The next time you have a craving for a caramel macchiato at your local Starbucks, keep your phone in your pocket.
Staying safe while using public Wi-Fi has been a growing concern for years. That’s because anyone with the network password could potentially hack into devices that are connected to it and exploit that information. Understanding the ins and outs of public Wi-Fi security is crucial.
For example, in 2017, a Buenos Aires Starbucks unwittingly exposed customers to a serious security breach when a hacker tapped its public Wi-Fi network to mine cryptocurrency. Get to know the dangers of public Wi-Fi and how you can stay safe.
The dangers of public Wi-Fi
Business travelers worry most about accidentally exposing company and personal data to hackers when using public Wi-Fi, according to research conducted by Artemis Strategy Group and published by Carlson Wagonlit Travel. Of the 2,000 professionals polled by the global travel management business, 65% reported feeling unconfident about security on public wireless networks.
Their fears are well-founded. “A hacker may have compromised a router that looks for certain strings, such as if a connection is initiated with a bank,” network security expert David Iacoponi said.
This type of attack, called a “man in the middle” hack, occurs when a hacker installs “listening” software on an operating system. In other words, the user believes he’s logging in securely, but he’s actually connected to a “man”—or a server—that could be recording keystrokes or saving screenshots of sensitive pages.
“It isn’t usually like in the movies, where a bad guy is sitting with a laptop at your local Starbucks,” Iacoponi added. “Instead, hackers purchase programs that exploit security weaknesses and run in the background.”
Here’s what’s vulnerable when you use unencrypted public Wi-Fi:
- Usernames, passwords and account numbers
- Your home address and current location
- Company data, including login information and passwords, files, and emails
- Images and personal files you’ve saved on your phone
- Information stored in device apps for internet of things (IoT)
What kind of public Wi-Fi protection do I need?
Business travelers and internet security experts, long accustomed to jumping through digital hoops to keep company data safe, are especially wary of public Wi-Fi. And though a Verizon study reports a decrease in the number of web-based security breaches, the sheer volume of devices entering circulation means the risk remains high.
That’s why organizations anticipate increasing spending on internet security from $114 billion in 2018 to $124 billion in 2019, an increase of 8.7%, according to Gartner. Businesses and governments continue to explore advanced protections, such as enhanced biometric authentication, to boost security.
But since the average consumer doesn’t have access to this technology, it’s imperative to make accessible practices part of a broader personal internet security strategy.
Use these common sense practices to address public Wi-Fi security risks:
Stay smart about how you connect. Use your cellular data plan instead of public Wi-Fi. “You’ll always see the cyber guys on their hot spots, but most will trust cellular networks,” Iacoponi said.
If speed is a priority, limit public Wi-Fi access to encrypted connections. Internet providers, such as Optimum, offer secure public connections that customers can access with a login and password.
Invest in a VPN. Virtual private networks encrypt data and are portable. Business travelers have used these for decades, but you can purchase one for personal use, too. A password manager isn’t a bad idea, either.
Use two-factor authentication. If you log in to a website and it asks you to enable two-factor authentication, do it. It’s fast and easy—especially when you’re on your mobile phone. Text, email and answering personal questions are popular 2FA methods.
Back up personal documents at home. You probably don’t need seven years' worth of tax data, old credit reports or your personal medical history saved on your laptop, tablet or phone.
“Encrypt and save them on a thumb drive and store it at home,” Iacoponi advises. Don’t forget to delete them from your mobile devices.
**Avoid logging in to bank accounts and other personal-data-rich websites in public.__ In an emergency, use your cellular network.** **
Scan devices regularly for malware. The newest antivirus protection extends to your mobile devices, too. Scan your computer, tablet and phone for malware.
Verify that your devices prompt you for permission before accessing public Wi-Fi. Don’t automatically connect to available Wi-Fi networks. Your device should prompt you for permission to connect.
Install security patches and software updates as soon as they’re released. It only takes a few minutes, and you’ll protect your data from security weaknesses.
You might also consider running a people search on yourself, as it may reveal personal information floating around the web that you’d forgotten about.
Is Public Wi-Fi Safe?
So, should you avoid using public Wi-Fi altogether? Not necessarily, according to Consumer Reports. Encrypted connections are much more common.
“It’s standard on just about every major website, including Amazon, Google and Wikipedia,” the nonprofit consumer watchdog reports.
Consumer Reports recommends looking for the padlock icon that appears in the browser’s URL bar when surfing the web. And if you’re accessing data using an app, use your cellular network, just to stay safe.