Never Trust a Hotel to Protect Your Personal Data

by Robert McGarvey

The Hotel Management headline caught my eye: What hoteliers need to know about protecting guest data. To be candid my instant reaction was one word: Everything. Given how many documented hotel data breaches there have been in this century, to call hotels data sieves is to flatter them.

Now matters may be worsening, mainly due to the labor crisis that is engulfing US hotels.

But hotel already are documented bad at data protection. Here’s a hotel breach timeline dating back to 2010 in Hotel News Now. What is stunning is how many breaches go undetected for many months. For instance, in 2019 Choice Hotels reported a data leak that “inadvertently” disclosed customer info to business partners. How often? Per Hotel News Now: “Overall, this issue occurred approximately 88,000 times from June 2015 through 12 November 2019.”

Read the HNN timeline and the victims are a roll call of hotel management companies, from Marriott to Trump, Hilton to White Lodging.

You want to laugh at their ineptitude but hold that chuckle because it is your data that is in play, your info that is getting sucked out and put in the hands of criminals.

Surely, matters are improving, data will be more scrupulously guarded. You might think so.

Lots of companies – including the several profiled in the Hotel Management article – offer contemporary data protection technology and practices. The availability of protection is not in doubt. The readiness of hotels to spend the money and the readiness of their staff to implement the procedures very much are in doubt.

How many stories have you read about hotel labor shortages? This impacts everything from front desk clerks to gardeners and housekeepers. It definitely means there is a shortage of IT security staff who probably have migrated into industries with better pay and superior technology. See this April 2022 Law.com article, Hackers’ Path Eased as US Cybersecurity Jobs Sit Empty. Per the article: “About 1 million people work in cybersecurity in the U.S., but there are nearly 600,000 unfilled positions, data from CyberSeek shows.” You can bet that a lot of those unfilled positions are in hospitality where, as a rule, pay lags. If you have an in demand skill, the smart move of course is to go where the money is and that will rarely be hospitality.

Assume any hotel you stay in has cybersecurity openings and it has struggled and generally lost out in efforts to keep their best cybersecurity staffers.

More bad news is that the professional cyber criminal organizations are in full gear to attack travelers and hotels because the criminals – who have been staffing up – believe the odds increasingly favor them.

Current events play into this. Attacks out of Russia are skilled and they are growing in number.

Your cyber safety depends upon an understaffed and possibly under talented workforce.

Check into a hotel and the property hoovers up lots of data from you – a credit card number, probably a driver’s license number, business address, possibly also home address. That is ample info to enable a crook to make purchases on your credit card, possibly to attempt opening new accounts in your name.

Know this: although it is tempting to use a fake id at a hotel most (possibly all) states have laws making it illegal. I am no lawyer but my guess is that without evidence of criminal intent, no one would prosecute a worried traveler who used a fake ID and a credit card in the same name to check into a hotel in order to minimize risks of data theft. And I seriously doubt many hotels would have any interest in a prosecution going forward when the guest did not defraud them and the guest intends to mount a defense built around hotels and their data leaks. But caveat emptor.

I am not presently using a fake ID but I put hotel related charges on a credit card where I check the activity frequently (several times a week). It’s also a credit card issued by a company with generally good security practices.

I suggest you do likewise. Put all hotel related expenses on one card that you check frequently. If you travel a lot this year – between hotel staff shortages and what seems to be chronic under investment in cyber by hoteliers – your data is at risk.

Keep that in mind with every transaction at a hotel. Incidentally, hotel bars and restaurants seem especially leaky – think hard about paying cash. Ditto hotel gift shops.

I wish I had better news for you but the best I can say is. assume your data may be breached everytime you stay in a hotel. With that attitude you will stay on the defense and that’s now a traveler’s must.

You know how savvy travelers brace themselves against pickpockets when in crowded train stations especially in Europe? Me, I will literally keep a hand on my pocket touching my wallet. Paranoid? Nah. Just careful.

Do likewise with your data in a hotel.

Maybe you can’t cuddle it but you can be mindful about it and that’s the next best thing.

CU 2.0 Podcast Episode 205 OGO’s Tim Daugherty on Why Your Credit Union Needs a Business Continuity Plan

The pandemic. The Great Resignation. Oregon wild fires. Tornados in Kansas.  Face facts: it is tough to know how to deal with the next disaster that comes on your scene because who knows what that will be?

This century – from Katrina to the war in Ukraine – has been a wild ride filled with the unpredictable.  It has become essential for every c-suiter to live by the Boy Scout motto, Be Prepared.

But that isn’t easy when there’s no knowing what you need to be prepared for.

This is where Tim Daugherty enters because in this podcast he tells what a credit union needs in a business continuity plan – and he also muses about the maybe 25% that do not have a realistic plan in place.

Joining him is Shane Butcher. a CU 2.0 Podcast veteran and director of CISO Services at OGO, who offers insight into where data and hackers figure into BCP.

Listen up.

Like what you are hearing? Find out how you can help sponsor this podcast here. Very affordable sponsorship packages are available. Email rjmcgarvey@gmail.com

And like this podcast on whatever service you use to stream it. That matters.

Find out more about CU2.0 and the digital transformation of credit unions here. It’s a journey every credit union needs to take. Pronto

Cyber Wars on the Travel Road 2022 Edition

By Robert McGarvey

Business travelers have been sidelined for two years, thanks to the pandemic, but you know who has not been sidelined: hackers, cyber criminals, and a huge cast of malefactors in Russia, China, Iran, and, yes, of course the United States who want to take advantage of road weary travelers who too often let down their guards and thus are easy marks.

So I was not surprised when I saw that the World Travel & Tourism Council had worked with Microsoft to generate a report on cyber risks and travel, a business that is exceptionally vulnerable because, per WTTC data, 80% of the players in travel are small and medium sized businesses and that group generally has been laggard in arming up to thwart cyber attackers.

Phocuswire reported: “Julia Simpson, WTTC president and CEO, says: ‘Technology and digitalization play a key role in making the whole travel experience more seamless, from booking a holiday, to checking in for a flight or embarking on a cruise.

‘But the impact of cyberattacks carries enormous financial, reputational and regulatory risk.’”

Reprising Capt. Willard

That quote put me in mind of Martin Sheen’s Captain Willard as he passed time in a Saigon hotel room waiting for his mission in Apocalypse Now.  Muttered Willard, “Every minute I stay in this room I get weaker and every minute Charlie squats in the bush he gets stronger.”

YouTube video clip (two minutes) here.

As we have grown soft sipping Scotch nursing our memories of hotel rooms past the cyber bad actors have grown tougher, smarter, hardened and hungrier.

And as we go out on the road again we will be prime targets.

The Leaky Sieve Travel Industry

The WTTC/Microsoft report gloomily set this stage: “Cyber criminals tend to be opportunistic and will exploit any possible area of vulnerability, from a payment process to a loyalty programme. While loyalty programmes enhance the travel experience by creating reward opportunities based on travel, they are also a target of cyber criminals. These programmes contain sensitive data which makes them susceptible to attack, underlining the need to treat these programmes as part of the larger eco-system of the business.”

The report also noted: “According to Kelly White at Mastercard, ‘most people assume and expect security and privacy,’ both in how the data is being used and stored. This highlights the trust consumers have had in their providers, even in the absence of overt safety measures.”

Face this fact: your security on the road is on you. That includes taking personal responsibility for safeguarding your personal data and credit card info when dealing with travel providers.

You cannot trust travel providers. They have been cyber leaky sieves for decades and there is no question that in the past two years of economic oblivion most have grievously neglected their cyber security.

Hotels, airlines, cruise ships have lost literally billions of dollars in the past two years.  What budget item haven’t they cut?

Depend on them to protect you and, honestly, make sure you pack a rosary and dutifully say your prayers on the road because you will definitely need God’s help.  

6 Steps to Better Road Safety

What steps should you take to stay cyber safe in 2022:

  • Do not use public WiFi.  Use your phone to create a personal hotspot — cellular data is vastly safer than public WiFi.
  • If you must use public WiFi, always have a VPN as a filter.  And never use a free VPN
  • This all is definitely true for hotel WiFi – don’t use it and if you must use a VPN.
  • Regularly check loyalty points totals – the sooner you blow the whistle about a theft the more likely matters will quickly resolve in your favor.  Even smarter: drive your totals down as near as you can to  zero. Loyalty points spent cannot be stolen. 
  • Never, ever use a debit card at a hotel, airline, saloon, or restaurant. Your federal protections are much stronger with credit cards.  
  • When traveling – especially abroad – use a credit card that has built in chip and PIN protection.  That means you need to enter a four digit code to complete the transaction. This is vastly safer than the US standard of chip and signature.  Personally I use Diners Club card. Here are others noted by WalletHub. 

Look, I too want travel businesses to read and act on the Microsoft report which is stuffed with suggestions for toughening defenses.

But I am not optimistic.

Trust no one in the travel industry.

CU 2.0 Podcast Episode 195 Gordon Flammer Datava

 Is the company name pronounced Datava, Data-va, or, what’s your guess?

Just as the pronunciation of the company’s name may prove slippery for many, so too is it difficult to neatly sum up exactly what Gordon Flammer’s company does.

But I can tell you this: when American Heritage Credit Union worked with Flammer, it grew by $1 billion. Organic growth, Not acquisition.  That has to grab your attention. Here’s a link to a CUBroadcast show about this $1 billion miracle fueled by Flammer’s unique way of looking at credit unions and their data. 

Here’s a link to a press release about the same fantastic growth.  

His starting point: a lot of software and tech tools sold to credit unions do not do what they are promised to do and, importantly, they do not solve the problem the credit union wants solved.

So Flammer takes a different kind of look at what ails a credit union and he comes up with different kinds of solutions.

Much of what the company works on is creating better sales tools, dashboards, monitors, and so on.  But there’s more in Flammer’s tool box.

Along the way in this podcast Flammer explains why his company is a CUSO – he is a big booster of the format – and he also muses about the plusses and pitfalls of working with venture capitalists. For some – point a finger at Flammer – a CUSO is simply a better path.

Listen up.

Like what you are hearing? Find out how you can help sponsor this podcast here. Very affordable sponsorship packages are available. Email rjmcgarvey@gmail.com

And like this podcast on whatever service you use to stream it. That matters.

Find out more about CU2.0 and the digital transformation of credit unions here. It’s a journey every credit union needs to take. Pronto

I Have the Apple Digital Driver’s License-Do You Have FOMO?

by Robert McGarvey

On March 23 Apple announced the debut of its digital driver’s license – and within a few minutes of learning about it, I had it installed on my iPhone.

It would have been installed sooner except I had to update the OS on the phone. Once that was handled, it was smooth and quick sailing.

Right now, only Arizona licenses work with the Apple technology. Apple has said other states will soon follow, including Colorado, Hawaii, Mississippi, Ohio, and the territory of Puerto Rico. Timelines are unclear.

If you do not have an Arizona driver’s license, forget about it for now.

If you do not have an iPhone or Apple Watch, forget about it.

So I pat myself on the back in congratulation of my early adoption.

But exactly what have I adopted? What are my benefits?

Back up a few steps. Arizona, presumably to keep state operating costs low, does not have that many DMV officers where licenses can be renewed. So when I last renewed it I used a privately run facility that charges a few dollars more but it was nearby and there was no line.

One hitch: the license has this notice – “NOT FOR FEDERAL IDENTIFICATION.”

Typically I had used a driver’s license at the TSA checkpoints so this was a problem. Yes, I have a passport – two in fact – but they are in a large case that I bring on international trips. Not always on domestic.

I bought a US Passport card – the same size as a driver’s license. Problem solved. It fits in my wallet right behind the driver’s license.

Would my driver’s license in fact work with the Apple system?

Yep.

Little by little, Apple is adding features to its wallet app that augment its usefulness. I also have a BART Clipper card installed in the wallet, for instance. An Apple Card is in there too.

Will I ever actually use the digital driver’s license that now claims pride of place in the Apple Wallet?

JoeSentMe columnist Phil Baker is cynical about the usefulness of this Apple tool: “The best I can say for the digital license is that it’s a useful way to back up your physical license. I’ll continue to carry my real license with me and not depend on my phone. Clearly, it’s in Apple’s interest to turn the iPhone into a digital wallet, but it’s doing it because it can, not because there’s a need.”

Note too that not all airports will accept the Apple digital ID. Apple acknowledges this: “Driver’s licenses and state IDs in Wallet are currently available for use in select states at select TSA checkpoints. Travelers should refer to TSA checkpoint signage to confirm availability,” it said in its press release.

9to5Mac says the list of locations where it can be used is in fact singular: “For now, it looks like certain TSA checkpoints at the Phoenix International Airport are the only officially supported places to use Apple digital IDs.”

If your flights are not taking you to PHX, maybe just forget about this for now.

And also understand that, for now, the digital ID cannot be substituted for a plastic license if stopped by a cop who insists on seeing your license. You still will need to carry the plastic.

So I don’t disagree with Baker but I got one anyway. Why? Because I write about this stuff, it interests me, and I do believe we need stronger, better ID systems in this country. Perhaps the Apple ID is a step in that direction.

For sure, Apple’s game plan is clear. It wants to sell states – like Arizona, which already has no fondness for issuing license renewals – to contract with Apple to assume the licensing responsibility. Assuming Arizona sticks to its skinflint GOP budget biases I can see AZ hopping aboard that train.

Here’s the bottomline: this remains very early days for digital IDs on our phones. Everybody knows they are coming, almost everybody applauds this, but almost nobody has marked a day on their calendar when they plan to shred their plastic driver’s licenses.

Me, I remain glad I did it. Fast, easy and, for now, no cost.

Will I ever use it?

Somebody has to be the test subject. Why not me?

You Are Who You Eat Lunch With: Fintechs and Credit Unions at Table

By Robert McGarvey

You learned this in high school: You are who you eat lunch with. That is fact.  You might have fancied yourself a brainiac…but if you lunched with the sweat hogs, well, the world knew otherwise.

Which brings us to this cautionary wisdom shared recently by Kirk Drake, founder of the CU2.0 consulting firm and CEO of CUSO Ongoing Operations.  There are three kinds of fintechs, said Drake. There are those that want to eat your lunch (think Rocket Mortgage). There are those that want to sell you lunch (Zelle). And there are those that want to lunch with you.

Drake offered that observation at a small CU2.0 gathering of credit union executives and fintech entrepreneurs – so that made this especially pointed commentary.

By Drake’s measure, credit union executives want to dodge the first group of fintechs – you are zebra on the savannah and they are hungry hyenas.

As for the second group, there are some that want to sell you lunch who are worth paying.  Do you want to develop your own core system, for instance? 

But the ones you really, definitely, want to get to know are the fintechs that hope to partner with credit unions in relationships that are intended to benefit both parties.

And the good news on that front is that nowadays there are lots of startup and mid-stage fintechs that are hungry to share a meal – and maybe earn some money – with credit unions.

Case in point of a fintech that wants to lunch with credit unions: Quilo, a quick installment loan company – its AI driven technology offers loan decisions literally in seconds – that is co-founded by Don Shafer, who also co-founded Kasasa, which was formed to offer community financial institutions – credit unions – competitive checking products.

The Quilo game plan is similar.  Shafer’s plan is to put Quilo loans into the services of credit unions and community banks who will own the paper and set the loan decisioning terms.  Quilo also encourages credit unions to enlist their local merchants in offering Quilo to their customers.

It’s not Buy Now Pay Later, it’s not a conventional credit card – but Quilo is a way for a consumer to set specific terms and payment schedules for the purchases they make.

At Carter Credit Union in Louisiana, CEO Joe Arnold told me he is an early Quilo adopter and that’s because he sees the fintech’s tools helping his members, merchants in his communities and the credit union.  

Arnold also indicated he believes Quilo will bring in more members to Carter – very probably younger members.

Want more details on Quilo and how Arnold sees it helping the credit union? Listen to this podcast with Shafer and Arnold.

Know too that there will be many more fintechs such as Quilo.  Why? Credit union money is looking to seed them.

An advocate of this trend is Ray Crouse, CEO of Parsons Federal Credit Union and board president at NACUSO.  In this podcast Crouse presents the case for credit unions investing in CUSOs that are set up to stimulate fintech innovation.  That investment strategy is permitted under NCUA regulation and it is gaining favor, said Crouse. Crouse has skin in this game because, as he discussed, Parsons has made sizable fintech investments and his plan is to make more

More optimism – and money – comes from Martin Walker, a vice president at venture capital firm Next Level Ventures which administers the Curql fund, formed to help fund fintechs with potential to help credit unions grow. Curql has a warchest available for investing of $250 million which makes it a real player. The ambitions are large but, said Walker in this podcast, the interest on the part of fintechs in helping credit unions grow is real and growing.  

Add this up and there are fintechs with good ideas and increasingly they are getting investments aimed at involving them in credit unions.  

So remember to be picky about who you eat lunch with. You were and always will be who you lunch with.  With tech make sure the companies are ones that sincerely want to lunch with the credit union.

CU 2.0 Podcast Special Edition: Tech in Ukraine, Surviving the War

 Before the Russian invasion, Ukraine’s tech sector was a brilliant, bright spot in that Eastern European nation. By most tallies it brought in revenues around $6 billon in 2021, around 4% of GDP.  Foreign investment has been brisk.  The future definitely had been bright.

Is it still?

In this podcast the guests are Anatoly, CEO of CXDojo, a Ukraine based firm staffed by software engineers and business consultants, and Maksim, business development manager for CXDojo. Consumer experience is a key focus.  

Our talk is about the war, the future, why agile matters as a business philosophy, maybe now more than ever, and why Ukraine is a great place to look for computing talent…and why it will again be once the bombs stop falling.

Along the way you will also hear a lengthy discussion of agile as a business philosophy – and how war maybe is a stark reminder of the need to stay agile.

To get more of team CXDojo, here is a podcast they did with Kirk Drake, founder and CEO of CU2.0.  It’s a fun, informative romp that tells why making wine is a lot like starting a fintech.

Listen up: this is a podcast that is unlike any of we have recorded before. 

Like what you are hearing? Find out how you can help sponsor this podcast here. Very affordable sponsorship packages are available. Email rjmcgarvey@gmail.com

And like this podcast on whatever service you use to stream it. That matters.

Find out more about CU2.0 and the digital transformation of credit unions here. It’s a journey every credit union needs to take. Pronto

Live from CU2VIP-Live Event #3 Jeter + Butcher on CISOs, Fintechs, Security and Your Credit Union

 Build a fintech from the ground up with security in mind – especially and crucially if the fintech wants to work with credit unions.

That is the one sentence takeaway from this 20 minute conversation with Shane Butcher, director of CISO Services of CUSO Ongoing Operations (and a past CU2.0 Podcast guest, episode 85), and Gary Jeter, chief technology officer at Trustone Financial Credit Union.

At credit unions – and the federal regulator – security is a non negotiable must have.

Along the way you will also hear about the differences between CIOs and CTOs, where a CISO resides in a credit union (and why), and – listen closely – Jeter tosses out a fascinating idea for a newstyle 21st century safe deposit box that is there for data protection and, he suggests, it just might bring in revenues down the line.

Right there is what made the CU2VIP event special – clever ideas just pop up if you are listening for them.

Listen up.

We Are All Competing in the Burner Phone Olympics

By Robert McGarvey

A distinction held by this year’s winter Olympics is that it will go down in history as the first where the widely listened to advice was: bring a burner phone and that is because the Chinese government required athletes, Olympic staff, media, probably everybody to download an app named My2022 that was buggy and almost certainly spied on the phone’s contents.

You’d have to have been nuts to bring your own phone. Or just ignorant.

China is a notorious cyber thief. As far back as 2010 I routinely heard from Fortune 50 security consultants: if you are going to China bring a burner phone and a new computer with no content on it. Or bring no technology at all. Whatever tech you bring will be hacked.

Even so, did some bring their own phones to China for this Olympics? No doubt. But before we snigger, ask: am I personally practicing better cyber security on the road today?

Here’s the big point: collectively we have forgotten what we need to do to stay cyber safe on the road.  Understandably, It’s been nearly two years.

But here’s a primer on simple steps we all need to take when traveling.

Burner phones.  There are some countries that just scream: bring a burner. Russia, China, Israel, Iran top most lists.  The more cautious travelers add France and South Korea.  Some whisper that the biggest threat is the U S of A.  

Know also: that many countries have dramatically upped their phone tracking as a step in thwarting the spread of Covid. Location tracking is step one. The next step is data tracking.  

If in doubt bring a burner phone especially when traveling abroad. 

Phone recharging stations.  They are common in airports, often seen in meeting venues, and starting to show up in museums. Never, ever use them. A dead phone is a lot better than a hacked phone and too often criminals have hijacked those charging stations. There’s even a phrase: Juice jacking.   

Public wifi networks.  Never, ever use them, part 2.  Not in airports, not in airline clubs, not in hotel rooms, not at meetings.  Your phone can create a hotspot and in my experience my phone’s hotspot is at least as fast and sturdy as the public networks used by peers. A hotspot is a lot harder to hack into than a public wifi network.  I just don’t understand why everybody doesn’t run on hotspots when traveling.

Bring cheap computer gear. I am going on a business trip imminently and my travel computer will be a Chromebook that is so old I have no memory when I bought it – but it boots, it runs Chrome, it can read an SD Card which I need because I am doing some recording.  If it gets broken or stolen on my trip, who cares? And there is no meaningful data on it.  

Trust VPNs – but Verify.  Not all VPNs are created equal. Some work, others work less well, and a few are downright criminal in intent. Beware of free VPN but don’t believe all VPNs that charge fees are necessarily safe.  VPNs are indeed a useful safeguard for traveling executives but they are not a cure-all. If your employer requires one, use the one they specify.  If you provide your own, carefully research the choices before signing up. And when traveling abroad recognize that VPNs often work better in some countries than  in others.  You may need several on a multi country trip.

Be wary of QR codes. So often now we are confronted with a QR code and instructed to click – to read a restaurant menu, to access information about a painting in a museum, to claim a place in a queue.  I am not saying never do it (although I am tempted to) because sometimes we really want what is on offer (like that restaurant menu).  But be cautious.  QR codes are ridiculously easy to counterfeit and if you click on the wrong one you will find yourself delivered to a cellphone hell.  Think before the click.

Guard your log-ins.  We live in the age of ransomware and a key to criminal success at that is getting a mark’s log in.  I know, I know, on the road we often look at emails and text messages when we are tired, even bleary eyed.  Who hasn’t done that?  But be careful. It is too easy to hand the jewels to a cyber criminal. Better to leave an email unread than to lose your log in.

To quote the eminent philosopher Popeye Doyle, never trust anyone. Definitely not on the road,

A Warning from the NSA: Just Don’t Use Public Wi-Fi

by Robert McGarvey

I don’t recall the first time I wrote up a warning against using public Wi-Fi when traveling – and that means hotel, airport, restaurant, public transportation (subways, busses) coffee shop, even inflight Wi-Fi. Probably 10 years ago. Maybe longer.

And yet public Wi-Fi sites multiply – one count finds over a half billion globally. That’s because we use it. One survey found 18% of respondents use it more than once a day.

Definitely, too, usage is upped among travelers. When I ask people if they would use the public Wi-Fi up the street from their home the reaction displays similar enthusiasm to what I’d get if I asked their willingness to use a public toilet in the Covid-19 era. But those very same people, when asked, acknowledge they do use public Wi-fi when they travel because “what are my better options?”

We’ll answer that question momentarily – you do have a better option – but, first, understand I now have a heavyweight that is issuing the same stern warnings about public Wi-Fi as I have been. That’s the NSA – aka National Security Agency aka the Puzzle Palace — which now has broken its cover to warn about public Wi-Fi and the risks it poses to us and our employers.

In a recent information sheet, NSA pulls no punches: “Avoid connecting to public Wi-Fi, when possible, as there is an increased risk when using public Wi-Fi networks…. If users choose to connect to public Wi-Fi, they must take precautions. Data sent over public Wi-Fi—especially open public Wi-Fi that does not require a password to access—
is vulnerable to theft or manipulation.”

What that says – put in simple terms – is don’t use public Wi-Fi because whatever data you enter is easy pickins for savvy cyber criminals.

Sure, if you want to grab a baseball score from ESPN, or a stock quote, by all means use public Wi-Fi if that’s easy. It probably doesn’t matter. But if what you want to do is send business email or access files on your company’s server or even research prospects on LinkedIn, the strong advice is don’t use public Wi-Fi.

There are thousands of white papers online documenting how hackers hack public Wi-Fi. For them it is rather straightforward. There even are automated tools to speed up the process for the inexpert hackers.

NSA elaborates: “Accessing public Wi-Fi hotspots may be convenient to catch up on work or check email, but public Wi-Fi is often not configured securely. Using these networks may make users’ data and devices more vulnerable to compromise, as cyber actors employ malicious access points, redirect to malicious websites, inject malicious
proxies, and eavesdrop on network traffic.”

What the NSA is saying is that when you are using public Wi-Fi you are a fish in a transparent fish bowl and the hackers’ eyes are on your every keystroke. The password to your employer’s server – it’s theirs. The login to your email – it’s theirs. The login to your bank account – yep, that’s theirs too.

All because you took what seemed the easy – and free! – access lane onto the Internet Superhighway and that is what public Wi-Fi is for many millions of us.

What if public Wi-Fi truly is your best option? Here’s NSA’s advice: “If connecting to a public Wi-Fi network, NSA strongly advises using a personal or corporate-provided virtual private network (VPN) to encrypt the traffic.”

Not all VPNs are good. Not all are even trustworthy. Choose a VPN cautiously. Here’s a list of recommended providers from TechRadar. Here’s CNET’s list.

Won’t a VPN slow your speed? Probably, at least a little. But that is a price worth paying for the enhanced security a good VPN provides.

Even with a VPN in place NSA’s “don’t’s list” includes these about public Wi-Fi: *Do not enter most sensitive account
passwords on sites/applications. *Avoid accessing personal data (e.g., bank accounts, medical, etc.).

That’s good, cautious advice.

Either way, if you really insist on using public Wi-Fi, do it with a VPN. You don’t have guaranteed safety. But you are pretty secure.

Personally, however, I still prefer to use my cellphone to create a hotspot that I connect an iPad or laptop to. The security is quite good.

Alternatively, since I use a Google Pixel phone on Google FI network, an option I have set up is to use a Google VPN when surfing via Wi-Fi. I use that feature often.

This is the reality: safer surfing is yours if you want it.

But with all the cyber criminals out there, just do something to stay safe.