Last Updated on February 4, 2019
The Internet is ubiquitous and we take it for granted. Whereas surfing the web via wireless connection at home is typically a secure and congestion-free experience, using public Wi-Fi can be a slippery slope.
Cafes, airports, shopping malls, your local library – the list of places offering free wireless Internet access goes on and on. Being online at all times when outdoors is a handy thing, but there is a major flip side of this whole convenience.
When you connect and browse from a network set up by someone else, you cannot possibly know what’s on their mind. The saying that goes, “There is no such thing as a free lunch” might be appropriate in this context.
These individuals have to pay the bills from their ISP, so perhaps some of them don’t mind getting the bang for their buck by eavesdropping on visitors’ traffic and harvesting PID (personally identifiable data) to sell it further to interested parties, such as advertisers.
To top it off, there are other people on the same Wi-Fi network, and a garden-variety network sniffer can allow them to snoop on your web session. All in all, security is an empty word when you are using these hotspots, even if the login process involves authentication.
Public Wi-Fi security tips
In scenarios where you absolutely have to access these inherently unsafe networks, you can reduce the risk of someone else’s foul play by following a few important recommendations.
The benefits of HTTPS over HTTP are obvious when it comes to user privacy. This protocol ensures encryption of data as it’s bouncing back and forth between your device and the web server. Therefore, if someone is up to spying on your online activity when you are using public Wi-Fi, they won’t intercept any information in intelligible form and so they cannot take advantage of it.
Distinguishing HTTPS sites from HTTP ones is easy. When a web page has a valid SSL certificate, you will see a little green lock next to its URL in the browser.
Last year, Google Chrome took this routine a notch further by clearly labeling HTTP sites “Not Secure”. Sticking with HTTPS is particularly important if you are going to enter some credentials that don’t belong in a remote observer’s hands.
Refrain from accessing sensitive accounts
Leaving it to chance when you are logging into your e-banking account is a no-go, so it’s a really bad idea to do it when connected to intrinsically insecure public Wi-Fi networks. The same holds true for any other personal account that requires login, such as your email, social networks or utility service.
Not only can crooks get hold of the authentication details in this case, but they can also obtain your credit card information, home address, phone number, SSN, and other confidential stuff.
File sharing should be off, period
When using public Wi-Fi, you don’t want to keep the file sharing option enabled. It doesn’t take a rocket scientist to figure out why. If the feature is on, users on the same network may be able to access your valuable information. To add insult to injury, a random ill-minded user can deposit malware onto your laptop or smartphone behind your back.
The methods to disable file sharing vary for different operating systems. For instance, on a PC you need to navigate to the Network and Sharing Center and follow the prompts there. For a Mac computer and iOS device, look for the feature called AirDrop and toggle the sharing off.
Firewall won’t hurt
Even if you aren’t using a commercial Internet security suite equipped with a two-way firewall, you should still be good to go as long as you enable the firewall built into the operating system. The one that goes with Windows 10, for example, is a decent alternative to paid third-party solutions.
Why does this matter in terms of public Wi-Fi security? A firewall stops commonplace hacker attacks in their tracks by automatically blocking all incoming connections you don’t request or the ones that end up on the radar of firewall rules.
VPN is a godsend
The Virtual Private Network (VPN) technology is rapidly gaining traction as one of the most promising and effective ways to keep Internet sessions private. Its fundamental logic boils down to encrypting the data between your device and the sites you visit.
This hallmark, along with the embedded anonymization features involving secure servers, makes it impossible for criminals to retrieve the details of your online activities through man-in-the-middle attacks and other network tapping techniques.
Keep in mind, though, that some free VPN services can be sketchy as they keep logs and may leak the harvested data. So do your homework and read several articles about VPN to make the right choice.
Opt out of automatic connection
Allowing your device to connect to wireless hotspots automatically can be a dodgy approach. This way, the connection will be established on its own whenever you are within the coverage area of open Wi-Fi networks or ones you have previously logged in to.
If you keep this option enabled, you run the risk of accessing rogue networks made specifically to steal users’ personal information or inject malicious code into connected devices.
Auto-reconnect, auto-join – no matter what this feature is called and how handy it may appear, it makes your laptop or mobile gadget a low-hanging fruit. So, consider turning it off in your wireless connection settings and keep it enabled for your home network only.
The bottom line
The rule of thumb is to treat public Wi-Fi as a place where you wouldn’t do anything you wouldn’t do in real life in public. You can read the news or watch videos, but you shouldn’t access any sensitive information there.
The recommendations above aren’t a cure-all, but they at least make you a moving target. In addition, keep your OS and apps up-to-date to avoid exploitation of known security vulnerabilities; use secure browser add-ons like “Disconnect”; and keep your Wi-Fi off when not in use.