October is Cyber-Security Awareness Month! Week 3
We came across this great article from Wired, which always has some really good information on Cyber-security and staying safe on the internet. Public Wifi is something we get a lot of questions about – how do we make sure our Personally Identifiable Information (PII) is secure on public wifi? Read below to make sure you’re protected…
Simple Steps to Protect Yourself on Public Wi-Fi
Connecting to a public Wi-Fi network can put you at risk. Here’s how to minimize the damage.
Accessing the internet isn’t normally a problem when you’re inside the confines of your own home—it’s secure, it’s easy to connect to, and it’s relatively uncongested—unless the whole family is streaming Netflix on five separate devices. When you venture out though, it’s a different story. You can access Wi-Fi in more places than ever, enabling you to keep in touch or catch up with work from wherever you happen to be, but getting online isn’t quite as simple, or as safe, as it is with your home network.
A public Wi-Fi network is inherently less secure than your personal, private one, because you don’t know who set it up, or who else is connecting to it. Ideally, you wouldn’t ever have to use it; better to use your smartphone as a hotspot instead. But for the times that’s not practical or even possible, you can still limit the potential damage from public Wi-Fi with a few simple steps.
Know Who To Trust
This relates to the previous point, but wherever possible stick to well-known networks, like Starbucks. These Wi-Fi networks are likely less suspect because the people and companies operating them are already getting money out of you.
No public Wi-Fi network is absolutely secure—that depends as much on who’s on it with you as who provides it—but in terms of relative safety, known quantities generally beat out that random public Wi-Fi network that pops up on your phone in a shopping mall, or a network operated by a third party that you’ve never heard of. These may well be legit, but if any passerby can hook up for free, what’s the benefit for the people running the network? How are they making money? There’s no hard or fast rule to apply, but using a bit of common sense doesn’t hurt.
If you can, stick to as few public Wi-Fi networks as possible. In a new city, connect to Wi-Fi in a store or coffee shop you’ve used before, for example. The more networks you sign up to, the more likely the chances that you’ll stumble across one that isn’t treating your data and browsing as carefully as it should be.
Stick With HTTPS
As of a couple of weeks ago, Google Chrome lets you know when the site you’re visiting uses an unencrypted HTTP connection rather than an encrypted HTTPS encryption by labeling the former “Not Secure.” Heed that warning, especially on public Wi-Fi. When you browse over HTTPS, people on the same Wi-Fi network as you can’t snoop on the data that travels between you and the server of the website you’re connecting to. Over HTTP? It’s relatively easy for them to watch what you’re doing.
Don’t Give Away Too Much Info
Be very wary of signing up for public Wi-Fi access if you’re getting asked for a bunch of personal details, like your email address or your phone number. If you absolutely have to connect to networks like this, stick to places you trust (see above) and consider using an alternative email address that isn’t your primary one.
Stores and restaurants that do this want to be able to recognize you across multiple Wi-Fi hotspots and tailor their marketing accordingly, so it’s up to you to decide whether the trade-off is worth it for some free internet access.
Again, sign up for as few different public Wi-Fi platforms as you can. Does your phone or cable carrier offer free Wi-Fi hotspots in your current location, for example? If you can get connected through a service that you’re already registered for, then that’s usually preferable to giving up your details to yet another group of companies.
Limit AirDrop and File Sharing
When you’re on a public network around strangers, you’ll want to cut off the features that enable frictionless file sharing on your devices. On a PC, that means going to Network and Sharing Center, then Change advanced sharing settings, then Turn off file and printer sharing. For Macs, go to System Preferences, then Sharing, and unselect everything. Then head to Finder, click on AirDrop, and select Allow me to be discovered by: No One. For iOS, just find AirDrop in the Control Center and turn it off. And voila!. No one nearby can grab your files, or send you one you don’t want.
Check What You’re Signing Up For
We know we’re probably saying this in vain, but read up on the attached terms and conditions before you connect yourself to a public Wi-Fi connection. You might not always understand every word, but you should be able to spot any major red flags, particularly around what kind of data they’re collecting from your session, and what they’re doing with it.
If you find the associated policies really impenetrable, a quick web search should bring up any known issues or problems that other users have been having. Of course there’s nothing inherently evil about terms and conditions—they help protect the Wi-Fi provider too—but don’t just blindly click through on whatever pop-up screens you’re presented with. And if they ask you to install any extra software or browser extensions, back away quickly.
Use a VPN
By far the most effective trick for staying safe on public Wi-Fi is to install a VPN or Virtual Private Network client on your devices. It encrypts data traveling to and from your laptop or phone, and hooks you up to a secure server—essentially making it harder for other people on the network, or whoever is operating the network, to see what you’re doing or grab your details.
We’ve written here about some of the ways to choose a good VPN, as not all VPNs are created equal, and some are downright dodgy. It’s definitely worth paying for a service, as free solutions are more likely to be financed by some suspect marketing or data collection practices that it’s best to steer clear of. Independent review sites like The Wirecutter and That One Privacy Site can help here.
Actually connecting to a VPN is usually straightforward, and once you’ve downloaded the client for your provider of choice, it will take you step-by-step through the process, whether you’re on mobile or the desktop. If you move around a lot, and connect to a lot of different networks, a good VPN is well worth investing in.
In the next few years, as the next-generation WPA3 Wi-Fi security protocol comes online, public Wi-Fi will have more built-in protections. Until then, many security exploits rely on old, outdated software, so make sure you’re running all the latest patches and software updates on your laptop or phone before venturing out. Also, don’t download or install anything new over public Wi-Fi unless you absolutely have to.
And again, best way to avoid running into security problems due to public Wi-Fi is not to use it at all—think about downloading videos and music for offline access before you leave home, for instance, or using your smartphone’s hotspot function instead. If you are going to get connected though, the steps mentioned above should maximize your chances of staying out of trouble.