Because making our daily transactions on the go has become such an easy thing, we often don’t think twice about where we are when we hit submit. Hunched over a laptop at a coffee shop, or scrolling on a smartphone while standing in line, it’s easy to focus on your familiar glowing screen and forget about the dangers that may be lurking outside your vision.
An increasing number of public venues and businesses offer WiFi hotspots as a service to visitors and patrons. In fact, Cisco estimates that the global number of public WiFi hotspots will grow six-fold from 94 million in 2016 to 542 million by 2021. Overall, this is a good thing. Businesses offer free WiFi to provide better customer service, bring more customers in the door, and get those customers to buy more. Customers like free WiFi because it provides connectivity without consuming data, which depending on your cellular plan can be expensive.
Public Hotspots: The Basics and the Dangers
A WiFi network uses a wireless adapter that translates data into a radio signal, which is then decoded by a router to be sent to the internet through a wired Ethernet connection. A hotspot is an area where WiFi access is available. A public WiFi network can be unsecured, meaning anyone can access it, or it can be secured with a required password or users who agree to certain legal terms and/or register for an account before connecting.
But the first thing to understand is that just because a WiFi network requires a password, that doesn’t make it safe. The password simply limits who can use the network. It can help, but it’s not a true security measure. To be completely safe, the WiFi router must encrypt the traffic on the network. But unfortunately, there’s no surefire way to tell whether encryption has been enabled on any given WiFi network.
The risks, however, go well beyond encrypted vs. unencrypted data transfer. Hackers use sniffing devices or man-in-the-middle attack techniques to essentially “eavesdrop” on your transmissions. Then there are malicious or “evil twin” hotspots which are operated by cybercriminals and set up to a legitimate hotspot to trick patrons into connecting to them. And of course, you always need to protect against old-school “shoulder surfing” where a thief tries to get your information by simply looking at your screen.
Before You Connect
Remember that any device—laptop, smartphone, tablet—could be at risk, so be diligent no matter what kind of hardware you’re connecting to a public hotspot. And there are some steps you should take to protect whichever device you do use on WiFi:
- Keep your antivirus/anti-malware software up to date. You should be doing this anyway, not only when connecting to WiFi.
- Turn off automatic connectivity. It’s a convenience feature that may save you a couple clicks, but it could connect you to a network you wouldn’t use or connect you even when you don’t need connectivity at that moment.
- Turn off Bluetooth. Hackers look for open Bluetooth signals to exploit, so it’s best to use it only when in a secured area. File sharing (AirDrop for Mac users) is another capability that’s useful but also falls under the heading of things to turn off before connecting to public WiFi. And while you’re at it, turn off network discovery so your device can’t be seen.
- Use available security tools. There are a number of browser extensions that can help protect your privacy—including ad blockers, tracking blockers, and malicious script protection—and you may want to install them for added defense when using a hotspot.
Choose your WiFi networks wisely. Don’t connect to any wireless access point you don’t recognize. Even when you think you recognize a network, confirm before you connect. Attackers sometimes set up bogus links with names that are similar to a hotel or coffee shop that offers free WiFi. Try to connect to a secured WiFi network whenever possible. If you have a choice of available networks, think “narrow”—for example, rather than hopping on an airport’s network, use the network of a restaurant inside the airport. Pay attention to the WiFi sign-up process. If you’re asked to provide a lot of personal details, like email address and phone number, consider using an alternative email that isn’t your primary address. And under no circumstances should you ever install any extra software or browser extensions as part of a sign-in process. When in doubt, just ask the entity providing the hotspot.
When You’re Connected
Even if you’ve connected to a public hotspot you believe is secure, you should still exercise caution. Don’t log into any accounts that hold financial, credit card, or other sensitive information. Save checking your bank balance and shopping for when you are on a secure network connection. When browsing, make sure the sites you visit use the secure “HTTPS.” You should avoid using apps, as the security levels can vary. Instead, use a trusted browser to visit the website. And speaking of browsers, you may even want to consider using an alternative browser just for WiFi to protect your browsing history and passwords. And, of course, don’t forget to log out from every site when you are done.
Alternatives to Public WiFi
If you absolutely have to access confidential information while you’re on the go, there are options. One is to install a virtual private network (VPN) client, which connects to a secure server and encrypts the data traveling to and from your device. While there are free VPN services available, some can be sketchy so do your research and invest in a reputable VPN service that offers good performance and won’t monitor or log your activity. Another option is to use your mobile phone network. If you invest in an unlimited data plan, you can avoid using public WiFi altogether. Or you can take a hybrid approach, using a hotspot for innocuous browsing and switching to your mobile network for anything that necessitates stronger security.
Only the Paranoid Survive
You’re in your favorite coffee shop or in the privacy of a hotel room. You’re on the trusted sites or apps you visit every day. It’s easy to forget it’s a big bad cyber world out there, and you and your personal data are vulnerable. Don’t let a sense of false security be a cyberattacker’s way in. The minor inconvenience of changing your behavior when on public WiFi is nothing compared to the massive headache of getting hacked.