Public WiFi hotspots are everywhere, but advisors must take appropriate steps protect sensitive data when working from the road.
Thanks to ubiquitous Internet connectivity, today's financial advisor can work from nearly anywhere in the world. In my February column (see Tech for the Road Warrior Advisor), I highlighted a number of websites and apps advisors can use to stay connected and productive while on the road.
However, not all Internet connections provide the security advisors require when conducting business online. Public WiFi hotspots are particularly appealing targets for hackers, as most fail to employ any kind of security protection whatsoever, potentially exposing personal and sensitive information of their connected users.
Financial advisors need the ability to be productive on the road, but must also have the confidence that the work they do can be done in a safe and secure manner. This month's column addresses services that help advisors add adequate protection to their sensitive information when working from the road.
Public WiFi Threats
Most commercial business recognize that when they offer free WiFi Internet service, customers are likely to stay around longer and potentially buy more merchandise, be it coffee, milkshakes, or even automobiles.
It's tempting for advisors to connect to public WiFi hotspots from several minutes to a few hours to tackle new email messages, update a CRM entry, or review documents for an upcoming client meeting. A hotspot's Internet speed may be much faster than one's cellular Internet connection, and using public WiFi doesn't consume any allotted bandwidth that may be limited by a cellular carrier.
By definition, public WiFi hotspots are generally open for anyone to use without requiring a password to access, and it is this openness that attracts people with nefarious intentions, a.k.a. hackers. Anyone can download a free program such as Firesheep, a plug-in for the Firefox Web browser, to monitor and intercept unencrypted information being passed over public WiFi networks. While username and password information is almost always encrypted, the cookie files that authenticate a user's online session often are not.
Applications like Firesheep can capture unencrypted cookie files, which attackers can then use on their own computer to access websites as if they were another user, a technique called "session hacking."
Another technique attackers use is to create and broadcast their own WiFi network labeled with the name of a business so it appears to be legitimate. But instead of a direct connection to the Internet, attackers can intercept network traffic, insert their own code along with genuine website data, and spy on information passed back and forth. This scheme is called a Man-in-the-Middle attack, or MitM, as the attacker is positioned between a WiFi hotspot user and the Internet.