Attorney General Gansler Advises Consumers to Protect Personal Information on Wireless Networks
MD ( Jan. 27, 2011) - In recognition of Data Privacy Day on January 28, 2011, Attorney General Douglas F. Gansler is advising Maryland consumers who use wireless networks to protect their personal information by using only secure networks. When using the Internet on an unencrypted or unsecured network, consumers risk having their information visible to others using the same network – whether the other party is authorized to use the network by the network owner or an unauthorized user.
The vulnerability of personal information on unsecured networks was illustrated in May 2010 when Google announced that it had been collecting unencrypted payload data over wireless networks. Payload data can include user e-mails, passwords and browsing activity. Google's Street View vehicles photographed homes, buildings, streets and other landmarks, but were also equipped to capture payload data that was being transmitted over unencrypted networks as they were driving through neighborhoods.
“Marylanders need to take Internet security seriously as identity theft rates continue to rise,” said Attorney General Gansler. “Encrypting your network, and being careful when using a public network, is an important step toward identity theft prevention.”
OnGuard Online, a consortium of federal government agencies and technology industry experts, recommends the following precautionary steps for additional wireless security and to ensure safe web browsing.
- Use anti-virus and anti-spyware software, and a firewall. Install reputable anti-virus and anti-spyware software, keep them up-to-date, and check to ensure that your firewall is turned on.
- Turn off identifier broadcasting. Most wireless routers broadcast a signal to any device in the vicinity announcing their presence. You do not need to broadcast this information if the person using the network already knows it is there. Disable the identifier broadcasting mechanism if your wireless router allows it. If you are unsure of how to do this, check your user's manual.
- Change the identifier on your router from the default. The identifier (SSID) for your router is likely to be a standard, default ID assigned by the manufacturer to all hardware of that model. Change your identifier to something only you know, and remember to configure the same unique ID into your wireless router and your computer so they can communicate.
- Change your router's pre-set password for administration. The manufacturer assigned the router a standard default password. Those default passwords are available to anyone, including hackers, so change it to something only you know. When choosing a password, make sure to choose one of sufficient length and complexity to prevent it from being cracked.
- Turn off your wireless network when you know you will not be using it. If you turn the router off when you're not using it, you limit the amount of time that it is susceptible to a hacker.
- Do not assume public “hot spots” are secure. Café, hotel and airport “hot spots” may be convenient, but they are not secure, and neither is any of your personal information. You should assume that other people can see anything you see or send over a public wireless network.
- Try to use WPA encryption rather than WEP. Two main types of encryption are available: Wi-Fi Protection Access (WPA) and Wired Equivalent Privacy (WEP). WPA2 is strongest; use it if you have a choice. It should protect you against most hackers. Some older routers may only use WEP, which is better than no encryption.
Hacking into insecure networks is not a new issue. In 2009, TJX Companies, Inc (TJX) entered into a settlement with the Consumer Protection Division due to a breach that led to the theft of consumer credit card data from 100 million credit card transactions. The breach occurred while TJX transmitted data over an unencrypted network. TJX stores include TJ Maxx, HomeGoods, A.J. Wright, and Marshalls.
Data Privacy Day, internationally recognized on January 28, brings necessary awareness to an individual's need to protect his or her most sensitive and personal data. For more information on securing your wireless network, visit www.onguardonline.com.
For more information on identity theft, Marylanders may visit the Identity Theft Unit's website at http://www.oag.state.md.us/idtheft/ or call 410-576-6491. In addition, the Office of Attorney General's guide to identity theft, “Identity Theft: What to Do if it Happens to You,” is available at http://www.oag.state.md.us/idtheft/idtheft3.pdf.