Using public Wi-Fi can be risky – and security experts such as Europol’s Troels Oerting have even suggested it’s TOO risky, and that we should abandon public Wi-Fi hotspots altogether.
If your computer happens to be filled with trade secrets (or any business data for that matter), that’s probably a good idea – your colleagues will appreciate your waiting until you are somewhere you can connect securely.
Earlier this year, Oerting, the head of Europe’s Europol Cyber Crime division, warned that free hotspots were increasingly used to steal private information from consumers in Europe. Oerting said, “We have seen an increase in the misuse of Wi-Fi in order to steal information, identity or passwords and money from the users who use public or insecure wi-fi connections.”
Frequent travellers might find it cheaper to buy a local SIM card for data – or share a 3G or 4G data connection from a smart device. But if you are travelling somewhere where cellphone reception is poor, these steps will help you get online as safely as possible.
Double-check the network before you use it
The worst thing you can do is assume a Wi-Fi network is legitimate – or run by the establishment you’re in. It might be a decoy deployed by a criminal.
As a general rule, don’t connect to any network called, ‘Free Wi-Fi’ – if they’re advertising that, they may well want you to sign up for a newsletter or endure adverts, even if the hotspot isn’t malicious.
Mark James, ESET Security Specialist, says, “If it’s a public service (coffee shop, McDonalds etc.) check the WiFi name with a member of staff – don’t just connect to the first one you see, it could be there to harvest your information.”
Prepare yourself first - What CAN you do?
If you’re going to use your computer in a risky environment, ensure sharing is switched off – you don’t want unknown attackers having access to your files. On a Mac, you’ll find this under Sharing Preferences. On a PC your homegroup and sharing settings will vary according to your OS. Set all your websites to ‘secure’ before you log on
Most web services will offer the option to enable HTTPS – secure browsing – by default. It’s sensible to ensure that you’ve activated this on services you’re going to use frequently. HTTPS helps ensure that a browser is connecting to what it thinks it is. The Electronic Frontier Foundation offers a plug-in which forces your browser to connect via HTTPS where possible.
Many services – such as Google Mail – do this by default, but others which don’t default to the more secure setting will offer an option to enable it. Find it in your accounts ‘Settings’ menu and enable it.
Travelers will be on safe ground researching information, or checking news sites, or looking at maps of the local area – but anything financial, such as booking a hotel, is best done either via your mobile device’s connection, or just over the phone.
It’s probably safer to check email and Facebook on your computer
Once you’ve reassured yourself that the hotspot is legitimate, you probably want to check email messages – this is best done via your PC, as you can use the browser’s secure icon (usually a lock or similar in your address bar) to check that you are connected securely (ie via HTTPS). Hackers who are monitoring network traffic are looking for you to type in passwords – email acount ones, social network passwords. Mark James, ESET Security Specialist says, "I would personally limit my activities to anything that does not require a username and password to log in, but please bear in mind most apps on your smartphone will auto login. Generally browsing and information look-ups are going to be fairly safe."
Overall, smartphones come a poor second to PCs or Macs when it comes to public Wi-Fi hotspots – the ‘defenses’ built into PC browsers make it easier to reassure yourself you’re being safe. Using email apps on your phone can leak data – a secure HTTPS website is better, ESET’s Mark James says.
“For email, it’s better to use a secure HTTPS website for emails rather than using pop3 from your mobile, as this is easily interrogated using free apps on the same WiFi connection.” If you’re sending corporate email, or sensitive emails, it’s best to use encryption.
When to say, ‘No’ to a hotspot
In remote areas, or certain countries in the Far East, it’s perfectly normal to encounter Wi-Fi networks with no security whatsoever – in most cases, this is simply for ease of use, as guests are constantly traveling through the hotel or bar, or cafe. Don’t connect to these hotspots, ESET’s Mark James warns: “If someone is snooping your data you will NOT know they are doing it.”
Forget the hotspot when you leave
Even big chain Wi-Fi Hotspots pose risks – and the last thing you want is your smart device attempting to connect to the same hotspot later, when you’re not looking. Smart devices can give away a surprising amount of data from apps connecting to remote servers – so it’s always a good policy to police your list of ‘known’ networks thoroughly. The worst of these can be Hotspot networks which your cellphone provider has a deal with – which phones will sometimes default to connecting to, without alerting the user.