- Millions of travelers are vulnerable to cyberattack if they join public Wi-Fi networks in airports, according to a new report by Coronet, a cybersecurity company.
- Here's what experts say to do to avoid cyberattack and what to do if you've joined a public Wi-Fi network in the past.
There's a bigger danger lurking in U.S. airports than mediocre meals: public Wi-Fi networks.
The convenience of these easy ways to connect online is often masked by the fact that many are unencrypted, insecure or improperly configured, according to a recent study by Coronet, a cybersecurity company. If that's the case, it is much easier for hackers to access your device and install malicious software, steal your passwords or login information and download other data such as emails.
Hacking, which includes phishing, ransomware, malware and skimming, is the most common type of data breach and accounts for 60 percent of attacks, according to a 2017 study by the Identity Theft Resource Center. These attacks can lead to identity theft, which along with debt collection, imposter scams and other kinds of fraud, cost consumers $905 million in total losses in 2017, according to the Federal Trade Commission.
To rank airports by their threat level, Coronet looked at data from the 45 busiest American airports over five months at the beginning of the year. Then, it assigned each airport a threat index score based on the vulnerability of devices and risk of networks used.
“The main reason airports are problematic is because most people are taking convenience over security,” said Dror Liwer, chief security officer and co-founder of Coronet.
There are three major things that you're putting at risk when connecting to a public Wi-Fi network, Liwer says.
Many malicious public Wi-Fi networks look like any other network, according to Liwer. But when you click on ‘accept terms and conditions’ to join, you may be installing malware on your device.
If you’ve connected to a dangerous network, you could be a target for Wi-Fi phishing. This is when a hacker makes a webpage that looks exactly like another one, such as the sign-in for your work email, according to the Federal Trade Commission. When you enter your username and password to access your email, you’re actually entering your information into a hacker’s site.
This is especially important for business travelers who may be working on the go, Liwer said. If you are on a hacker’s network and transferring data to or from a coworker, it is all going through the attacker’s devices. He or she can then do with it what they please, said Liwer.
To keep your devices and sensitive information safe, the best thing you can do is refrain from joining any public Wi-Fi networks.
“The instinct is that you’re going to jump on,” Liwer said. "Connectivity today is like water and oxygen, we can’t survive without it."
If you can't keep yourself from your online life, even for brief periods of time when you are traveling, there are a few other things you can do. You should make sure that the systems on your devices are up to date, and that they include software to protect from malicious networks.
Once you have such software installed, actually listen to it, said Liwer. If it tells you that a network is risky, don't join it. While it might be tempting to check your email, make a phone call or even upload a picture to Instagram, it could have unintended and costly consequences for your family or company.
If you’re worried that you’ve joined a public network that might have left you vulnerable to a cyberattack, there are a few things you can do after the fact, Liwer said. First, establish if there is malware on your device and remove it.
Next, Liwer says to change all of your passwords to ones that are difficult to replicate, even if it's painful to do so.
“Your daughter’s name and her birthday is not a good password,” Liwer said.
More from Personal Finance:
His last piece of advice changes if you’re a private person or a corporation. Individuals should check to see if their identity has been stolen. For corporations, it’s a bit more complicated to detect if someone is using stolen corporate data. Liwer recommends using software to monitor suspicious behavior on the company server.
Liwer also said to be careful even if you are in an airport or city with a good cybersecurity score or ranking. Just because an area has been deemed low-risk doesn’t mean that hackers aren’t there, or won’t target that place in the future.
“When you are using public Wi-Fi networks, you should always consider your safety first,” said Liwer. "It’s a real threat, not a theoretical danger."