Why Using a Shared Computer Can Be Unsafe

25 September 2015

There are often huge risks for your personal, business data and login information when you access it from shared computers such as public libraries, internet cafes or other shared facilities like computer labs at school, university or even work.

Risks

These risks emerge from the fact that you have no control of the security of the information on these shared devices. These risks apply even if you are just using the device to login remotely to your personal or work computers/resources.

1. Key logging – the shared computer could be infected with a keylogging virus or an intentionally placed keylogging program which the attacker will return to collect later. Keyloggers record every keystroke entered into the keyboard. For example they could capture you entering www. gmail. com into your web browser and then capture the username and password for your email account. This applies even if the site is secured with a padlock (https://) and certificate because the capture is happening on the operating system not on the network.

2. Updates / Vulnerabilities unpatched – often these shared computers are configured based on a standard ‘image’ which is often months or years out of date. The standard image contains versions of browsers (e.g. Internet Explorer/Firefox), and important software like Adobe Flash, and the Windows operating system which may be extremely out of date. This puts your data at risk because unpatched software means there are security holes in the system which can be used to steal data or more easily infect the device.

3. Anti-malware protection – again, you have no control over the anti-malware protection so there could be viruses or other nasty software ready to steal any login details or information you access while connected.

4. Screen capture – this type of virus records your activity using screenshots or screenvideo which is really like taking a photograph of what is on the screen. If you are accessing sensitive information remotely e.g. corporate files or emails – they could be captured in the form screen captures and the information then used for identity theft or sold on the black market.

5. Eavesdropping – could occurs in a couple of different ways (1) someone nearby could be watching you enter your login details (aka shoulder surfing), or (2) the details could be captured as they are sent across the untrusted network (available to anyone with a laptop and freely available software).

6. Residual information stored on computer (copy paste, page file, configuration information) – even if you avoid all of the above threats, information such as login details and sensitive information may be unintentionally left on the computer’s clipboard or hard drive ready for the next person who uses the computer.

Ways to protect yourself and your data

1. Use your own devices which are secured and managed by your Managed IT provider (which also have 24/7 security monitoring active)

2. Do not connect to untrusted networks or WiFi– instead use your own 4G/3G connection or your own home/business Wi-Fi for sensitive tasks

3. Use 2 factor login where available – both Outlook.com and Gmail.com have 2 factor login options to protect your email. This means when you login you receive a SMS message on your phone which is required to complete the login process. This doesn’t cost the user anything.

4. Do not access sensitive sites and data on shared computers. Sensitive data such as email accounts, banking, credit card payments, remote logins for corporate/office resources, remote desktop connections, basically anything with a username and password should be avoided on shared computers.

5. If you do use a shared computer – as soon as practical, change the password for any accounts you have used (this thwarts any key logging attacks).

We are living in a new age where your personal and business information is more valuable than ever before to attackers who often use it or sell it on the black market. So always think carefully before using shared devices to access personal or business information.

If you would like any more information on IT security, please don’t hesitate to contact us.

Back to article list