In-Flight WiFi? Not So Safe.

Everyone is used to ubiquitous Internet connectivity. At home, at the office, at the coffee shopand, increasingly, in the sky. In the United States, 66% of flights now have WiFi, and Honeywell Aerospaces landmark survey found that 85% of flyers have used it.

But the question is: should they?

Here is an all-too-real scenario. It should caution your companys users to think twice before jumping online after takeoff.

Lets put ourselves in the role of one of your business users. She sees that a (legitimate) WiFi service is available on the flight. Shes got an important work deadline a few hours after the plane lands. So she signs up for it, provides her credit card info, and shes online a few minutes after the plane takes off. So far, so good.

But a malicious hacker has bought a ticket for the same flight. This hacker is sitting two rows behind her and has two routers on his laptop: one to log onto the legitimate in-flight WiFi network, and one to spoof that network. The hacker easily sniffs through the network traffic to see whos onboard. He focuses on your user and sends a disassociate packet to her laptop, forcing it to disconnect so that she needs to re-authenticate to get back onto the network.

But because the hacker has set up another access point with the same name as the legitimate WiFi network, this time your user logs onto the wrong network. The hacker intercepts her credentials. All her traffic going to and from the Internet passes through the hackers machine. And the hacker can now collect any usernames, passwords or other sensitive data sent over the network.

Since your user would be connected to the Internet, she would have no reason to suspect that shes in trouble. But she isand so is your company. The hacker now has her username and password to your companys network, and hes busy seeking valuable data like customer payment information or personal info such as social security numbers.

So is on-flight WiFi ever safe to use? Yes… when your users have access to a virtual private network (VPN). When the hacker tries to monitor your users traffic, all connections will be encrypted.

A VPN leverages the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols, such as the Layer Two Tunneling Protocol (L2TP). These protocols encrypt data as its sent and decrypt it when its received. This creates a tunnel that cannot be accessed by data that hasnt been encrypted.

VPNs used to be expensive, complex, difficult to manageand, essentially, only suitable for enterprises. But recently a host of business-appropriate software-only VPN solutions has come onto the market. Theyre relatively easy to configure and deploy, and are quite reasonably priced (some are even free). Logmein Hamachi and Comodo Unite are both good solutions to consider.

Stress to your users this six-step procedure for safe, remote VPN use:

1. Make sure they arent signed into any accountsincluding email, chat, Outlook, and any other communications applications
2. Clear all cookies
3. Shut down everything on their devices before they board the plane
4. Once onboard, sign onto the in-flight WiFi, making sure that only one page is displayed in their browsers
5. Sign into the VPN
6. Commence work as usual

The takeaway from all this? Give your users access to a VPN when logging in remotely. And make sure to educate them so that they are safe from hackers, even when traveling at 600 miles per hour, 30,000 feet above the planet.

Read more on the latest security trends that affect your organization.