Wi-Fi advice for travelers and clumsy companies give away your personal information
Welcome to Cyber Security Today. It’s Monday August 12th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
Many travelers find staying in an apartment or house booked online through a service like AirBnB is great for vacations or business trips. They can come with lots of amenities like big-screen TVs and full-sized refrigerators. But according to a recent article on Huffington Post there’s one thing you should stay away from: Using the home owner’s Wi-Fi, even if they say it’s okay. The article quotes a security expert saying a stranger’s Wi-Fi should be treated with the same caution as Wi-Fi in public spaces like shopping malls, restaurants, coffee shops and hotels. The homeowner may have set up their system to capture a visitor’s personal information, or someone nearby may have set up a fake Wi-Fi hotspot hoping you’ll log in and give away personal information, like your email password or credit card. Similarly, don’t use the host’s computer, even if they say it’s okay. They may have a hidden camera or software to capture your login.
What if you want to use someone else’s Wi-Fi? First, make sure your device has the latest security patches. Second, don’t log in to email, a bank or do online purchases. If you have to do any of these, make sure your device has a virtual private network, which is an app that prevents your communications from being read. Google ‘virtual private network’ for more information. Some VPNs are available for free. A VPN may slow your device down a little. Finally, remember the safest connection is through your mobile provider, not a stranger’s Wi-Fi. Pay a little more for a temporary data roaming package and be safe.
You may know about a European privacy law called the General Data Protection Regulation, or GDPR for short. Among other things, it gives people the right to see the data a company covered by the law has collected on them — including Canadian and U.S. firms. That’s good: it gives you the right to correct things. However, companies have to make sure they’re not going to be fooled by a criminal either online or on the phone. According to a test by a University of Oxford researcher, a lot of companies aren’t very bright. A story by the Vice news service details how the researcher used his fiance’s email address and her phone number to trick companies into believing he was her. They handed over her home address, social security number, date of birth, mother’s maiden name, passwords, high school grades — in other words lots of information that could be used for an impersonation.
The lesson for companies is you don’t have to be a firm under the GDPR to fall for identity scams. Companies have to set up tougher policies for identifying people before giving out personal information. Far too many companies store answers to stock questions that a criminal could find out by doing some research, like a mother’s maiden name. Far better are answers to questions that the customer sets themselves.
As for consumers, remember attackers will do a Google search or search social media or LinkedIn on you to find out publicly-available information — like your mother’s maiden name — to do things like trick companies into resetting your password, or issuing a new credit card to them. So be careful how much personal information you give out online. And when a company asks you as part of their enrolment process to chose answers to questions for their records to confirm your identity in case you have to call in later, it’s okay to make up facts like your mother’s maiden name or the high school you went to or your first car. Just write them down and keep them in a safe place so you’ll know the right answer to give when the time comes.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.