After seeing how to secure your teleworking from home, we will now talk about mobility situations: remote work outside.
Laptops are flourishing on café terraces and it is not unpleasant to answer some emails between two appointments while sipping a refreshing drink.
Between the democratization of teleworking and the conditions that are not always easy at home: small spaces, household activities, etc., working from a café or coworking space is a common practice.
However, this is not without risk.
In this article, we will explain the risks involved and simple and effective ways to protect yourself.
Open WiFi networks
Most cafés, bars, and restaurants offer WiFi networks to provide their customers with a decent internet connection.
The problem with these networks is that they are weakly secure and allow anyone to connect to them. Even if there is a password, all you have to do is ask the staff of the establishment to connect.
Once on the network, an attacker can more easily intercept the data exchanges that circulate on it.
The most common attack is called a "Man in the Middle": at a given moment, a malicious person intercepts the data exchanges between the victim's computer and the internet.
This is made possible because you are connected to the same network as them.
If your connection is not encrypted, the data can be read and modified.
How to protect yourself from the risks posed by these open networks?
The first thing to do when you are on a network that you do not know and is accessible to the public is to encrypt the data exchanges between your device and the internet.
For this, VPNs - Virtual Private Networks - are perfect.
In a professional setting, your company may offer you one or even impose it on you.
If your company does not have one or if you are self-employed, there are many solutions such as Private Internet Access or NordVPN that allow you to benefit from this level of security for a small fee.
Another solution is to share the internet connection of your phone with your computer. Your phone will create a WiFi network with you as the sole user.
Make sure there is a strong password and WPA2 encryption so that other people cannot connect to your phone.
The downside of this solution is that it requires a plan that allows sufficient data transfer and a good reception where you are located.
French law requires establishments that provide internet access to keep a record of the activities conducted by their users.
This is why hotels or café chains like Starbucks implement what is called a "captive portal".
The attack of the fake captive portal
A cybercriminal can create a fake captive portal to retrieve sensitive data.
With a portable router, they can force your computer or phone to connect to their WiFi network instead of the establishment's network and then present you with a fake portal.
First, the attacker retrieves email addresses through the captive portal, as this is the minimum data collected.
Second, they can retrieve specific information depending on the location of the attack, such as the hotel room number, passwords if the portal offers a member account.
There is also a great chance that once a password is retrieved, the attacker can try that password or variations of it on other sites and applications.
Indeed, passwords are still often reused across multiple platforms.
How to protect yourself from fake captive portals?
It is difficult to detect a fake captive portal, but preventive measures can still be taken.
First, if you are faced with a captive portal, whether legitimate or not, you are on a weakly secure network and should use an encryption solution like a VPN (see previous point).
It is possible that the VPN may not connect before you enter the requested information, so remember to connect it as soon as possible.
Second, a captive portal should not ask for more than your email and checking a few boxes to accept the terms and conditions.
If there are more comprehensive requests and other information is required, it may be good to ask the staff of the establishment where you are if this is normal and what the data is used for.
If the answers do not satisfy you, use your mobile plan or enter false information in the captive portal form - which is probably contrary to the terms and conditions but will reduce your risk.
Not locking workstations
When you spend a few hours sitting in front of your computer at a café, there comes a time when you want to move. Whether it's to stretch your legs, make a call, or go to the bathroom, you may leave your computer unattended for a few moments.
If you do not lock your computer, it can be used in your absence, and you run many risks:
- The data it contains is accessible and can be extracted or corrupted.
- The applications that your browser has access to and is automatically logged into (emails, Facebook, LinkedIn, etc.) are accessible to a potentially malicious user.
- Malware can be quickly installed by connecting a USB drive, for example.
Opt for the systematic reflex of locking your computer when you are not in front of it.
In addition to this, configure your laptop to lock as soon as you physically close it: this allows you to develop the reflex to close it if you are not comfortable with the keyboard shortcuts to lock it.
Many coffee shops or coworking spaces offer printers and scanners as well as USB keys for transferring documents.
This brings two main risks:
- Infection by malware that may be present on the key.
- Leakage of sensitive data when forgetting to delete scanned or printed items.
The best method to prevent these risks is to have your own USB key that you format regularly. This avoids leaving sensitive documents on freely circulating keys and ensures the integrity of its content.
File sharing over WiFi
Some WiFi networks allow file sharing over WiFi. This can be an opportunity for an attacker to try to share malware with you and compromise your security.
The protective solution is simple: never accept unsolicited files, especially when they come from an unknown source.
Whether it is a pickpocketing on a terrace or by pickpockets during a moment of inattention, theft represents a real threat.
Unfortunately, there is no miracle solution:
- Be as attentive as possible.
- Avoid being directly on the street with a lot of foot traffic, a suitable location for pickpocketing.
- Check the encryption of the hard drive and the automatic lock of your laptop, it is unlikely that the thief will leave it open at the time of theft: this secures your data even if the thief succeeds in stealing it.
- Adopt a good backup strategy to be able to quickly restore your data.
- Insure your computer against theft if it belongs to you.
Shoulder-surfing, or the act of observing the screen and/or keyboard of a victim to extract information, is something to be highly wary of in public places.
Indeed, many people can observe you typing your passwords and logging into sensitive sites (bank, email portal, etc.).
In addition, many establishments are under video surveillance and it is difficult to know the intentions of the people who have access to the recordings and the level of security or compromise of these cameras.
It is quite possible that these cameras are not secure and that a cybercriminal has access to the video feed.
To protect yourself from this risk, you need to be aware of who can see your screen and keyboard at any time.
Choose a place, if possible, where the surveillance cameras do not directly point at your screen.
Lowering the brightness of your screen to make it less readable is also a solution, especially when viewing confidential information.
Coworking spaces or cafés, whether used as temporary offices or long-term solutions, require adaptation in terms of both technological tools and usage habits.
As we have seen, the risks are many, but they can be mitigated by adopting the right behaviors and having the right equipment.
Make sure you have these points in mind and have the necessary tools for the proper use of these places, which will allow you to enjoy the quality of life they offer in complete safety.