It’s another regular day; you’re at your favorite cafe, sipping on a latte and scrolling through Instagram. Instead of using your hotspot, you’re connected to the cafe’s Wi-Fi – after all, why waste your precious data when there’s a free network available? What you don’t know is that a malicious hacker is using the open network to sniff out your login credentials and take over your account.
Studying at a cafe, working in a hotel, or passing time at the airport – public Wi-Fi gives free access to the internet to everyone and anyone, including malicious hackers. Threat actors on the same public Wi-Fi can intercept your online activities, steal your personal data, and even take over your financial accounts.
With the reliance on the internet increasing, public Wi-Fi is now accessible in nearly every location. From cafes to public libraries and airports, public Wi-Fi is convenient and easy to access, making it a digital playground for cybercriminals.
So what can you do to protect yourself and your devices? Keep reading to learn more about public Wi-Fi dangers and how to use public Wi-Fi safely.
How to use public Wi-Fi securely
Generally speaking, the safest way to use public Wi-Fi is to not use it at all. Public Wi-Fi is not always safe, and you shouldn’t take risks when it comes to your personal data, but it’s not always possible. One way or another, you end up in a situation where you need internet access and a secure private network is unavailable.
Here’s what you can do to secure your connection while on public Wi-Fi.
Ensure you’re connected to a legitimate public Wi-Fi
Blindly connecting to open networks is a recipe for disaster. Always take a moment to verify the public Wi-Fi you’re about to join.
Imagine this: you’re at a library, and you’re about to join Library Wi-Fi, but then you see another network with the name Free Library Wi-Fi. One of these networks is posing as a legitimate network belonging to the public library. Do you know which one?
Your best bet is to ask the staff the name of the network. It might take a bit longer, but you’ll be sure your connection is secure. Never trade security for convenience.
Avoid sensitive transactions
As long as the website you’re visiting uses HTTPS, your data should be encrypted; however, hackers with more sophisticated software can still intercept it. What’s more, public Wi-Fi security tends to be lackluster, giving malicious actors easy access to your device.
Therefore, you should avoid using public Wi-Fi for anything that requires you to enter sensitive information, such as banking and online shopping. Examples of sensitive information include your first and last name, home address, phone number, email address, payment information, and login details.
If you must deal with sensitive information, use your mobile network or wait until you return home to complete your online transactions.
Don’t share your personal information
More often than not, you will be prompted to provide your email or phone number to gain access to a public Wi-Fi network. This is usually harmless but may be used by the network operator to send you targeted ads.
However, the real danger lies in data harvesting. If the public Wi-Fi is compromised, your personal information may be harvested and sold to third parties. It’s up to you to decide if it’s worth the risk.
Data has become the most valuable commodity – don’t part with it so easily.
Keep software updated
Software updates are not just bug fixes that improve performance; they often include critical security updates and patches. They ensure that cybercriminals can’t exploit vulnerabilities in the current version of the program to steal your data or take over your device.
This applies to everything – from your browser to your operating system to your device. So, make sure that the programs you use on a daily basis are updated. The best way to ensure you receive critical updates is to enable automatic updates in settings.
Also, make sure you always download and install the latest updates on a secure and trusted network.
Disable sharing
File sharing allows you to share files and folders with people on the same network. This poses a risk when you’re connected to a public Wi-Fi with people you don’t know, as you could accidentally give them access to your sensitive files.
On Windows, go to Settings and select Network & Internet. Scroll down to Advanced network settings, where you’ll find Advanced sharing settings. Locate Public networks and toggle off file sharing.
On macOS, go to System Settings and select General. Click Sharing and toggle File Sharing off.
Stick to HTTPS websites
The HTTPS protocol uses SSL certificates to encrypt data sent between a browser and a website.
10 years ago, only around 30% of websites used encryption to secure data, which made using public Wi-Fi highly risky. In 2024, more than 80% of websites use HTTPS to secure the data sent between the user and their websites, making it somewhat safe to use public Wi-Fi.
Here are the markers you can check to determine whether the website you’re visiting is encrypted:
- The URL starts with https://.
- Safari and other reliable browsers use a padlock symbol to show that the website uses HTTPS.
- Google Chrome has moved away from the padlock to a security status symbol. You can click it to learn more about the encryption and the website. This is what a secure website looks like on Chrome.
- Your browser will notify you if you visit a website that is not encrypted.
Forget the network after use
Forget the public Wi-Fi once you’re done browsing to prevent automatic reconnections if you’re in the same area.
If you use public Wi-Fi on a regular basis, I suggest enabling Ask to join networks to ensure you don’t automatically join an unsecured network.
Use two-factor authentication
Two-factor authentication (2FA) is one of the easiest ways to add an additional layer of security to your online accounts. It prevents malicious actors from accessing your accounts with one point of identification, such as your login credentials, which they cracked via an unsecured network.
Enable firewall
The primary purpose of a firewall is to protect your network from malicious actors – it should always be enabled, especially on unsecured networks. Most major operating systems, such as Windows and macOS, have a built-in firewall that’s always enabled; however, I recommend double-checking your security measures before connecting to a public Wi-Fi.
Use a VPN
If you regularly use public Wi-Fi, I suggest investing in a reliable VPN. You can purchase a VPN subscription, such as NordVPN, or, if you’re more tech-savvy, set one up yourself.
A virtual private network (VPN) encrypts your internet traffic and makes it impossible to read without an encryption key. This means that even if a malicious actor somehow gains access to your data, they won’t be able to do anything with it, as it will be unreadable to them.
Simply put, a VPN makes it much more difficult for malicious actors to intercept your online activities, but not impossible. Practicing cyber hygiene is just as important as having the right tools to protect your online activities.
Risks of using public Wi-Fi
There are many ways a malicious actor can exploit public Wi-Fi to gain access to your device. Some of the most common methods include man-in-the-middle attacks, evil twin attacks, packet sniffing, DNS poisoning, and more.
The severity of such attacks can range from simple spying to hijacking your Instagram profile to emptying your bank account, so it’s important to understand these risks and stay vigilant.
Man-in-the-middle attacks
A man-in-the-middle attack happens when a malicious actor intercepts communications between two parties. This allows the attacker to snoop on what you’re doing online, scrape your sensitive data, collect login details, and even redirect you to fake websites. Examples of man-in-the-middle attacks include evil twin and DNS poisoning.
Evil twin attacks
An evil twin attack happens when a malicious actor sets up their own Wi-Fi and poses as a legitimate public Wi-Fi, such as Starbucks at a Starbucks cafe, Guest at a hotel, or simply Free Wi-Fi in any public location. It allows the malicious actor to spy on your online activities and even scrape personal information.
Don’t underestimate the lengths cybercriminals will go to steal your data. In Australia, a man set up free Wi-Fi in an airport, posing as a trusted airport Wi-Fi, and required users to log into one of their social media accounts to gain access to the network. This allowed the hacker to get their login details and hijack their accounts. It was especially dangerous to users who reuse passwords, putting all their accounts at risk when one was compromised.
DNS poisoning
DNS poisoning, also known as DNS spoofing, works by poisoning the local DNS cache and making the user connect to the wrong IP address when accessing a website. This allows the attacker to redirect you to fraudulent websites that look like the legitimate ones you’re trying to access. If you enter login details to the fraudulent website, the attacker will gain access to your sensitive information.
Packet sniffing
When you use the internet, you send and receive data packets. If you’re using an unsecured network, such as public Wi-Fi, these packets may be unencrypted, giving malicious actors the perfect opportunity to try to intercept them.
Packet sniffing is a legitimate practice done by IT for network troubleshooting, but it can also be used for malicious purposes. Hackers with packet sniffing software can extract sensitive information and use it for their own gain.
Final thoughts
With the widespread use of HTTPS, public Wi-Fi has become relatively safe to use for browsing. Anything that requires login details and other sensitive information should be reserved for a secure private network, such as your home Wi-Fi or mobile data.
Next time you’re considering connecting to a public Wi-Fi, ask yourself – do you really need it? Is it worth risking your security for a few minutes of doomscrolling? And if the matter is urgent, perhaps you require a truly secure network and should use your mobile data instead?
My best piece of advice is to plan ahead. Consider downloading movies, TV shows, and music for offline entertainment, read a book instead of scrolling, and if you’re on vacation abroad, purchase a local SIM with mobile data so you don’t have to rely on public Wi-Fi. If you have to rely on public Wi-Fi frequently, consider the benefits of VPNs that encrypt your data.
To sum up, we simply don’t know which public Wi-Fi is compromised. That’s why you should assume that none of them are secure and take all of the necessary precautions listed above to secure your online activities.
Your email address will not be published. Required fields are markedmarked