Essentially the same thing could happen to you in your home. If your network is unprotected, a stranger could jump onto your Wi-Fi and use that access to break into your computer. Fortunately, this is easy to prevent. Make sure your wireless router offers Wi-Fi Protected Access (WPA) or the more recent and powerful WPA2. Any router you buy today will have at least WPA, and it should say on the box which encryption it supports. (WEP or Wired Equivalent Privacy is an older version that is fairly easy for hackers to crack. If your router only offers WEP, it’s time to get a new one.) When you install the router, it will offer you a pull-down list asking you which encryption you want to use. Then, make sure you turn the encryption on. Finally, you need a strong password for your network: at least 10 characters in a largely random combination of letters and numbers.
Don’t use public Wi-Fi to pay bills or place orders
There are days when I can’t think in my home office. So I pack up my laptop and head for the nearest Wi-Fi equipped coffee bar. I can log on there and do anything I’d do from home except print. But sources say I shouldn’t. Why? Sniffing.
When you use a public Wi-Fi connection to process private information—banking, paying for something—you’re opening yourself up to hackers. They use software called packet sniffers, widely available online, to sniff out data in a wireless environment. Or you might fall prey to an “evil twin,” a Wi-Fi hot spot set up to look like a known, trusted wireless connection spot—bearing the same marks that are supposed to indicate security—but that in reality passes data through a hacker’s PC. “Anyone can slap a logo on a Web site to say it’s secure,” Siciliano says. “It’s just a logo. Whether it reflects the actual installation of security technology or whether it was put there to give that impression is anyone’s guess.” Software can’t help you avoid this, though the latest versions of the big browsers—Firefox, Internet Explorer, Google Chrome—will alert you if a page may be dangerous.
It is safe to log on to your e-mail in a public Wi-Fi hot spot, as long as you don’t send any identifying details back and forth. And as for your work computer? It should be safe to shop online from there, although your company policy might prohibit such use.
Watch yourself on social networking sites
In October 2009, a Canadian woman named Nathalie Blanchard, who had left her job due to depression, was informed that the $3,000 a month she was receiving in disability payments from her insurer, Manulife Financial, had been discontinued. Why? She says her insurance agent told her that in the vacation pictures on her Facebook page she didn’t look depressed. “We’ve asked the insurance company to provide information on how they reached the decision to cut her off, and they refused to give it to us, so we’re taking them to court,” says Blanchard’s attorney, Tom Lavin. Manulife has acknowledged that it does use social networking sites to investigate claims, but it won’t comment on individual cases.
Blanchard’s experience makes the point that anything you post about your life can directly impact your ability to get a job, keep a job or manage your benefits. These sites can also give a hacker insight into your passwords—many people use the names of their pets or kids. “A lot of people worry about giving away financial information, then log in to Facebook and reveal a huge amount about themselves,” says security expert Phillip Hallam-Baker, author of DotCrime Manifesto. The message is not that you should stop using these sites. Rather, you must make sure your password is obscure enough that someone who knows the workings of your life wouldn’t be able to guess what it is. Picking a word at random won’t do it; hackers sometimes use “dictionary attacks” that try every word in the book. Change all your passwords every three to six months.