Never do your banking in a coffee shop, and other security lessons

John
John Gushue
Send to a friend

Send this article to a friend.

It’s easy to get frightened when you hear about online security breaches: identity theft, vacuumed-out bank accounts, phishing expeditions, hacked email … the list goes on.

I wonder sometimes if people have heard so much about these threats that it all tends to wash over our ears after a while.

I hope not. Yes, threats can be overstated (particularly by companies that want to sell you something), but there’s still plenty to be concerned about.

One of the greatest areas of risk may be at your favourite coffee shop. It’s pretty common these days to get free Wi-Fi while you’re enjoying a hot drink and a baked treat, and I certainly have taken advantage of the opportunity — and frequently at that.

But there’s one thing I’ll never do on a connection in a public place, and that’s banking. Here’s why.

A coffee shop is an ideal place to make a digital intrusion, and it can be easier than you think. For instance, someone can set up a connection that is designed to look like a wireless network with a name of their choice (e.g., “Name of your favourite coffee shop here” or even “BellAliant”) and leave it open, like bait.

If you were to look for a Wi-Fi connection, and didn’t know better, you could log into that “network” — and effectively turn over everything on your device, and all your actions, to the bad hat running the router on the other side. Effectively, everything you do is going through them.

Even a legitimate public system can be ripe for bad things, should there be a lack of encryption. More than likely, the people sitting near you are merely taking a break, but it’s certainly possible that they could be helping themselves to data (e.g., passwords) at your expense.

I remember being alarmed a few years ago when I first heard about a Firefox extension called Firesheep, which essentially exists to give a nosy parker a good peek at people who have a) logged on to the same network that they’re using, and b) are browsing on unsecure sites. (This is one of those circumstances that explains why a password like “password” is a really, really bad idea.)

The risk in that case is that something like your Facebook account can get hacked.

The more serious risk, though, comes with on-the-go computing that involves your money. While I have been doing electronic banking for years, I will never take a chance of using a public connection to log into one of our accounts, even just to check a balance. The same goes for online shopping using a credit card; I simply won’t do it in a public Wi-Fi setup.

Other tips

For daily digital practices, there are other good habits to consider.

The first is to never immediately click on a link that you don’t understand, or that seems unusual to you. Have a good look at it. My Twitter inbox continually gets messages from people who, no doubt in good faith, clicked on a link that had been sent to them, more than likely through the same method. They clicked the link, and bad things happened. It happens with Facebook, and it certainly still happens with email.

If someone you barely know (or even a good friend) is joking about photos you have to see or the nasty things someone is supposedly saying in this blog post … don’t click on that link. I just delete that stuff now as a matter of course.

Am I potentially deleting a legit message? Um, conceivably, but I highly doubt it! The bigger challenges come from fake messages that look legit.

Another tip: when I’m browsing in a public space, I prefer to have some encryption backing me up. Look for “https” in the address bar if you’re using a conventional browser.

If you need to be doing important things while you’re on the move (I know several self-employed or self-managed professionals who meet with clients in coffee shops), consider a personal VPN. That means a virtual private network, and it significantly raises the odds in your favour of security.

A good habit is to log out of everything you use, including your email, when you’re toting around a laptop or tablet. Log in when you need to do some work, and log out when you’re done. It will minimize your risk when your files are potentially vulnerable.

There’s no need to be paranoid when you sit down for a scone and a cup of joe. Then again, maybe just a tiny bit of paranoia is not such a bad thing when it comes to protecting ourselves online.

As for me, online banking is something I prefer to do from the comforts of home.

John Gushue is a digital producer with CBC News in St. John’s. Twitter: @johngushue.

Organizations: CBC News

  • 1
  • 2
  • 3
  • 4
  • 5

Thanks for voting!

Top of page

Comments

Comments