How To Stay Safe on Public WiFi

Is Public WiFi Safe? The Security Risks of Public WiFi

Many public WiFi networks are not designed with security at the forefront. For a coffee shop, providing WiFi is a way to add more value to the customer experience; if you can work in a coffee shop just as efficiently as you can at home, you’re more likely to stick around. If you stick around, you’ll continue to buy (usually overpriced) coffee, and that’s good for business. It’s not that coffee shops, and other companies that operate in public spaces don’t care about security. They don’t want you to be hacked, but they typically don’t have the knowledge to ensure it doesn’t happen. And even when they do have the knowledge, securing the WiFi network is often not a top priority. 

With that in mind, here are some of the common ways public WiFi networks get attacked:

No Password or Encryption

This allows hackers to see all of the traffic on the network, and they don’t even need to be sophisticated hackers to do this. If users on the network are browsing web pages that don’t use HTTPS (SSL/TLS enabled web pages), hackers can access their usernames, passwords, and other sensitive information. How do you tell if the website you’re using has deployed these security protocols? If the URL begins with “https”, or you can see a padlock icon in the address bar, the website is covered. However, you’d be surprised by how few websites have deployed HTTPS. As of 2018, 20% of the world’s largest 502 websites use an insecure connection. 

Spying on “Handshakes”

So, what about public WiFi networks that do use passwords and encryption? Are those safe? Most of these networks will use WPA2-PSK encryption – the encryption used on most home WiFi networks. WPA2-PSK is secure in a home environment because you trust the other users on the network. However, in a public WiFi setting, things are a little different. When you enter your password, a “handshake” takes place. This is where information is exchanged between your device and the wireless access point (router). The information exchange contains a variety of generated keys aimed at encrypting traffic. Sounds great, right? The issue is, if a hacker joins the network before you do, they can spy on your handshake and steal your encryption keys. 

Man in the Middle Attacks

Man-in-the-middle attacks are just what they sound like – someone sitting in between your device and the WiFi. Some hackers will set up legitimate-sounding but fake WiFi networks to trick people into joining. When you join, all of your traffic goes straight through their device. 

The vital thing to take away from this section is that you can’t rely on companies to protect your data. There are plenty of ways to stay safe on public WiFi, but they all require you to take action. 

Tips for Staying Safe on Public WiFi

1. Use a VPN

A Virtual Private Network, or VPN, provides an encrypted tunnel for all of your online traffic. But does using a VPN protect you on public WiFi? Yes, absolutely. VPNs essentially act as a bulletproof vest for your online activities; nothing gets in or out. They protect you from hackers trying to spy on your traffic and get access to your usernames, passwords, emails, and more. 

VPNs also have other benefits beyond protecting you from hackers. They are also a robust privacy tool, masking your IP address, location, and search history. Essentially, they block Internet Service Providers (ISPs) and websites from tracking your activity as you browse the web. If you’re the kind of person who thinks it’s none of Google’s business whether you want to spend 4 hours looking at cat memes, then a VPN is the answer. VPNs also allow you to access region-blocked services like Netflix and can speed up your internet connection by circumventing bandwidth throttling. 

If you follow none of the other advice on this list, you should pay attention to this one and get a VPN. There’s no other single action you can take that has as much of an impact as getting a VPN. 

2. Protect Your Device

It’s a good idea to protect your device with anti-virus and anti-malware software. When you use public WiFi, your machine is vulnerable to hackers who may try to inject viruses or malware onto it. Some viruses are immediately obvious because they cause digital havoc. They might lock your files or spam your screen with popups. However, some malware is designed to fly under the radar, passively collecting your data and sending it to an attacker-controlled server. The best way to ensure you always catch a virus because it can harm your device or steal your sensitive data is to install robust anti-virus software. 

The good news is you don’t need to pay a lot of money to get good protection against malicious software. If your laptop runs Windows 8 or Windows 10, it comes with Security Defender pre-installed. Security Defender is Microsoft’s replacement to MS Security Essentials and is an excellent first line of defense. It comes with anti-virus and anti-spyware features. 

MacBooks typically have more protection from cyber-attacks for a variety of reasons. Firstly, fewer viruses are designed to target Macs because they’re less popular than Windows devices. Hackers want to get viruses onto as many machines as possible, making Windows devices a more attractive target. Secondly, Macs tend to be much more locked down. For example, you have to submit your password every time you download an application and give express permission for any external app looking to make changes to your computer. And with the latest OS (Big Sur), you have to use workarounds if you want to download an app not on the App Store. 

However, it’s still a good idea to install your own anti-virus software for more comprehensive protection. There are decent free and paid options on the market. As you might expect, the free options will cover all of the basics, but the paid options provide a more comprehensive cover against unusual attacks. Which one is right for you will depend on what data you keep on your device and what type of online activities you take part in. 

3. Verify the Name of the Network

The best way to avoid falling victim to a Man-in-the-middle attack is to verify the name of the network you want to join. Suppose you visit your local Starbucks and see two WiFi networks available. One is called ‘Starbucks WiFi,’ the other is called ‘Starbucks WiFi Official’. Which one do you join? Does it matter? Yes. It’s possible that one of these networks was created by a hacker with the sole purpose of intercepting your web traffic. Instead of picking one at random, verify the correct SSID or name with a staff member. 

4. Keep Your Firewall On

Firewalls protect your system from cyber attackers by shielding your device from unnecessary web traffic. Okay, we get it; firewalls can be annoying. If your firewall is turned off, it’s probably because, at some point, it tried to block you from using a perfectly safe and needed application. With that said, if you’re using public WiFi, it’s a good idea to turn your firewall on. If your firewall can be a bit overzealous and block applications you need to use, then configure it ahead of time to allow these applications. 

5. Only Visit Secured Websites

If you visit a website that isn’t marked “HTTPS,” leave without submitting any login credentials. It’s always worth being extra cautious when on public WiFi. This means only visiting secured websites, not clicking on any unknown links, and not accepting invitations from unknown devices. 

Should I Be Using Public WiFi Networks?

Details of hackers hijacking your machine over public WiFi can sound frightening. WiFi on the go is appealing, but is it worth having your accounts stolen? You might be wondering whether the best approach is to avoid public WiFi altogether. We don’t think so. Public WiFi networks provide immense utility for a world constantly on the go, and you can ensure you’re protected by following the simple steps in this list. Think of the advice on this list as wearing a seatbelt in your car – you might be fine without it, but it’s not worth the risk.