11/24/2014 04:23 EST | Updated 01/24/2015 05:59 EST

Free Wi-Fi not good 'cyber hygiene', says former Homeland Security chief

OTTAWA - Former U.S. Homeland Security chief Michael Chertoff has a handful of golden rules for what he calls good Internet hygiene. And the first is simple: don't use the free Wi-Fi.

The data that people send across the Wi-Fi connections in hotels, coffee shops, or airport lounges is easily captured by others, including criminals or business competitors, he says.

Chertoff's other advice: make your passwords more secure; be careful using those handy thumb drives; don't open email from people you weren't expecting to hear from; and think twice about bringing your regular tablet or mobile device with you to a foreign country where you'll be using the Internet.

Chertoff offers high-level versions of that advice through the company he's been running since his term ended in 2009 at Homeland Security — the department created after the 9-11 attacks to prevent a repeat terrorist attack on the U.S.

Chertoff is in Ottawa this week as part of an international commission studying the future of the Internet.

The Global Commission on Internet Governance is holding two days of meetings and has as its members some notable international figures such as Chertoff. The commission is led by former Swedish prime minister and foreign minister Carl Bildt.

The commission was formed two years ago by two think tanks: the Waterloo, Ont.-based Centre for International Governance Innovation (CIGI) and Britain's Chatham House.

A joint poll by CIGI and Ipsos-Reid released Monday found a high level of angst among people in two dozen countries, including Canada, about the threat of hackers getting into their personal bank accounts.

The survey of 23,000 Internet users found that 78 per cent of respondents were worried about the risk of financial hacking.

About 77 per cent were concerned about theft of their personal messages or photos, while another 74 per cent worried about information being taken from them for commercial purposes and then being sold without their consent.

In an interview with The Canadian Press on Monday, Chertoff said he isn't surprised that people worry about financial fraud.

"All of us have an obligation to be a little bit careful with what we call our cyber hygiene," said Chertoff, who led the Homeland Security efforts that, in part, involved poring over massive quantities of intelligence data in order to discover and disrupt possible terrorist attacks.

So how does Chertoff practice good cyber hygiene? He offered these tips:

1. Don't use free Wi-Fi: "In the really old days, before I was born, they had party lines on the telephone. If you talked over the party line, you ran the risk that other people were going to listen in. Wi-Fi in many cases is like a party line," Chertoff explains. "If someone says, this is free, I say what am I paying with? Usually I'm paying with data and I have to make a judgment about whether I want to pay with data. Sometimes it's worth it, sometimes it's not."

2. Use sophisticated passwords: "My password is not spelled P-A-S-S-W-O-R-D. I use different levels of password for different security. I'm careful about the amount of personal data I put on the Internet." That means limiting what you share with people on the Internet — names of pets, children, birthdays, favourite movies and the like, which hackers use to research their targets. "I don't use passwords that are based upon things that are knowable, if you know my history."

3. Don't use an unfamiliar thumb drive on your mobile devices.

4. Don't open email from people you don't know and whatever you do, don't click attachments.

5. If you are travelling to say, Russia or China, don't bring your regular phone, tablet or laptop. If you connect to the Internet in a foreign locale, everything on your hard drive is fair game. "You're not going to keep from being spied on. You're going to be going over a network that is a Chinese network," says Chertoff. "I've been to China. I'm careful about the data that I carry and transmit."