Public WiFi hotspots are everywhere, but advisors must take appropriate steps protect sensitive data when working from the road.
Thanks to ubiquitous Internet connectivity, today's financial advisor can work from nearly anywhere in the world. In my February column (see Tech for the Road Warrior Advisor), I highlighted a number of websites and apps advisors can use to stay connected and productive while on the road.
However, not all Internet connections provide the security advisors require when conducting business online. Public WiFi hotspots are particularly appealing targets for hackers, as most fail to employ any kind of security protection whatsoever, potentially exposing personal and sensitive information of their connected users.
Financial advisors need the ability to be productive on the road, but must also have the confidence that the work they do can be done in a safe and secure manner. This month's column addresses services that help advisors add adequate protection to their sensitive information when working from the road.
Public WiFi Threats
Most commercial business recognize that when they offer free WiFi Internet service, customers are likely to stay around longer and potentially buy more merchandise, be it coffee, milkshakes, or even automobiles.
It's tempting for advisors to connect to public WiFi hotspots from several minutes to a few hours to tackle new email messages, update a CRM entry, or review documents for an upcoming client meeting. A hotspot's Internet speed may be much faster than one's cellular Internet connection, and using public WiFi doesn't consume any allotted bandwidth that may be limited by a cellular carrier.
By definition, public WiFi hotspots are generally open for anyone to use without requiring a password to access, and it is this openness that attracts people with nefarious intentions, a.k.a. hackers. Anyone can download a free program such as Firesheep, a plug-in for the Firefox Web browser, to monitor and intercept unencrypted information being passed over public WiFi networks. While username and password information is almost always encrypted, the cookie files that authenticate a user's online session often are not.
Applications like Firesheep can capture unencrypted cookie files, which attackers can then use on their own computer to access websites as if they were another user, a technique called "session hacking."
Another technique attackers use is to create and broadcast their own WiFi network labeled with the name of a business so it appears to be legitimate. But instead of a direct connection to the Internet, attackers can intercept network traffic, insert their own code along with genuine website data, and spy on information passed back and forth. This scheme is called a Man-in-the-Middle attack, or MitM, as the attacker is positioned between a WiFi hotspot user and the Internet.
Defending Against Hijacking
So what can the typical advisor do to avoid falling victim to these threats? Obviously, advisors can simply avoid connecting to public WiFi hotspots altogether, but that's not always a practical solution. There will be times when advisors want to get connected to the Internet but have no cellular signal, such as when flying in an airplane.
If a public WiFi hotspot is the only reasonable way to get Internet connectivity, advisors can protect their data by subscribing to a virtual private network service, or VPN.
A VPN provides an encrypted connection to the Internet specific to one or more mobile devices. Think of it as one's own personal express lane on an Interstate highway that nobody else can access. Because many VPNs offer the same AES-256 encryption used by banks and financial institutions, attackers might be able to intercept raw data over public WiFi, but the data is meaningless without the ability to decrypt the information.
Private VPN Services
Over the last decade, large enterprises have installed and configured remote access and VPN connections for their employees, including financial advisors employed by traditional financial institutions. An institution's IT administrators typically support remote access for their employees through common server software including Windows Server 2012 or Windows Server 2008 R2.
But as the trend of breakaway brokers and independent advisory firms continues to increase, advisors often find themselves on their own when it comes to network security. To fill the security gap, advisors can turn to personal VPN services that have increased in prevalence and popularity along with the rise of mobile devices in the workplace.
The first option for personal VPN services is Norton™ Hotspot Privacy from well-known antivirus software provider Symantec. Norton Hotspot Privacy supports devices running Windows XP through Windows 8®, Mac OS X® 10.5 or later, and iOS 4.0 or later, and is available through three subscription tiers.
For occasional use, a one-day subscription to Hotspot Privacy is just $2.99. A single-month pass costs $19.99, but the best value is the annual subscription of $49.99. No free trial is available, so you may first want to purchase a one-day subscription for initial testing.
A second provider supporting personal VPN services since 2005 is WiTopia. In addition to the operating systems supported by Hotspot Privacy, WiTopia adds support for Linux and Android. The annual subscription to WiTopia personalVPN™ Basic is also $49.99, but its single-month plan is more affordable at just $5.99. One appealing aspect of WiTopia is its free trial, so advisors can test the speed and compatibility of the service with no up-front commitment.
Norton Hotspot Privacy and WiTopia are two of the most popular personal VPN providers, but there are dozens more available, including Anonymizer, HotSpotVPN, StrongVPN, and TorGuard. To assist in the provider evaluation process, I've highlighted some important factors below.
Evaluating VPN Services
In general, personal VPN services all provide the same functionality: They protect and encrypt Internet connections by routing data through the provider's secure Internet gateways. One consequence of using any VPN service is the reduction in overall Internet speed. Instead of a direct connection with another server, data is first encrypted and sent through VPN servers, and adding this intermediate step will affect performance no matter which provider is used.
There are several subtle differences to look for when comparing VPN providers. First, be conscious of a provider's network size. A larger network of servers located in more cities and countries facilitates network traffic worldwide. Providers with large networks should have smaller reductions in overall Internet speed.
Second, identify the provider's promised network availability. Reputable providers should rate their uptime availability in at least four, but preferably five, "nines" (e.g. 99.999%).
Third, know whether or not a provider imposes bandwidth limits or data throttling for excessive use. Internet video calls and streaming high-definition movies are popular activities over personal VPN services (albeit for both legitimate and illegal reasons), so it's important to know if one's own subscription will be affected in any way by consistent, high-bandwidth activity.
Finally, determine how many devices can be used simultaneously with the VPN service. Both Hotspot Privacy and WiTopia support up to five devices, which should be enough for even the most connected advisor carrying a laptop, mobile phone, and tablet.
Advisors Are Ultimately Responsible
Financial advisors are not trained to be Internet security experts. However, there are essential steps they must take to protect the data and information in which they are entrusted. As mobile devices allow work to be done from any location, advisors need to be aware of the need to protect data when using public WiFi connections. Subscribing to virtual private network services is low-cost way to stay connected while keeping information safe when away from the familiarity and security of the traditional office environment.