Your favorite coffee shop might seem like a secure place to work with its warm ambient lighting, comfy chairs, and familiar barista faces. But that sense of security can be extremely false. The fact is, coffee shops are a prime hunting ground for cybercriminals.
What are some of the risks of working at a coffee shop?
- Packet Sniffing
- Pineapple Devices
- Evil Portals
- Fake HTTPS
- Lost USB Scams
- Good Old-Fashioned Theft
The easiest and most certain way to avoid becoming a victim of cybercrime at a coffee shop is not to work from one. However, if you’re determined to indulge in a tasty latte and work in a different environment every once in a while, there are steps you can take to mitigate some of the risks.
Ways Security Is Threatened At Coffee Shops & How To Protect Yourself
Vulnerabilities Of Working In Public
This technique is commonly used by network administrators to monitor packet data transmitted via the network they manage. Unfortunately, cybercriminals have figured out how to use this technique to gain access to all data sent over a public wifi network.
If you’re online shopping, they can get your financial details. Or if you’re talking about a confidential merger with a co-worker, they can engage in insider trading based on whatever you say. If you’re sharing login information with a new team member, they can steal that too.
These devices were originally developed for companies to test their cybersecurity with, but hackers now use them for malicious purposes as well. A Wi-Fi Pineapple can be used in many ways to steal data, but this is the most common one.
Called a man-in-the-middle attack, it involves a Wi-Fi Pineapple that is set up to behave exactly as the legitimate Wi-Fi network behaves. No one using it notices a difference, but it gives the criminals access to and the ability to capture all data transmitted on the network.
Once a man-in-the-middle attack is set up via a Wi-Fi Pineapple device, cybercriminals can also set up evil portals. These are very believable copies of legitimate websites, like Amazon, eBay, or Facebook.
When a device is connected to the Wi-Fi Pineapple network, it redirects traffic to the false website created by the hackers instead of the real website. Users then interact with the site as usual, but the bad guys can steal all the data entered on that site.
“Https” protocol is an internet protocol which secures the connection to a website and encrypts data transmitted on it. Thus, navigating to “https” URLs over “http” URLs gives people an extra layer of security when browsing.
However, bad guys can use a Wi-Fi Pineapple to direct “http” requests from a legitimate “https” server to their own. At that point all data you enter on the website is captured and potentially stolen.
Lost USB Scams
A unique intersection of cybercrime and the physical world, lost USB scams are pretty straightforward. Bad actors load up a USB drive with the malware of their choosing, and then abandon that drive somewhere in the coffee shop.
Their hope is that someone picks up the flash drive and plugs it into their laptop. At that point the malware is deployed and the computer is temporarily unusable at best, or massive quantities of data are stolen at worst.
Prevention Tip: NEVER use a USB drive that you don’t know the origin of. Watch this video to find out just how many people make this mistake.
Good Old-Fashioned Theft
You may feel like you’re blending into the crowd when you work at a busy coffee shop, but you stand out – to the wrong crowd, anyway. Absolutely nothing on your screen is safe in public. Anyone could take a picture of or write down whatever they see.
If they don’t steal your data, they could outright steal your company devices. Even if you’ll only be away for a moment, any unattended tech could be snatched right out from under your nose. Then any data on it is vulnerable to theft.
Prevention Tip: NEVER leave your computer, phone, or tablet unattended in public.
Work From Your Favorite Coffee Shop Safely
Use A VPN, Always
A Virtual Private Network (VPN) creates a secure, encrypted, end to end connection from your device to the internet. Think of the VPN as a secured tunnel that only authorized personnel can use to get from A (company device) to B (the internet).
Each device that connects to the internet has an IP address which is tied to its physical location. Think of the IP address as your home address. The VPN creates a digital P.O. Box which shows up instead of your actual IP address when you connect to the internet with it.
Furthermore, the VPN also encrypts any data transmitted on the internet while it’s in use. This means any cybercriminals who are spying on public Wi-Fi network traffic see gibberish rather than your sensitive data.
Get A Firewall Too
Firewalls are network security software that monitor and screen network traffic. They can be customized to comply with your security policies, only allowing approved traffic and blocking unsafe or unwanted traffic.
A firewall should be an integral part of your cybersecurity plan because it removes the guesswork on whether or not people within your organization are able to recognize and filter out unsafe websites. But not all firewalls are created equal.
Next Generation Firewalls are the latest and greatest firewall protection. They are specifically designed to block the most common and nasty cyber attacks. These firewalls also can be programmed to react quickly and take measures to combat attacks without you having to lift a finger.
Read about our preferred firewall and how it fits into Fortinet’s Security Fabric here!
Use Malware Protection While You’re At It
Regular cybersecurity refreshers are a must, in order to foster a culture of security across your company. But you shouldn’t rely on your people alone. Malware/antivirus software is another key component of any cybersecurity plan.
Anti-malware and antivirus software works to scan all incoming data and stop malware/virus installation and infection. Even if you or one of your employees slips up and clicks a malicious link or uses unsecured public Wi-Fi, your computer and network will be protected.
Only Connect to Secured Networks
If your favorite coffee shop doesn’t have a password protected Wi-Fi network, it’s time to find a new one. Don’t even mess with an unsecured network. The risk to you and your business is absolutely not worth it.
Even if the public Wi-Fi network is password protected, you should make sure to follow the other security tips in this blog. All it takes to steal data from a secured network is ~$50 and a few hours spent monitoring traffic.
Ensure Your Device And Its Software Is Up To Date
There are always exploits and vulnerabilities that cybercriminals can uncover and use with even the most secure software and operating systems. Make sure that updates are automated and that your device and key software are all patched to protect your device and data.
This is even more important if you’re working from public Wi-Fi networks, as anyone spying on the network could use those exploits as a back door into your data. If you must work in public, make sure you’re working on an updated device before you connect.
Schedule Regular And Secure Backups
A huge risk that you take when you work on public Wi-Fi networks is that of ransomware, or other malware designed to destroy your data. If you don’t have a reliable backup of all your data, losing it to cybercriminals could devastate your business.
On the other hand, if you do have a reliable backup of your data, ransomware and destructive malware aren’t nearly as damaging. You can clean the infected device and restore that backup, getting back to work in no time.
Don’t rely on your memory to ensure backups happen. Schedule automated backups frequently, at night when your computer is connected to power but not in use. Then, if any security issues arise, your entire database isn’t at risk.
Stay Informed To Stay Safe
Cyber threats are constantly evolving and changing, so it’s crucial to keep yourself and your staff up to date on the latest threats to your industry. Our blog, Plugged In, is a great way to stay informed and continue to learn about information security, cybersecurity, and network security.
If you have any further questions about the security suggestions we made in this article, please reach out! The expert analysts at CloudNexus are more than equipped to answer your questions and help you implement solutions.