Connecting to a public WiFi network can put you at risk. Here's how to stay safe.
Accessing the internet from your home WiFi generally isn't a problem, assuming you've taken the time to change your router's default password. It's secure, easy to connect to, and unless several family members are streaming movies at the same time, there generally aren't any slowdowns caused by too many users at the same time. Public WiFi or hotspots found in places like hotels, restaurants, coffee shops, airports, and malls, however, are a different story altogether. While it may seem harmless to connect to a public connection to check social media, read emails, check your account balance, these things can put your sensitive information at risk.
The big problem with public WiFi is that there are so many risks involved. Business owners and consumers believe that a great service is being done by offering free WiFi. But in many cases, the security on these networks have holes or don't exist at all. These connections are far less secure because you don't know who set it up, who else is connecting to it, or what activities are being done on the network that might put you at risk.
Encryption is the best way to make sure that only those with permission can access data. It essentially translates data into a secret code that can only be read by those with the key to decrypt it. Without encryption, anything you transmit online from your passwords to your billing details and everything in between is easily obtainable in plain, readable text. When a router is purchased, by default, encryption is turned off. When using a public WiFi connection, it's certainly possible that someone turned encryption on, but if someone with little IT knowledge plugged in the router, there's no guarantee that they took this step.
Man in the Middle Attacks
Man in the Middle (MitM) attacks are one of the most common threats on public WiFi connections. Essentially it is a form of eavesdropping. Each time you visit a website or perform any action on a website, your data is sent from your computer to a server to complete the action, then data is sent back to you to complete your request. When a Man in the Middle attack occurs, an attacker places himself in the middle and can see everything that you're doing and everything that the servers your computer is communicating with, sends back to you. This information can include anything from your social media news feeds, your passwords, any work that you're completing, bank account information, and more.
Because of vulnerabilities in many software programs and operating systems, attackers can slip malware onto your computer without you even knowing. Typically when a weakness is found, software manufacturers work to release a patch or an update to correct the weakness. However, if you're like most people, you likely aren't installing the update right away. This leaves you open to attacks, and even worse, when the software manufacturer made the weakness's patch available for download, it also provided attackers with a clear roadmap of how to conduct an attack on those who haven't yet updated. Attackers exploit weaknesses by writing code to target these vulnerabilities on the operating system and software programs that you use, then inject the malware onto your device.
Criminals set up hotspots in popular areas using names that are similar to those that you might expect to see. For example, you may be shopping at the Smithton Mall and find an unsecured WiFi connection called Smithton Mall Free Access and another called Smithton Mall. One of these may be set up by the mall, but the other is a rogue hotspot set up by cybercriminals who can now see everything you do online while connected to their network.
Clean up your browser and prevent future scams
How can I stay safe on public WiFi?
While it may not be realistic to avoid all public WiFi connections, always keep in mind that there is an element of risk to your information when doing so. Here are some things that you can do to minimize those risks:
Use Your Phone's Mobile Data or Hotspot Feature
If you need to check something quickly, consider doing so from your phone using its mobile data. This eliminates the need to connect to a WiFi connection that could put your information at risk. If you need to use a computer in public, see if your phone offers a hotspot or mobile WiFi setting. Many phones and phone providers already offer this feature at no additional cost, while others offer this as a low-cost add on to your phone plan. Using this setting, instead of connecting to someone else's WiFi connection, you can use your computer to connect to the internet by way of your phone.
Use WiFi Networks Hosted By Trusted Companies
While no public WiFi network is entirely secure, those hosted by well-known and trusted companies are most likely to be up to date on network security. Companies like Starbucks benefit from providing secure WiFi because by providing it, they make money from patrons drinking coffee. WiFi connections that pop up at random and aren't attached to a well-known company are less likely to offer adequate security--after all, what do they have to gain from your access to their network?
Ask What Security is in Place
Whenever possible, ask questions about the connection you're about to use. While not each barista at the coffee shop will know the answer, they should be able to question the manager for that information. If no security or very lax security exists or if they tell you that they don't know about their security, consider waiting to access the internet when a trusted network is available.
Don't Connect to a Network that Isn't Password Protected
A legitimate connection will require that you enter a password provided by the organization offering the connection or that you visit an authorization page immediately after connecting to verify who you are and agree to their terms of service. Ensure that this page aligns with the organization offering the WiFi connection.
Don't Give Away Too Many Details
When using a public WiFi connection, do so with the assumption that any actions you take can potentially be seen by someone else. This means that you should avoid situations where you'll be asked to enter your password, access your banking or other financial details, and any accounts where your personal information may be displayed or transmitted.
Use Browser Protection and Account Monitoring
Products like Guardio offer live browser protection to alert you when a website you're accessing is malicious when your browsing session has been hijacked. This can save you from the horrendous implications of an account breach caused by attackers. Account monitoring services alert you of instances where your accounts have been involved in a data breach so that you can quickly take action to minimize the effects.
Keep Your Device and Software Up To Date
Each time a vulnerability is found within your operating system or any software that you use, the manufacturer will work to patch the vulnerability. They apply these patches to keep you safe by requesting that you apply the update that they've provided. It is important to complete these updates without delay because from the moment the update is released. Attackers can easily see what security vulnerability they've patched and easily attack anyone who has not yet completed the update.