Upgrade column: Stay safe on public wi-fi

There is a lot of scaremongering around the security of wireless internet access but by taking a few simple steps, business travellers can be sure to be secure whilst surfing the web via public hotspots at airports and elsewhere, says Mik Stevens.

Wireless networks are transparent. Everyone is able to see the traffic running over them because they operate on radio frequencies - no complicated hacking tools are required.

When using a public internet hotspot, you should take the same basic security precautions you would anywhere else - including antivirus and firewall. However, to protect your data in transit over wireless nets, you must also use encryption.

The simplest and most widespread means of encrypting your data whilst working remotely is the virtual private network (VPN). This software provides encryption of all traffic from your laptop when using any remote links to the internet, theoretically giving you access to every file and application you have access to when plugged into the wall at your office site.

Your VPN client generally requires you to identify yourself before you are allowed access, usually with a username and password. Even if the hacker did intercept the data - and given it is wireless radio you should assume people can intercept it - they would not be able to read it. Nearly all corporate users with wireless laptops use VPN, so they shouldn't be at risk. However, if your organisation has not provided you with these tools, there are other precautions you can take.

If you connect to the internet at a hotspot, checking email on the web might allow a hacker to read your email and get your email passwords. If you want to keep your communications private, you should use a Secure Sockets Layer (SSL) web email service - there are many of them to choose from. If you are using a site with secure information, always check whether it is encrypted, which you can do by looking for the padlock in the right bottom corner of your browser.

Another thing that's important to do is to check your SSL certificate. This sounds very technical but it is not difficult and is very important. If you connect to any site that uses SSL (the URL usually starts with 'https://' and there will be a padlock in the corner of the browser), then you can check the SSL certificate by double clicking on the padlock. Check the details are as expected, especially the certification path. More details can be found on Microsoft's website.

If you access an SSL site and it has a certificate from a different organisation, it has been 'spoofed' and you're likely to be at risk. Many modern browsers will flag an unrecognised SSL certificate, giving you an extra warning. Think of this as being like checking a cash-point machine for tampering before putting in your card and entering your PIN.

As ever with remote working, the most obvious things must not be forgotten: use a screen guard to protect from snoops walking past in the flesh, rather than just digitally. And don't speak too loudly if you're discussing something on your mobile phone. All the encryption and security measures in the world can't protect you from an eavesdropper.

The increasing ubiquity of high speed internet access via public hotspots in airports, coffee shops and beyond is unquestionably a good thing. However, as with all developments, steps must be taken to protect yourself from the new security concerns that are introduced in order to gain maximum benefit.

Mik Stevens is security market manager at Cisco Systems UK and Ireland.