How did we possibly live without the Internet? How can one survive in business without a constant connection? We all connect wherever we can and that’s fine as long as we understand the risks and take precautions when using public WiFi services.
As high-speed wireless networks become more common, unsuspecting users are giving computer hackers effortless access to their wireless-enabled laptops, PDAs, smart phones and iPads and the information on these devices. People who think they are signing onto the Internet through a wireless hotspot (sometimes called “Wi-Fi”) might actually be connecting to a look-alike network, created by a malicious user who can steal sensitive information, such as your username and password.
The risk is especially high at coffee shops, hotels, airports and other places with a high turnover of laptop users. Many malicious individuals are setting up laptops to act as wireless access points with legitimate-sounding names such as “Tmobile”, “Free Wireless Access”, “Hilton” etc. Wireless access for your laptop is definitely convenient and easy, but you must take precautions to ensure you do not compromise your login credentials or confidentiality of any sensitive data stored on your device.
Here are some recommended guidelines for use of public wireless access points:
- Consider subscribing to your own private “MiFi” service. I’m a raving fan of Verizon’s new 4G service — it flies!
- Turn off your wireless connection when you’re not using it. Most laptops are configured to search for open wireless points and common wireless names, whether or not the user is trying to get online. Instead, connect and disconnect from the Internet manually by clicking the wireless internet icon and either enabling or disabling the connection.
- Don’t use the defaults. Change default names of your network to a unique name and change any default passwords. Too many laptops are configured to join networks named Linksys or D-Link (popular brands of wireless routers) when they are available.
- Don’t connect to other computers. Connect only to infrastructure points, or official access points, rather than peer-to-peer connections, or another user’s computer. Set your network connections to only connect to infrastructure points. This will eliminate the possibility of connecting to another user’s computer with a legitimate-sounding name.
- If possible, avoid banking via untrusted wireless networks. If you must, always go to bank site by entering its address, not via a link in an email. The site for entering username and password should be using Secure Sockets Layer (SSL) – an encryption protocol for protecting data being sent back and forth between your browser and a web site. Those indicators include the small “lock” icon in the bottom right corner of the browser frame and the “s” in the Web address bar (for example, “https”).
- Don’t share your files. Turn off sharing before using a public wireless network. If you must use drive or folder shares, protect them with a strong password (8 characters or more, mixture of letters, numbers, etc). If you have any sensitive data stored on the device, encrypt that data.
- And of course, keep your software up-to-date. Make sure your browser, operating system, antivirus, anti-spyware, and firewalls have the latest patches. For Windows Updates, visit http://update.microsoft.com.
- Contact your IT Support group for specific assistance with your wireless device and for secure means of accessing [YOUR COMPANY NAME] systems and other protective software and practices.
When the HIPAA Privacy and Security Final Rules were published in 2003 and 2005, respectively, we had not quite yet experienced the wireless and bandwdith explosion. As a consequence, little is mentioned about wireless communications in the regulations. So, the HIPAA Privacy and Security Rules do not provide the best guidance. nonetheless, the complete HIPAA Privacy and Security regulations are here.
More HIPAA HITECH Resources:
The complete HIPAA Privacy, Security and Breach regulations are here.
Latest posts by Bob Chaput (see all)
- Making the case for comprehensive cyber-risk strategies: 10 startling facts that will spur C-suite action - August 8, 2016
- Building Capability and Capacity to Take on Healthcare’s Evolving Security Threats - August 5, 2016
- HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol - April 11, 2016