Public wi-fi networks:
Know the risks and stay safe
We've long since reached the point where we expect a public wi-fi network to be available freely almost everywhere. We squeeze bits of work projects between flights at the airport. We scroll through our social media over a latte and bagel at the coffee shop. We catch up on breaking news while the mechanic changes our oil. We order flowers for Mother's Day while waiting to be called back for our twice-yearly checkup in the dentist's lobby.
The high cost of convenience
It's a convenience we take for granted. We decide which hotels we'll stay at based on whether or not they offer wi-fi. We hop onto available networks so we can use our map applications to navigate. We use public networks to preserve what's left on our monthly data plan. We seldom pause to consider (at least not for long) the risks associated with so much free connectivity right at our fingertips.
A 2017 wi-fi risk report surveyed more than 15,000 mobile device users about their use of public wi-fi. The results are hair-raising:
- Six in 10 feel their personal information is safe when they're on public wi-fi.
- More than half don't know how to determine if a public wi-fi source is secure or not.
- Nearly three-quarters don't know how to tell if their app information is transmitting securely over wi-fi.
- 75% don't secure their connection with a Virtual Private Network (VPN).
- But a whopping 87% say they've used public wi-fi to access personal email, bank accounts or financial information.
Public wi-fi networks don't necessarily receive the attention to security detail that businesses and other organizations pay to their internal operations networks. Older standards of encryption-Wireless Encryption Protocol (WEP) and its successor, Wi-Fi Protected Access (WPA)-are easily exploited by attackers, who can use tools found online to muscle their way past the weak encryption keys of those outdated protocols. But a major vulnerability of even the current strongest encryption standard, WPA2, was discovered in late 2017.
Another more brazen route that would-be information thieves might take is to set up rogue wi-fi hotspots that look like legitimate public networks. It might be a public network with a name like "Free Wi-Fi" that draws victims like moths to the flame of free internet service.
The rogue network can also pretend to be the wi-fi network at your neighborhood coffeehouse, or even your own home network. Any way you slice it, you are vulnerable to attackers. They can infect your device with malicious software (the public wi-fi at a Starbucks in Buenos Aires hijacked the processing power of connected systems to mine cryptocurrency, for instance) or watch your online traffic to scoop up the information you most want to keep private, like login credentials and credit card numbers (a "man-in-the-middle" attack).
The surest way not to fall prey to public wi-fi risks is simply not to use public wi-fi. So what steps can you take to protect yourself and your information if you can't spring for an unlimited data plan?
- Most importantly, DO NOT ENGAGE IN SENSITIVE WEB BROWSING OR MOBILE APP USAGE such as checking your bank account balances or paying for online shopping with credit or debit cards.
- Turn off auto-connectivity in your wireless settings. That will keep your mobile device from broadcasting that it's trying to connect to a network and tipping off attackers who hope to snare you with a rogue hotspot.
- Keep browser and security software updated, and don't ignore browser alerts about suspicious security certificates.
- Use a VPN provider to stay secure and anonymous online when you're on public wi-fi. Pay for a good one from a reputable security provider. If you don't know where to start looking, C|Net lists their highest-ranked choices at https://www.cnet.com/news/best-vpn-services-2016-directory/, including NordVPN, ExpressVPN and TorGuard, among others.
- If your company offers VPN access, use it to add greater security when you need a public wi-fi connection to work.
- Use two-factor authentication for all sensitive sites such as banks, social media or email.
- Log out when you're finished using an account.
- Only browse websites whose URL begins with HTTPS. Avoid less protected HTTP websites. Check every page of the website as you browse for that HTTPS.
- Force all websites you visit to use a secure protocol with browser extensions like HTTPS-Everywhere, which works with Firefox, Chrome and Opera.
- Invest in a physical privacy screen for your laptop. Hackers don't only use digital means to snoop.
- Treat your mobile devices (smartphones, tablets, and laptops) with the same measure of caution you would with your desktop system.
There is no such thing as a perfectly secure environment. Ever-increasing computing power keeps pushing the limits of encryption. Using public wi-fi opens you up wide to a possible security breach. When you absolutely, positively have to tap a public network, awareness, good sense and vigilance are your best tools for staying safe.