While out and about, you pull out your mobile device and several public wireless networks pop up. Those free WiFi connections entice you as you mindfully consider your mounting data usage charges. Considering all the information security threats out there, do you use one of those public networks?
The correct answer is: “it depends.” It depends on what you plan to do on your mobile device, your level of preparedness and your risk tolerance. Here are top tips we’ve put together to help you discover how to stay secure on public WiFi networks.
iOS or Android? What doesn’t really matter is the operating system on your device. No one operating system is safer than any other operating system. “They all have risks,” said Ben Bressman, a Columbus, Ohio information security consultant who worked for UNC-Chapel Hill until just over a year ago. He worked for five years collectively for ITS and the School of Medicine.
Fit the network to the task. When considering using a public wireless network, the first question to ask yourself is what you’re going to do on your device. A public wireless network is entirely appropriate for random surfing such as reading the Daily Tar Heel online, getting weather information or doing other random browsing that doesn’t deal with sensitive or personally identifiable information, Bressman said.
“In general, you want to abstain from public wireless when you know you’re going to deal with sensitive information, especially when that sensitive information is not encrypted or otherwise secured,” he said.
If you’re going to a log-in page for any site that isn’t encrypted, “you could essentially be giving your user name and password to some malicious person who has compromised the network that you’re using.” That means skip the public wireless network if you’re going to transfer funds from one bank account to another or if you’re going to log into something that has access to electronic health information.
Wait until you are at home or work. So what are your options? Conduct that activity on your device when you can use a more trusted network, such as your network at home or work or your mobile carrier’s network, such as AT&T or Verizon. These networks are generally more trusted and offer more protections for you and your data, Bressman said.
Is it your information? If not, think again. If you’re considering using a public wireless network to access work files on your mobile device, you also must be mindful of the policies, regulations and laws that apply to the sensitive information.
“If it’s just my Facebook photos, that’s one thing. I can make a decision on how I want to protect those,” Bressman said. “But if it’s someone else’s electronic medical records, I’m not the only one making a decision on how I protect those. HIPAA (the Health Insurance Portability and Accountability Act) makes a decision on how those are supposed to be protected. Hospital or University policy also has a say in how that data is protected.”
In case of electronic medical records, HIPAA prohibits the use of unsecured wireless networks for sending information that isn’t encrypted.
Proceed at your own risk. So how do we balance the desire to use our mobile devices when and where we want with the risks of doing so? “We’re always doing risk analysis, even subconsciously, in just about everything we do in our daily lives,” Bressman said. “This is just one more example of that. “I think it’s more a matter of knowing what you’ll do on these connections, what kind of data will be sent over these networks, and just trying to gauge the risk on your own.”
Thanks to Ben Bressman, an information security consultant, for his insight and expertise on how to stay secure on public WiFi networks.