Many coffee shops, airports, hotels, printing/shipping companies, and libraries have computers and Wi-Fi for public or guest use. Certainly, these can come in handy when your computer battery is dead or you are on a road trip and didn’t bring your laptop or you have a bad cell signal. Whatever the reason, if you find yourself thinking about using a public computer and/or connections, you may want to think again.
Some public computers/networks may not have protections like antivirus software and firewalls. But even more important, you don’t know what was installed prior to your session on the computer. There is no lack of opportunity to install key loggers, remote access, or other monitoring tools on public computers, so when unsuspecting persons use the computer and log in to their email, Facebook, or banking sites, the credentials are harvested without any indication. Be careful when using public Wi-Fi; this is an opportunity for man-in-the-middle attacks, whereby your traffic could be captured, snooped, replayed, etc. (even if you use SSL/TLS to connect to the site). Additionally, the wireless network you connect to may not be what you think it is. Some attackers will use a device like the Wi-Fi pineapple to spoof the names of wireless networks that your device may be looking for.
It is also important to understand what you are agreeing to when you sign up to use a free service or publicly available computer or connection. Almost every service or software you will ever use is accompanied by an end user license agreement.
Avoid using public computers if at all possible. Though some are managed better than others, you just don’t know the real state of that particular computer, nor do you know how well it is protected. You may want to think twice about even printing documents. If the document has sensitive information, is the hotel computer or printing/shipping computer the best one to use? Keep in mind that even loading a document on a computer and printing it can leave copies of that document on the computer, the print server, and the printer itself. So, it’s better to be safe than sorry and avoid using public computers!
If you need a network connection, use a VPN to connect back to the office first or back to your home. There are providers that offer VPN services for this exact reason. Don’t forget to vet the VPN provider, and know how it works and what they promise to do or not do. If you can’t use a VPN, double check that the website you are on is using HTTPS and has a valid certificate (typically indicated by a lock icon by the URL).
Jeff Olejnik is responsible for the leadership, growth, and development of Wipfli LLP’s risk advisory services practice. He is a highly experienced IT security services professional with more than 20 years in the industry. Jeff helps clients manage risk through effective information security, business continuity planning, and program management. He is a seasoned entrepreneur with proven experience in building successful companies in the IT services industry.
Jeff is a frequent speaker and author on risk management-related topics including cybersecurity, incident response, and business continuity planning. As an active participant in various associations and within the community, he is frequently interviewed for his insight on how companies can improve their cybersecurity and business continuity preparedness.