Cybersecurity expert: Don’t leave all your airport security to TSA

Typical airport lounge. — Image by © Tim Sandle

All travellers face risks, although not everyone considers hazards to be present from the moment they enter an airport. Such a hazard occurs when a person connects to the Internet via airport Wi-Fi.

The hazard arises because fraudsters troll free airport Wi-Fi signals and even impersonate those networks to get access to sensitive information such as credit card numbers and banking passwords transmitted through passengers’ laptops, tablets, and smartphones.

“It’s safe enough to check the latest sports scores, weather, or stock market on a newer device with updated software,” Virginia Tech cybersecurity expert Matthew Hicks explains in a statement sent to Digital Journal. “But it can be risky to perform financial transactions or work with sensitive data in the cloud while waiting to board your flight.”

Hicks has several proactive steps travellers can take to protect themselves, their finances, and their data.

Choose your networks carefully

The first measure of protection airline passengers can take is to look for airport signage or ask employees what Wi-Fi network they should use.

“Proceed with caution, as attackers often create malicious networks with network names that look very similar to free public Wi-Fi accounts, adding an extra space or period to fool people,” Hicks explains. “Connecting to the wrong network is like responding to that Nigerian prince’s email asking you to help them transfer money — it means you are now the focus of an attack.”

Unfortunately, even after connecting to the official airport Wi-Fi network, users remain vulnerable to a range of attacks.

Use secure websites

Because most airport networks connect without a secure password, all internet traffic going though them is vulnerable.

“On public networks, data is sent without encryption, so anyone in the airport can see what your computer is sending and receiving with minimal effort. Fortunately, advances in web security can protect you from such threats via what’s known as HTTPS,” Hicks observes. “By ensuring that all sensitive information like banking is done through an HTTPS website, you can encrypt and protect your data as it travels between your bank’s server and your device.”

To determine if a site is secure, ensure the URL begins with “https://” or check the address bar of your web browser for a lock icon. If either of these indicators are present, work you do on that site is protected, Hicks recommends.

Keep it private

Protecting your online work and entertainment at the airport requires a Virtual Private Network, or VPN. These paid services can boost your security from wherever you access the Internet.

If you’re traveling for business, your employer may provide a VPN to protect their data and devices from malicious actors. However, anyone can purchase a VPN for added security while traveling.

“A VPN provides the same encryption and integrity as HTTPS, but for all data between your computer and another computer,” Hicks advises. “But VPN users should still do highly sensitive transactions using HTTPS websites. The VPN just protects you against attackers on the airport Wi-Fi.”

Another option is a personal hotspot that bypasses public Wi-Fi networks and connects to the internet via a cellular network.

“Using a hotspot where a phone connects to the cellular network and your computer connects to the hotspot provides security similar to a VPN,” Hicks said. “Just make sure the hotspot uses Wi-Fi Protected Access, known as WPA, with a strong password. Otherwise, an attacker could brute force their way into your hotspot network.”