Think all Wi-Fi networks are secure?
Think again. Many - even those used by business travelers - are vulnerable. Here's how to protect yourself.
By Amanda Cantrell, CNNMoney.com staff writer

NEW YORK (CNNMoney.com) -- Think your computer is secure when you log onto a Wi-Fi network at a major hotel?

Think again. Many Wi-Fi networks, including some at major hotels frequented by business travelers, are susceptible to attacks by hackers.

tech_hacker_virus.03.jpg

Even worse, these hackers don't even need sophisticated tools to log onto your lap top and steal your personal data or your company's intellectual property, according to Dave Garrison, chief executive of iBAHN, a company that builds secure networks for Wi-Fi "hot spots," or places where people can access the Internet via a wireless connection.

Research commissioned by RSA Security (Charts), which makes security tools and software, found that 25 percent of corporate Wi-Fi networks in New York are not secure, while 26 percent of corporate Wi-Fi networks in London are not secure. About 22 percent of corporate Wi-Fi networks in Paris are not secure.

That's a disturbing trend in an era when data theft is on the rise. Over 88 million data records of U.S. residents have been exposed due to security breaches since February 2005, according to the Privacy Rights Clearinghouse, a non-profit consumer group devoted to privacy rights.

During a demonstration conducted for CNNMoney.com at a large hotel in Manhattan, iBAHN chief technical officer Brett Molen demonstrated how easy it is for one person using a laptop or even a handheld device at an unsecured wireless network to open, copy and delete files from the computer of another user on the same network.

According to Molen, all a data thief has to do is execute a few simple keystrokes within Windows, the operating system for some 90 percent of laptops worldwide, to take documents from another user on the same Wi-Fi network.

And attacks on hotel Wi-Fi networks aren't limited to thieves who happen to be in the same hotel, using the same network.

While it takes a couple of extra steps, a hacker in his pajamas at his home in, say, Oklahoma City, could hack the same Manhattan hotel's wireless network, provided he had access to free "crimeware" that shows hackers the IP address, or code identifying where a computer is hooked up to the Internet, of vulnerable computers anywhere in the country.

Garrison said his own company has been the victim of data breaches conducted over Wi-Fi networks.

When a consultant working for the company used an Internet cafe and an unsecured laptop to e-mail a letter to Garrison, a hacker grabbed the file and posted it on the Internet with commentary scolding the company for not issuing secured laptops to its employees. (The consultant was not an iBAHN employee.)

Safeguarding your computer

But there are many things business travelers and other computer users can do to make sure their data is safe when they're logging on from a Wi-Fi network.

Garrison recommends that users first make sure they're using a secure network. Travelers should use a "Virtual Private Network" (VPN) set up by the company or encryption technology such as Wi-Fi Protected Access, or WPA.

"A virtual private network is like your own encrypted tunnel from your computer to the computer you're trying to reach," said Marc Rotenberg, director of the Electronic Privacy Information Center. "Using VPNs is one of the best ways to secure" your connection on Wi-Fi networks, he said.

Travelers should also disable the file-sharing option on their laptops before they hit the road and disable the "peer-to-peer" capabilities of the Wi-Fi network. (A peer-to-peer wireless network transmits information from computer to computer without the use of a central base station.)

They should also change the administrator password, which is set to "admin" as the Microsoft default, according to Garrison.

Another important step: assigning passwords that contain both letters and numbers to Word or Excel documents containing private information.

Travelers should also install and use a personal firewall, according to Garrison. Computer users can download free trial versions of firewall systems from Symantec (Charts) and Internet Security Systems (Charts), among others. To be extra safe, travelers should connect to wireless networks that offer an extra layer of security that's provided by a third party.

Even vacationers need to be wary.

In its list of privacy tips for summer travelers, the Privacy Rights Clearinghouse recommends that vacationers exercise caution when using laptops for online banking or other password-protected services from Wi-Fi networks on the road. The PRC says travelers should be sure to use only Wi-Fi "hotspots" that are secure.

The Internet Education Foundation also offers tips on its Web site for connecting to Wi-Fi networks securely. Most importantly, travelers should keep their laptops with them or locked in a secure place. The highest-profile cases of data loss have come from lost or stolen laptops.

Related: Mission: Security Top of page

YOUR E-MAIL ALERTS
Follow the news that matters to you. Create your own alert to be notified on topics you're interested in.

Or, visit Popular Alerts for suggestions.
Manage alerts | What is this?

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.