Discussing the dangers associated with public WiFi is tough. The risks are plentiful, but connecting to free WiFi is as normal as breathing. It’s human nature to indulge in things that aren’t great for us, so the best we can do is ensure we know the risks involved! Just as Lactaid is there for the lactose-intolerant ice cream fanatics, we’re here for all you WiFi fiends (also known as all of us). Internet access is a human right, after all, so the least we can do is teach some basic security precautions.
Public WiFi Security Doesn’t Exist
For starters, you should always operate under the assumption that security measures are lax if you don’t know the specifics. It’s unlikely your barista or bartender set up the router themselves, so they wouldn’t know even if you asked. For municipal hotspots like those provided by your ISP or the city, you know you’re not about to call them up to find out the security settings. Remember: The easier it is for you to connect, the easier it is for hackers to manipulate it.
Man in the Middle Attacks
We mentioned this particular attack vector in our Cybersecurity 101 blog. When anyone can set up an Internet connection without authentication, the most basic hacker can set herself up between you and the server. Then she’s sitting pretty with her latte watching every bit of info everyone else in the cafe sends and receives. Network snooping and sniffing are disturbingly simple man in the middle attacks to pull off on free networks. So if you’re using free WiFi, pretend like your high school principal is staring over your shoulder the entire time, watching and recording everything you do.
WiFi Passwords Do not Equal Secure WiFi
Sure, there might be a padlock symbol next to the WiFi name you’re attempting to use. Did you simply ask for the password or see it posted on a sign? If yes, then it’s pretty much useless. If anyone can ask for and receive the WiFi password, then there’s not much of a point to it.
It’s Not Actually Their Router
Rogue WiFi is a thing. Someone can set up a nearby router and name the network after the restaurant or bar. Even staff may use it without knowing it’s unaffiliated with the location! With hotspots like this, even more attack vectors open up, like distributing malware or tricking you into visiting fake websites where hackers can collect your data.
TLS Isn’t Hack-Proof
You know to use HTTPS websites over HTTP. Secure socket layers provide extra security, true. They scramble data in transmission so man in the middle attackers can’t read it. However, it’s not difficult for a nearby hacker to reroute all HTTPS traffic to the less-secure HTTP counterpart or to send fraudulent certificates. We know you’ve seen this message pop up after clicking a link, and we know you’ve hit “proceed anyway.” If and when you do, just make sure you’re not typing in any desirable information like login credentials or credit card details.
How to Boost Your Security on Free WiFi
No one’s ever 100 percent secure on the Internet—that’s just a fact of life. That said, there are ways to boost your security.
The Quick Fixes
- Turn off auto-connect
Our devices love to save WiFi connections we’ve previously used to automatically connect when we come back. Turn that off so that your devices aren’t hampering your security before you choose to connect.
- Turn off WiFi and sharing when not in use
Switched to your book? Engaging in some doodling? Flip WiFi off first! Only stay connected while you are actively using the Internet. The same goes for sharing permissions. Your laptop may be set to file sharing with colleagues and hardware in the office, but nobody at your coffee shop needs access. Additionally, if sharing settings are open, then it’s simple for hackers to send you malicious files.
Beware the local cafe's free WiFi—or at least be careful what you type while using it. - Don’t share sensitive info
This means everything from credit card numbers to inadvertently sharing personal details on your social media. Online shopping is the best, we know! But save checkout for when you’re on a more secure connection. - Update your browser
Check for browser updates before you start browsing at your local cafe. Patches are there between major updates to patch up any security holes or bugs. It’s all right there in the name! - Use two-factor authentication and strong password
We will repeat this until the day the Internet dies. We’ve written extensively on password security tips, so we’ll direct you there.
The Bigger Moves
- Use a VPN
Consider VPNs the holy grail of WiFi security. Even when on a public network, a VPN creates a personal private network for you so that no one—not even your ISP in some cases—can see your activity. - Use a mobile hotspot
Not a municipal one, like Link or Optimum, which offer free WiFi in NYC. We mean the one hidden in your phone. You decide the encryption level, and when used in tandem with a VPN, you’re in great shape.
Besides the hotspots around in NYC, the city also has free WiFi in underground subway stations. - Firewall! Encryption!
Repeat after us: Encrypt your devices. Laptops are trickier than setting up encryption on your phone, but even if someone does gain access to your device through free WiFi, encryption means that everything is scrambled to them. Keep a firewall enabled at all times, particularly if you’re working remotely with a public hotspot. - Delete old info
Keep older files with sensitive info backed up on external hard drives or a desktop at home—there’s no need to walk around in public with rental applications or tax returns from several years ago in your files. - Install malware protection
We should all have anti-malware software installed on our computers. If you often work from public locations like airports or coffee shops, invest in anti-sniffing software as well!