Featured Articles
There are over 500 million public WiFi hotspots globally — a figure that continues to grow. It’s no surprise; we all love the convenience of being able to access the internet whenever and wherever we like.
Flicking through work emails? Checking in with the family? Catching up on the news? After restaurant recommendations? Public WiFi can be a lifesaver — and a whopping 59% of us log into personal accounts using these hotspots — but their use can come with a few risks.
So, how do you stay safe when browsing in a coffee shop, airport, shopping centre, hotel, university or other public place? Courtesy of our team of connectivity experts, discover the dangers associated with using public WiFi networks and some top tips for protecting yourself and your data.
What are the security risks when connecting to public WiFi?
On your private home connection, you can choose a password, monitor users and ensure information you send over the internet is encrypted into a code that can’t be snooped on by others. This isn’t true for public WiFi networks. You don’t know who set it up, who else is connected and what measures were taken to secure the network.
Four in 10 of us state that we feel unsafe when using public WiFi. If you’re one of these people, you’re not without justification — it’s estimated that around a quarter of all world’s WiFi hotspots are unsecured. This means they have no encryption or password protection. Some public WiFi hotspots also use WEP (Wired Equivalent Privacy), a protocol that can be easily cracked by novice hackers.
- Man in the middle attacks — Because of the volume of people connected, hackers often spy on unsecured public WiFi hotspots. Information sent between you and the public WiFi router over such networks — personal messages, passwords, photos — can be intercepted by attackers. These are often called ‘man in the middle attacks’ (MiTM); a form of digital eavesdropping, if you like.
- Honeypot WiFi hotspots — As we never cease to say, cybercriminals are always innovating. They can make a connection look reputable by creating a hotspot and naming it something very close to that of a legitimate access point, even personalising login portals — making it easy to intercept users and their valuable data. This is known as a ‘honeypot’ WiFi hotspot. If you access the fake hotspot thinking it is a safe network, you’re effectively handing over any sensitive information to the people that set it up.
- Session hijacking — Logged into your work email, or Facebook account? You’ve created an open session; a devious hacker might steal the cookies that the service uses to recognise who you are, and then pretend to be you.
- Viruses — There’s also the risk of malware installation against your knowledge; all it takes is a small network vulnerability and a cybercriminal with a little bit of technical knowhow.
The consequences of unsecured public WiFi for users can clearly be devastating, including theft of information, money and identity.
How to protect yourself & safe when using public WiFi
Public WiFi can be incredibly useful and we certainly wouldn’t want to advocate avoiding it altogether if you need to use it, but be sure to exercise caution and take steps to secure your data.
Don’t access financial or personal information
A good rule of thumb when using public WiFi networks: always presume it isn’t secure. Don’t access that business-critical intranet, don’t check your personal bank account and don’t be tempted to dip into the password vault. Just to be safe!
Visit secure websites
This one’s good practice in general, let alone when using public WiFi hotspots. Keep your eyes peeled for ‘https’ in the website address (https://), as opposed to ‘http’ (http://). Secure websites are also often indicated by a closed padlock icon next to the address — unsecure websites often have an open padlock.
Why? Well, http websites use plaintext for all responses and requests. This means anything sent between your browser and the server isn’t encrypted, and can be read and deciphered easily by those on the same WiFi network.
Https websites, on the other hand, use transport layer security (TLS) or secure sockets layer (SSL) to create an encrypted connection. Instead of text, any would-be cyber criminal attempting to intercept the data between your browser and the server will see a set of random characters.
However, still have your wits about you, even when visiting https websites. Many hackers know that people tend to trust them implicitly, and sometimes you can be directed to an unencrypted page from an encrypted one. Make sure your entire session is secure.
Additionally, look out for any warnings whilst you’re browsing. Thankfully, web browsers are increasingly useful for alerting us to dodgy websites.
Stick only to established public WiFi networks
Do you recognise the name of the hotspot? Let’s say you’re visiting a popular coffee shop chain. Connecting to ‘Starbucks Public WiFi’ is probably a safe bet. If you’re unsure, ask a member of staff.
A little bit of common sense and discretion can pay off. If you’re connecting to a network whose owner is an established, known quantity, it’s less likely (although not impossible) that they’re using their WiFi hotspot to steal your data, but are rather providing it as an added-value service.
By the same token, avoid those random networks that may appear in public places where any passerby can connect, or are operated by some unknown third party. What is the benefit to them of having users connect? Similarly, if you’re not comfortable, don’t give away too much information when accessing a public WiFi network; some can ask for phone numbers, addresses, emails and more.
Most devices have settings that stop you joining recognised WiFi networks. This can provide a nice added layer of security and control. A good rule: stick to as few public WiFi spots as possible. This ties into the next point.
Use mobile data instead
Unlike some public WiFi networks, mobile data — the connectivity provided by your mobile network provider — is almost always encrypted, and therefore much safer. If you’re using a laptop or tablet, you can use your mobile phone to create a personal WiFi hotspot which you can connect to with your laptop computer, rather than jumping on a potentially insecure public connection.
Consider a VPN
VPN stands for virtual private network. There are many VPN apps and clients that you can install on your smartphone, laptop or tablet that will encrypt data travelling to and from your device, making it hard for snoopers or network operators to see your data. Essentially, a ‘private tunnel’ for everything passing through the network.
This might sound a bit over the top, but once you’re used to using a VPN client, they’re really straightforward and can be particularly useful for those who frequently travel and access sensitive data. We’d recommend investing in a paid VPN; in free versions, the risk is that you are the product being marketed!
Our team of tech experts are always on hand to help and advise if you’re considering a VPN.
Don’t recycle passwords
As well as being good advice in general, make sure you have unique passwords for each of your online accounts. If your data is compromised over a public WiFi network, hackers won’t have access to all your other accounts. We’ve actually written a blog about password management top tips and best practice!
Update and protect your devices
Developers often release patches against security issues, so make sure all of your device’s operating systems and any apps you use have the latest versions installed. Again, this is more tech ‘best practice’ that has the added benefit of helping to protect you against the malignancy of unsecured WiFi networks.
Whether you’re a home user or business, our IT experts are always on hand to help you level up your anti-malware and cybersecurity strategy.
Avoid staying permanently logged in
Another convenience, but one that puts your data at risk when joining public networks, is staying logged in on your personal accounts. Untick the ‘remember this login’ button, or be absolutely sure to log out when you’re finished. This can help to guard against session hijacking.
Turn off file sharing
Is your device configured to allow sharing of files? This is usually pretty simple to turn off — search your settings or control panel for ‘sharing’, or ‘file sharing’. Disabling this stops hackers finding unguarded folders and their contents, as well as preventing them planting infected software on your laptop, tablet or phone.
We Are Your IT: supercharging connectivity for homes and business
If you can help it, we’d always recommend limiting your use of public WiFi networks where possible, particularly when handling sensitive information. But no one can deny their usefulness and practicality at times.
Got a few questions? For anything WiFi, connectivity or IT-related, our team of experts are only a message away.
We have four brands covering every IT requirement — IT4Home for home users; IT4Business for startups and SMEs; We Are Your IT for large organisations and WiFi4Leisure for leisure businesses.