How free Wi-Fi exposes you to hackers and how to secure your data

Cyber Crime is an art where hackers get access to your system, harvest personal or company information for malicious purposes, explains Teddy Njoroge, Country Manager (Kenya) for security solution firm Eset.

One of the many ways that hackers are using to gain access to your personal or company information, Njoroge says, is through free Wi-Fi.

Many times we find ourselves in coffee shops, malls, hotels, social events or matatus connecting to the public Wi-Fi with the sense of enjoying the free service.

Hackers have now mastered the art of creating “fake” Wi-Fi connections which they use as a gateway to your private information.

“Currently in the country we have 38 million mobile subscribers, out of which 21 million use internet constantly. 95 per cent of the 21 million subscribers do not have mobile security in place thus making them prone to hacking,” notes Njoroge.

“Hackers would create a decoy Wi-Fi which is free but once you log in, he gains access to your machine. Although you will eventually be redirected to the site you’ll try to access, the hacker will have planted a certificate in your system that gives him access to all your information.”

Njoroge says that hackers could use this to monitor your mobile money transactions, get access to your logins and withdraw money from your account(s).

Preventive measures

To prevent this, the Eset Country Manager (Kenya), offers a string of simple-to-implement solutions for internet users.

“First and foremost, double-check the network before you use it. Never connect to a network labelled free Wi-Fi because it could be a decoy to harvest your personal information,” says Mr Njoroge.

Also, users are advised to confirm with a member of staff in the establishment to be sure the network available is legit.

“Once you are sure that the network is legit, the best practice would be to check email and messages via your PC unlike your mobile device as you can view the browsers secure icon (usually a lock in your address bar) to check that you are connected securely via HTTPS.”

“Overall, smartphones come a poor second to PCs or Macs when it comes to public Wi-Fi hotspots – the defences built into PC browsers make it easier to reassure yourself you’re being safe.”

Njoroge further warns against the use of email apps on phone, saying they can leak data.

“In addition, using POP3 from your mobile phone can easily be interrogated using free apps on the same Wi-Fi connection.”

Internet users are also required to update their software’ regularly as is an essential security practice.  This entails keeping the browser, software and antivirus solution up to date to fix bugs since an updated antivirus will scan, detect and remove the latest threats.

The implementation of Two-Factor-Authentication (2FA) is also being seen as the future of authentication and would be good for anyone using a hotspot.

“This per-website step adds an extra layer of protection for public password-sniffing hackers to try and overcome. It’s basically a verification code or One Time Password that is sent to your mobile device either as SMS or via the 2FA app and this code is entered in the login page to verify that you are the authenticated user logging in,” Njoroge states.

Logging out of sites and disconnecting Wi-Fi after use is also a recommended measure to prevent being hacked.

“Many are times that once we are done with browsing; we don’t turn off our Wi-Fi thus leaving your device connected. Hackers will easily access your files without your knowledge and harvest your private information unknowingly.”

Hackers can stay in your system for years hence giving them the time to master all your personal or company activities including mobile transactions, important communications and so forth which they can use to either demand ransom in what is called ransomware, perform unauthorized transactions or leak private information.

“In 2014, 131,000 users were hit by ransomware; between 2015/16, 715,000 users were hit by ransomware. This shows that cases of hacking in Kenya are on the rise and hence there is need to address these issues.”

With the growth of the Kenyan economy and global recognition of the country’s mobile money transfer services, Kenya has become prone to cyber-attacks which could be detrimental to individuals, companies and government institutions.

Njoroge says Eset is also in consultations with its agencies to find ways of working with the government to help prevent cases of cybercrime.