Publicly available Wi-Fi is convenient and often free, but is it worth using? Having a stable wireless internet connection is essential for working professionals and those that are always on the go. Free Wi-Fi is offered in a wide range of venues and provides a stable connection to those who travel often, work remotely, or those want to check in on their social media. Since there are plenty of opportunities to connect to publicly available Wi-Fi connections it has become increasingly rare to not see people on their mobile and portable devices at hotels, bookstores, coffee shops, restaurants, and even shopping outlets. However, utilizing a public network does not come without its own risks.
In the past, many often scrutinized open Wi-Fi networks where information freely traveled across public airwaves. Is that still true today? What are the dangers that come from using free Wi-Fi? How do you protect yourself and ensure your device and important business data remain safe?
Know the Risks
Many of the risks associated with publicly available Wi-Fi are due to ease of access. Free Wi-Fi networks found in coffee shops, airports, and other public spaces often require their users to type in a publicly displayed password and even create an account for internet access. The same features that make these networks desirable for consumers, make them a profitable target for cybercriminals. These wireless networks often lack most security measures found in professional environments making it easy for the average user to establish a network connection with little or no difficulty. This creates a favorable environment for hackers to exploit users and devices connected to the same network.
A big vulnerability found in publicly accessible Wi-Fi is that cybercriminals could gain access to the wireless access point (WAP) or simply masquerade as one. Instead of directly interacting with the network access points, users are sending information to the hackers. This form of attack is often referred to as a man-in-the-middle (MITM) attack. The attacker can eavesdrop on network traffic from the victim or even launch additional attacks. The cybercriminal could target users with ARP poisoning or IP and DNS spoofing to direct the victim to their own sites designed for credential and information harvesting. If users allow file-sharing across the network, it is easy for hackers to plant malicious software on the victim’s computer. Some experienced hackers even hack the connection point itself, using methods known as cross-site scripting and session hijacking to intercept authentication data and even install malware on devices.
What can you do about it?
The simple truth is when connected to publicly accessible Wi-Fi, users’ devices are vulnerable to anyone who is connected to that same wireless network. However, you do not need to give up completely on using public Wi-Fi, we have provided some methods to keep you and your information as safe as possible while connected to public networks.
- Ensure the website is secure. Before connecting to a website, ensure it is secure before entering any sensitive information. To determine if a website is safe, look for “HTTPS” in the website address and avoid websites with “HTTP”. Popular web browsers like Safari, Chrome, and Edge display a padlock symbol in the address bar when the site is secure. If you do not see the padlock symbol do not proceed in inputting any personal information.
- Use a VPN. The best defense is using a virtual private network (VPN). A VPN creates a secure connection between a device and the internet using an encrypted and secure tunnel connection to the VPN server. This protects users by encrypting traffic from your device so that malicious actors cannot eavesdrop on your encrypted communications. Businesses will often install VPNs on their employees’ devices while working outside the office network to provide encrypted communications with internal business resources.
- Avoid using the same passwords. Whenever possible do not reuse passwords, instead, use a password manager to create and store passwords. There are many options to choose from when selecting a password manager, be sure to select one that you feel comfortable with using so that you are more inclined to use it on a regular basis. By not reusing passwords you are limiting the amount of damage a scammer could cause when obtaining the credentials to one of your accounts. That damage would be limited to that single account, and they would not be able to access all your other accounts.
- Use MFA. Enable and use multi-factor authentication (MFA) wherever possible. Many websites and applications support MFA. MFA requires users to enter their username and password, then wait for a secret code from either an email, SMS message, or an authenticator app. Users will then be required to enter that code to access their accounts.
- Turn off Sharing. When connected to the internet with a public connection, users can turn off sharing from the control panel and are normally asked if they want to share upon connection. If you are connecting to the Wi-Fi for the first time, select the option to decline sharing on this connection.
- Log Off. This is a common mistake many people make when using Free Wi-Fi. Do not only close the browser tab when you are done, instead ensure to log out of the website, or application, then close your browser and disconnect from the network connection. Some browsers save your credentials and session data until you close out of them. When you are done browsing log out and disconnect.
Follow us on Facebook, & LinkedIn or Contact us at 406-646-2102 and get your questions answered.