14 Things You Should Never Do When Using Public Wi-Fi
Technology is amazing and we've all grown used to being able to connect with the rest of the world at just the touch of our fingertips. But what are the dangers of all that connectivity? And are you taking the precautions you should?
Let’s start with the basics—connecting at all. “It’s a huge security risk to connect to and use an open Wi-Fi network,” says Weiging Sun, PhD, cybersecurity expert and associate professor of computer science and engineering technology at The University of Toledo College of Engineering. “What’s worse is that the users are not aware when the public Wi-Fi network is already connected and being used.”
That’s because most phones connect automatically. But that opens you up to hackers and scammers everywhere you go. Instead, Sun says users should check their device settings and disable automatic connections. Learn the clear signs you’re about to be hacked to better arm yourself.
Connecting without caution
So you’ve disabled your automatic connections, but you still need to occasional public Wi-Fi access. Be careful about which networks you choose to connect to. “Attackers can set up phony Wi-Fi hotspots to lure users to connect to and use them, and then steal data passing through the network, which is under their control,” Sun says. He explains an attacker may set up a Wi-Fi network named Starbucks-guest-wifi-1, for instance, knowing users will assume it’s safe. “We should always use caution and verify the trustworthiness before using a public Wi-Fi network.” Make sure you know the other risks associated with using open WiFi before you connect.
Playing with money
Don’t perform financial or other sensitive transactions, including banking or filing taxes on public Wi-Fi networks, says Alan Brill, a senior managing director with Kroll’s Cyber Risk practice. “An attacker may capture your online bank’s credentials or credit card information.”
He says “the two biggest threats to using public Wi-Fi are hackers who are able to set up ‘man-in-the-middle’ attacks and intercept all your activity on that network, combined with the inherent lack of privacy posed by unsecured connections.”
Sharing your passwords
Wi-Fi users should “avoid using any site that requires you to log in with your username or password. You risk exposing those log-in credentials to strangers,” reminds Brian Lapidus, practice leader in Kroll’s Identity Theft and Breach Notification practice. You might think you’re safe on sites that encrypt your password, but Lapidus explains that “hackers on public Wi-Fi can ‘listen in’ and capture credentials before they’re encrypted.”
Look, we all love a good deal—but maybe wait until you’re home to take advantage of any you find online. Business growth strategist Lance Thompson says, “When you check out and pay for your purchases, your confidential information, including your contact info, credit card info, and user names and passwords are all sent over the Internet.” He explains that even on secure websites, “a hacker could have installed keylogging software in the Wi-Fi network that will capture your private data and then use that data for identity theft or to make purchases using your credit card.”
Working from anywhere
One of the beautiful things about all this connectivity is being able to deal with just about any work crisis within seconds, no matter where you are. But not so fast….”Avoid connecting to work services like business email, customer relationship management tools, and accounting software,” Brill explains. “An attacker armed with such credentials can cause millions of dollars of damage to you or your company.”
Checking your own email
We’ve already covered staying away from work email, but you probably have some things you’d like to keep private in your personal email as well. Technology expert Burton Kelso of Integral Computer Consultants says criminals have the ability to snoop in on your keystrokes when you’re using public Wi-Fi, which means they can gain access to your web-based email accounts if you log in while they’re watching. “Most people use their email as a personal filing cabinet with tons of information that can be exploited against you,” he explains. Wherever you send your emails, you’ll want to avoid these annoying email habits.
Anything without an HTTPS
This may seem like a no-brainer, but you’d be surprised how many people browse without paying attention to the web addresses they’re on. Lapidus says you need to, though. “Avoid unencrypted websites,” he explains. “Use only those that use HTTPS.” Without that, everything you do can be transmitted in plain text.
The good news is your phone will probably try to warn you if you drift into a site you shouldn’t. “Most modern browsers identify HTTPS-protected websites with a lock icon in the address bar. That’s your indication that the site is using encryption to protect your communication.” These are the computer security warnings you should never ignore.
Setting yourself up for embarrassment
Look, what you do on your personal web-browsing time is your business, unless that is, you do it on a public network. Then you should always assume someone else may be looking over your shoulder. For this reason, Brill says you should stay away from browsing anything you might be embarrassed about if discovered. “Do not visit private or ‘sensitive’ sites or watch ’embarrassing’ videos,” he advises. “Remember that not only may your activity be intercepted, but the Wi-Fi provider may keep records of the sites you visit.”
Don’t do it. Don’t even think about doing it. “Turn off automatic file sharing on your laptop,” says Lapidus. “Your phone or computer shouldn’t be visible to others to link to and transfer files. You might like to think of yourself as being popular, but if someone transfers a malware-infected file you’ll just be a popular victim.” You should also be aware of the 12 signs your computer has a virus.
Ignoring your surroundings
Protecting yourself isn’t just about what hackers can see when you’re online, it’s also about they might see walking right past you. “While we surf or work in public locations, it wouldn’t be hard for others to look over our shoulders and watch you enter your user names, passwords, read your emails, view the sites you visit and more,” says Thompson, encouraging users to always ensure their back isn’t to anyone when they’re surfing online. “You wouldn’t let someone watch you enter your PIN number at the ATM, right?” This is the same thing…
Forgetting to update
“While not directly related to Wi-Fi security, vulnerabilities in your favorite apps or browsers are frequently used by hackers to steal information,” Lapidus explains. That’s why it’s important to make sure all your apps are up to date, as those updates often contain security patches meant to protect you from those invasions. You can even set up automatic app updates in most operating systems so that those updates happen seamlessly as soon as they’re available.
One of the main things people do with their phones while out and about is check their social media networks. But even that’s a mistake, according to Paige Hanson, chief of identity education at Norton LifeLock. “Even if you’re simply logging in to check your Facebook account, cybercriminals can intercept your username and password, and use that to try and access other accounts,” she says. While you’re at it, this is why you should never, ever link your phone number to your Facebook account.
Failing to use a VPN
If you’re going to use the Internet from public Wi-Fi locations, all our experts agreed you need a Virtual Private Network (VPN). “A VPN will encrypt all your data, making it incomprehensible for attackers,” says Lapidus. “But make sure you check out any VPN provider you plan to use to make sure they’re reliable.”
Even with a VPN, Brill advises users to “be mindful of ‘clever’ social engineering tactics. An attacker armed with basic information they captured by intercepting your online activity or even from your social media profiles may call over the phone and use the information they’ve stolen to convince you that you need to give them more information or send them money.” You’ll also want to familiarize yourself with these cybersecurity secrets hackers don’t want you to know.