The holidays are over, the Consumer Electronics Show has passed, and now you have all these new shiny wireless gadgets you’re just itching to play with. Now, before you go and connect to the internet, please understand that it’s all fun and games until someone gets hacked. And many times, this means when you are using wireless.

But it’s often the security lies that can get us in the most trouble, and today I’m exposing them.

Hiding your SSID is bunk. Your router’s Service Set Identifier (SSID) is its broadcasted signal, and by default it might be called “Linksys,” “Belkin,” “Netgear” and so on. Or some people customize the SSID and name it “My Neighbor Should Clean His Yard.” Lots of security articles will tell you that one way to secure your wireless is to hide it or turn off its broadcasting. But really, this doesn’t help. There are a plethora of tools that can detect your hidden wireless network, so this presents a false sense of security. Broadcast your signal, but encrypt it.

The idea that Wired Equivalent Privacy (WEP) is “good enough” is bunk. WEP is bad enough in that if you use it to encrypt your wireless network, you might have your neighbor (the one who should clean his yard) hacking into your network and placing spyware on your devices so he can frame you for crimes you didn’t commit so you can go to jail and find that his lawn hygiene is the least of your problems. WEP is a dinosaur that was extinct a long time ago. Use WPA2 encryption and live happily ever after.

Turning off file sharing when using public Wi-Fi is partly bunk. Yes, you should turn off shared files on your devices when you leave your home network and access a public network, but that’s not going to protect all of your files. If you are on a shared public network without any encryption—which is what makes it public—then the data you share over Wi-Fi is vulnerable. When using public Wi-Fi, download a free program called Hotspot Shield to encrypt all wireless communications on your Windows, Mac, iOS and Android.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked!.

Join GSMI in Boston, MA on April 9-11, 2013 for the 8th installment of the Governance, Risk Management and Compliance Summit and save 15% with the discount code TDITGRC15 on your registration.

We’ve heard lots and lots about data breaches in the last decade. And with the term “cloud” becoming more prevalent (which, incidentally, just refers to a computer server connected to the internet), people are asking how secure their data is on the various websites they agree to host it.

For example, online banking, online backup, social media, email and the various free services you may subscribe to are cloud-based and house lots of personal information. But are they secure? The answer is, “It depends.”

For example, BillGuard utilizes bank-level 256-bit AES encryption (the same level of encryption approved by the National Security Agency for storing top-secret data) for all communications and data processing; it also is performed on servers isolated from direct access to the Internet. (That additional level of security is also very important.) BillGuard’s systems are monitored by its own security staff 24/7 and audited daily by VeriSign and McAfee Secure, and a company called Security Art performs regular penetration testing to preemptively ward off data intrusion.

Furthermore, BillGuard does not store your credit/debit card account login credentials or ask for any personally identifiable information beyond an email address (for alerts) and your zip code. Not storing your data is good too.

Chances are, your bank uses the same level of security too. Deciding if you should give up your data depends on the potential risk and return. Do you give your credit card number to a waitress for a burger? You probably shouldn’t, but you do. Do you give your Social Security number to an insurance agent for identification on your policy? We pretty much have to hand over our data for services, and if you want to protect the data, we really should hand it over to companies that are in the business of protecting it—as long as they are responsible with it.

So when deciding to “give it up,” I say you should see what security measures these parties have in place and then decide. I’m sure your waitress has it all covered, anyway.J

Robert Siciliano is a personal security expert & adviser to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. 

A dinner, hosted by Yahoo’s CEO and another 11 CEOs and execs from Twitter, Google, Apple and more, recently took place in Silicon Valley. These major players, responsible for shaping our world of tech, simply sat down to break bread. You gotta wonder what the conversation was like.

So this got me thinking: With whom would I want to sit down to dinner, and what would I ask them? The “dinner” part of this dinner is already a problem for me. I’m thinking I’d want to eat ahead of time so I could engage my companions in conversation; otherwise, when I eat, it’s similar to a hyena taking down an antelope in the plains of the Serengeti. While some people do get a kick out of my eating drama and it certainly makes for great entertainment, it might not be the ideal scenario for a repast of this gravity.

Facebook CEO Mark Zuckerberg. Mark, fascinating platform you’ve built here. When you designed and built it, it was for college kids only. But what happened that made you decide to open it up to everyone? And at what point did you recognize the real value of connecting the way everyone has? How did you know that so many people would freely share they way they have? Is there a way you can prevent people from sharing so much? Don’t worry—I’m not bringing up privacy. I’m talking about how I’m pretty sure many of us have heard enough!

Gemalto CEO Olivier Piou. Olivier—I’m sorry, Mr. Piou…or is it Sir Knight? I’m sorry to be asking this, but in your bio it says you are “a Knight of the Legion of Honor in France,” and I’ve never been to France or met a knight. The closest I’ve come to a knight is the 1976 white Corvette that I bought when I was 18, with WHYNYT on its license plate. I know—corny, but the babes loved it. Anyway, I’m just going to call you Mr. Piou. Great company you’re running. My only question: What’s it going to take to convince all the world’s citizens that we need to be properly identified, proofed and documented, keeping their privacy in mind but in a way that prevents fraud, deception and identity theft by ensuring accountability for everyone? I know YOU are the guy to do it!

Zappos.com CEO Tony Hsieh. Tony, dude, NICE JOB! Love Zappos! Did you model your business after Amazon? Because you’ve made shopping for shoes and everything else as easy as Amazon has made it for getting books and macadamia nuts. Can you sprinkle some Hsieh dust on me?

Microsoft founder Bill Gates. Bill, thank you for all you’ve done. I know you’ve caught a lot of grief over the years, but seriously, thank you. And fabulous job you’re doing with saving the world with all your charity work. One question: Could you tell the developers at Microsoft to stop making Internet Explorer so annoying?

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked!.

Wireless connections can cost hundreds of dollars annually, so it makes fiscal sense that many people seek out free connections when they are out and about. But free doesn’t necessarily mean secure.

By now you’ve heard all the warnings that publicly connected Wi-Fi, such as that found in coffee shops, airports and hotels, are vulnerable to sniffers. Sniffers read the wireless data as it is transmitted through the air and convert it into words, numbers and computer code so other devices and administrators (including those with poor intentions) can read it.

Public Wi-Fi usually means that access is free and not password protected—which often means the Wi-Fi is unsecured, unprotected, unencrypted and just plain open.

Here’s how you can protect your data when out on a public network.

#1. Turn on automatic Windows Updates. In older versions of the Windows XP operating system, updates were all manual. With Windows XP SP2, updates are automatic by default. Windows Vista, 7 and 8 all have auto updates on by default. Keep it that way—there’s a reason for that. The reason is that attackers use certain software programs to search out vulnerabilities from outdated, unpatched systems.

#2. Turn off file sharing. On an encrypted home network, it’s reasonable to share files and folders with everyone in your family or with all the devices you access from different locations of your home and office. However, when you are out and about and accessing unsecured Wi-Fi, your data will be vulnerable due to settings in your firewall. With new Windows versions, you can specify whether or not you are on a “home” network, as opposed to a “public” network. Choose wisely; Microsoft has all the information here. At the most basic level, it is best to turn off all file sharing when heading out. Depending on your operating system, use these instructions from Carnegie Mellon to find out more.

#3. Don’t automatically connect to Wi-Fi networks. When initially connecting to a wireless network, we are often faced with a checkbox or option to “automatically connect” to the network in the future. Uncheck this and always manually connect. If your home network is “Netgear” and you are somewhere and your device sees another network named “Netgear,” your device will connect to its namesake—which may not necessarily be as safe, potentially leaving your device vulnerable to anyone monitoring that new network.

#4. Confirm the network you are connecting to. Granted, this is easier said than done. There are rogue networks called “evil twins” that criminals set up; they are designed to lure you into connecting by spoofing the name of a legitimate network. For example, you may use what you see as “Starbucks Wi-Fi” to connect while you’re sipping your latte, but you may also see a listing for “FREE Starbucks Wi-Fi.” Which one—if either—is for real? Such setups are designed to lure you in—and once connected, your data might get filtered through a criminal’s device.

#5. Use a freeVPN for Wi-Fi security like Hotspot Shield. Hotspot Shield creates a virtual private network (VPN) between your laptop or iPhone and our Internetgateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft expert consultant to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.

The IT GRC Forum has announced the grand prize winner of an Apple iPad 2. Congratulations to Laura Buckley, whose name was randomly selected from more than 240 registrants when she attended our webcast on 'How to Select the Right MDM & BYOD Security Solutions' held on February 21, 2013.

Laura is SVP and Information Security Director at Cadence Bank. Here is a quote after she attended the session, "In response to a growing request for BYOD, my challenge is to find the best solution to protect sensitive corporate data on all types of mobile devices – at the best price. I've attended several webinars to ensure we are prepared to ask the right questions and evaluate appropriately. This webinar brought to light several items we had not considered and certainly was beneficial in providing material for the RFP and future conversations with vendors."

.

Whether you are on your home or office network or seeking out a free connection on public Wi-Fi, there are known risks that can be managed simply by using a free VPN.

#1.Outdated operating system-critical security patches. When an operating system is released, it often is secure—or at least as it can be for the moment. But once good-guy and bad-guy hackers take a look at iten masse, they discover vulnerabilities. When on an unprotected network, criminals can use software programs that search out vulnerabilities from outdated, unpatched software on your devices; once found, they use whatever tools are available to take advantage of those vulnerabilities and dig deeper into your devices.

#2.Unsecured wireless. Unencrypted Wi-Fi networks at home or in the office, or on the road at coffee shops, airports and hotels, are vulnerable to sniffers. Sniffers read the wireless data as it travels through the air and converts it so other computers (and those who administer them) can read it in words, numbers and computer code.

#3.Poorly secured wireless. Protected Wi-Fi that employsWEP, or Wired Equivalent Privacy, is vulnerable. WEP, introduced in 1997, is the original version of wireless network security. Over the past decade and a half, however, WEP has been cracked, hacked and decimated.

#4.Sharing network passphrases. You might share a wireless connection with people you trust. Perhaps you have roommates, or you live in a condo or apartment and like your neighbor so much that you give her your passphrase so she can hop on your wireless internet. But by doing this—and no matter how nice your network-sharing friends may be—you are letting other devices scoot by the encryption your router employs.

#5.Hijacked cookies.Session hijacking is when you log onto a website and your login data is stored via a cookie—a small bit of code that lets the website know you are logged in. If HTTPS isn’t used and these cookies aren’t encrypted—which, often, they are not—an attacker can copy that cookie onto his or her device and surf on that device just as though it were yours. You’ve been hijacked!

#6.Man-in-the-middle attack. When you are on an unprotected network and another device intercepts or eavesdrops on your internet communications, then communicates with the designated website acting as thoughit is you, the other device communicates with the website—and the website has no idea it is communicating with an attacker.

The easiest way to avoid all this drama is by protecting your devices’ wireless communications witha free VPN likeHotspot Shield. Hotspot Shield VPN protects your entire web surfing session, enables private browsing while securing your connection at both your home internet network and publicInternetnetworks.

Robert Siciliano is an Identity Theft expert consultant to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.