to take extreme care with public Wi-fi

People are getting caught out by increasingly sophisticated hacking attacks. Many of these exploit people as the weakness in a system, rather than using complex technology to break through firewalls.

One such attack, is so easy, it can be done over a coffee.

Known as a man in the middle attack, a cyber criminal enters a public place, such as a coffee shop, that has free wi-fi, and uses a device that can be easily bought online for less than £100 to set up their own wireless access point.

This access point is connected to the genuine free wifi, and also displays itself to unsuspecting passersby as an available connection. If you’re within range, you can connect to the internet through the hacker’s device. Hackers can name the connection anything they want,  so if you’re in Starbucks, you might think you’re connecting to Starbuck’s free wi-fi, when in reality you’re connecting to a hacker’s wireless access point, which is itself connected to the free wi-fi.

The hacker effectively sits between you and the genuine public wi-fi, hence why it is called a “man in the middle” attack.

The hacker can watch anything you do on the internet, and collect information about you such as passwords  (great for emptying your bank account) and which websites you visit (good for blackmail).

Be careful what you do on public wi-fi!

They can redirect you to spoofed webpages and show you pop-ups – for example a fake adobe update. You might click on this simply because the reminder is annoying, and by doing so you could be installing anything onto your laptop – for example, malware. Once installed, the malware could allow the hacker to take over your computer completely. They could look at your pictures, read your emails, or encrypt all of your files and demand a ransom for return of them.

In addition, the malware might lie dormant, collecting information in the background. When you return to the office and connect your laptop to the business network you could infect the entire company with malware. Your business’ security defences would be unlikely to stop it because the attack would come from inside, from a trusted source – your computer.

Once inside company networks hackers could access client data, confidential HR files, or they could monitor behaviour and wait for the right time to strike.

One US company had its bank account emptied of $47 million (£36 million) because hackers identified an employee with the ability to transfer large sums of money. By monitoring email activity, they were able to wait for the right moment to send an email which appeared to be from the company CEO, requesting the transfer.

Your Employees are your biggest weakness

Having the right technology in place to defend against Cyber Attacks is only one half of your defences.

Your people are a key vulnerability in your defences. The best technoogy in the world won’t protect you from cyber-attack if your people can be engineered into allowing intruders access to your systems.