Work in Public Places?  Consider This.

Love working out of cafes, using public computers or public Wi-Fi?  Before you do, here are some things to consider.

 

 

Do you fit this description?

 

Use Wi-Fi at Starbucks, Panera or your favorite coffee or lunch spot?

How about at a hotel while on a business trip?

While waiting for your flight at the airport?

 

Bob Turner, Chief Information Security Officer at University of Wisconsin-Madison, has some things he’d like to share for those of you that like to do business outside the office.  Bob also maintains a blog series called “The CISO’s Perspective”, which can be found on the UW-Madison Office of Cybersecurity website.

 

 

Incidentally, Bob is a fan of Firefly Coffeehouse in Oregon, WI (open from 6 am to 6 pm – great coffee, cookies and limited pastries…and a killer Grilled Cheese Sandwich)

 

 

 

We all know the reasons its convenient…

 

Sometimes our network connections are not great and we need to rely on the Wi-Fi connection. 

Maybe we need to place to take a break and enjoy a cup of coffee or snack while catching up on the internet.

And of course, it is becoming increasing valuable and convenient for conducting business in more casual locations – especially for those that do not have a corporate office! 

 

But, its important for all of us to be more careful and aware…

 

Bob shared a pertinent anecdote after using a computer kiosk at popular hotel chain:

 

  • One computer had “Password1” as the Administrator credential
  • He ran an Anti-Virus program from thumb drive and found significant amount of virus activity and signatures that were out of date by more than 6 months
  • Microsoft products were out of date
  •  Browsers did not clear the cache upon logout (making this info a target for a “bad cyber actor”)

 

While this was a computer/kiosk, this highlights concerns with using public computers and public Wi-Fi in general.  

 

So, what can go wrong?

 

In our conversation, Bob shared some of the “shady” tactics deployed by criminals.  One example is a type of software or hardware called “Keyloggers” - which captures all your keystrokes that you type on a computer. The bad guy can then retrieve your information or have your keystrokes sent to remote server.  Then there is “Network Surveillance (sniffer) Software”, in which a bad guy monitors web traffic, and could potentially redirect your traffic to his own server.  Finally, its important to be on the lookout for Social Engineers. These nosey individuals try to get information from you either by peering at your screen, listening to your conversations or proactively engaging in a discussion with you.  The ultimate goal is to gain “intel” on you so they can access your accounts. 

 

OK, great…so what are some things to consider when using public computers or Wi-Fi?

 

  • It may seem obvious but remember - if you can easily get onto a network, others can as well.  Therefore, be careful how you use public Wi-Fi (or computers) in general.
  • Ideally, you should be discriminate – just because it is available doesn’t mean its safe and secure.
  • The safest locations are usually those that provide a personalized login/password. However, these days open Wi-Fi is becoming more of the norm.  
  • When you logon to public Wi-Fi, immediately turn on your corporate Virtual Private Network or use a private VPN service when connecting to public Wi-Fi.  Seconds matter. 
  • Make sure your anti-virus software is active and up to date.  Also, check to make sure your firewall is up and running. 
  • Its always good to have backups of important information and data – this is a good rule of thumb in general. 
  • Stay aware of your surroundings and watch out for lurkers or “shoulder surfers” (i.e. social engineers).

A final thought.  Bob says that its important to consider all or most of these things to really make a difference. Also, even if you consistently use strong authentication, but then leave your computer unlocked and unattended in public places, you are still putting your personal or corporate data at risk. Likewise, if you use anti-virus software but aren't careful about “innocent” activities like replying to or forwarding suspicious looking emails, you still risk spreading a virus, or worse, disabling the cyber café’s services for others.

 

Moral of the story:  While security tools are great, awareness is just as important!  Something we’ve been saying for a while at Find Me Cyber

 

Be sure to follow us on LinkedIn to stay up date on the latest and greatest issues and protection ideas.

 

 

Bob Turner is the Chief Information Security Officer at the University of Wisconsin-Madison where he leads the development and delivery of a comprehensive information security and privacy program along with his team of cyber professionals.  His 37 year information technology and cybersecurity career includes serving as a Senior Associate with the strategy and technology consulting firm of Booz Allen Hamilton focused on cybersecurity policy, compliance and cyber security inspection; along with a 23 year U.S. Navy career in telecommunications and information systems management. He holds a BS in Administration and Management and a MS in IT Security and Information Assurance.  He is a Certified Information Systems Security Professional and Certified Business Continuity Professional with National Information Assurance certificates as a Senior Systems Manager and Systems Certifier