Question submitted by Anne Kyllander, Minneapolis, Minn.
Trip Doctor’s Answer
If you live in fear, as I do, of racking up exorbitant international roaming charges on your smart phone, it can be tempting to hop on to a hot spot to do your browsing and e-mailing. But though most of us know to avoid doing our online banking, say, via the free Wi-Fi connection at a public park, it might come as a surprise to learn that paid, password-protected networks put us at risk, too—including those found at cafés, airports, and even hotels. And although many of us exercise caution with our computers, we are often guilty of leaving our phones and tablets exposed—a phenomenon that James Lyne, director of technology strategy for the British security-software developer Sophos, calls the “smart-phone invulnerability complex.”
According to Marian Merritt, Internet safety advocate at Norton by Symantec (maker of Norton AntiVirus), the two main risks you face when using a hot spot are having someone track your online movements via the network you’re logged on to or trick you into using a “fake” hot spot, either by offering it up for free or mimicking the name of a legitimate one. In both instances, a hacker can potentially see your passwords, e-mail, social networks, bank accounts, documents, and more. Here’s how to keep this sensitive information safe.
Set up your phone’s security. Switch off the wireless connection when you’re not using it. Also, don’t forget that your device, especially if it’s an Android, is vulnerable to malicious software. Norton, ESET, and Sophos all offer good mobile security and antivirus apps for smart phones.
Use long and strong passwords. Make your passwords difficult to hack—and unique, so if one is stolen it can’t be used to unlock other accounts. Use a digital password manager if you have trouble remembering them all; Lyne recommends 1Password and LastPass.
Make sure the network is legit and encrypted. Don’t assume that a hot spot is real just because the name that pops up in your phone looks correct. If you’re at a hotel or café, ask a manager to confirm the name of its network—and that the network is encrypted (i.e., locked and password protected). While online, stay on encrypted channels by using the website prefix https (rather than http).
Use a VPN (virtual private network). Even if you’re on a password-protected network, there’s still the possibility that someone will intercept your transmissions. To ensure absolute privacy, use a VPN service, which basically creates a network-within-a-network just for you. Boingo offers a VPN through its subscription plans (from $9.95 a month) that lets you access more than 500,000 global hot spots. The new Norton Hotspot Privacy service ($49.99 a year) will also route all your traffic through a private connection.
Buy a data plan. As a general rule (unless News of the World had you in its sights), your cellular network is secure. Both AT&T and Verizon have recently introduced affordable global data roaming packages: AT&T gives you 120MB for $30 a month; Verizon offers 100MB for $25. So when in doubt, stick to your wireless carrier.
By the Numbers
Proportion of social-network users who reported their accounts hacked:
1 in 10 in 2011
1 in 6 in 2012
Source: Norton Cybercrime Report 2011, 2012.