The Dangers of Public Wi-Fi

Do you use the free wi-fi at coffee shops, restaurants, airports or hotels to catch up on work? One of the perks of remote and hybrid work is that one can log in from anywhere. But, while free public wi-fi is convenient, it can pose serious security and privacy risks.

Why is Public Wi-Fi Risky?

At the office, your IT professional has control over your network and should have a solid, multi-layered cybersecurity strategy in place. At home, there are basic steps you can take to secure your network, like the ones recommend by the Federal Trade Commission here. But on public wi-fi, you have no way of knowing if the network is secure or encrypted.

Many public wi-fi networks are not encrypted, which gives cybercriminals access to any other users connected to the network. Even if the network is encrypted, but using an outdated encryption protocol, it can be easily bypassed. Once on the same unsecured network, they will be able to see all of a user’s online activity and can steal passwords, credit card information and other confidential information. All without the user’s knowledge.

Cybercriminals often employ an attack known as a “man in the middle attack.” In this scenario, a cybercriminal creates a fake hotspot with a name that spoofs the original network’s name. For example, if the free wi-fi network at a coffee shop is named “COFFEESHOP FREE WIFI,” the cybercriminal will create one named “C0FFEESH0P FREE WIFI.” In case you missed it, the two letter Os have been replaced by the numeral 0 (zero). Anyone who doesn’t notice the zeroes might be fooled and connect to the cybercriminal’s hotspot instead of the coffee shop’s network.

Once connected, the connection will relay the user to the internet where they might browse, shop, do some work and check their bank account. Since the cybercriminal is in the middle of this connection, they will be able to intercept all of the transmitted data and keystrokes. This means they can see passwords, credit card numbers and other sensitive information.

If file sharing is enabled on a device connected to unsecured public wi-fi, a cybercriminal would be able to access all of the data and files on that device. They could then steal any of the data they wanted, or they could install malicious software on the device. Worst case scenario, the planted malware could then be distributed to other computers once connected to the user’s company network.

How Can I Stay Protected While Using Public Wi-Fi?

Here are 6 ways you can protect yourself while using a public wi-fi network:

1. Just don’t. If you can, use your own mobile hotspot or your mobile phone as a hotspot instead. Mobile data is encrypted and much safer than using any public wi-fi.
2. Use a VPN: If your employer offers VPN access, make sure you’re connected to VPN to ensure that all data transmitted is securely encrypted. For personal use, there are a plethora of VPN services available, some good, some not so good. Just make sure you do your research before committing to one.
3. Only use websites with https: Websites that start with “https” use an SSL connection and are encrypted to help protect your data. Most browsers show a padlock icon or similar to indicate when you’re securely connected.
4. Don't access sensitive information: If you insist on using public Wi-Fi without any type of encryption, do so on the assumption that potentially anyone can see what you’re doing. Stick to relatively benign browsing, like reading the news or watching videos. Do NOT work on confidential documents, enter passwords or credit card numbers, or access sensitive information.
5. Disable file sharing: Turn off file sharing on your computer to ensure that intruders cannot access or plant anything to your folders.
6. Don’t automatically connect: Make sure your device doesn’t automatically connect to nearby wi-fi networks. Better yet, turn wi-fi off when you’re not actively using it.

We hope the 6 tips above help you feel safer and more confident about using public wi-fi. AllSafe IT’s comprehensive cybersecurity services are designed to identify, assess, and manage cybersecurity risks. We have aligned with the National Institute of Standards and Technology (NIST) framework for the design of our cybersecurity solutions.

‍