Public WiFi: How to Stay Protected From Security Threats

WIFI2

One of the conveniences of our modern world is free wireless Internet connections offered by businesses for use by their customers. This can be especially useful for employees who want to continue working or otherwise stay connected via their laptops. But many people don’t realize the security issues with using public Wi-Fi connections. Luckily, once you’re aware of the concerns, it is easy to take precautions to prevent your use of public Wi-Fi from becoming a security hazard.

The main concern with public Wi-Fi is the danger of transmitting potentially-sensitive information through the air unprotected. Unlike corporate Wi-Fi networks, public ones are by definition open to the general public. Anyone can join a public Wi-Fi network, regardless of how trustworthy they are to other network users. As such, these networks are generally not encrypted, or if they are, the key is widely available, preventing the encryption from providing any real protection.

Normally, computers connected to a Wi-Fi network only process data intended for that computer. However, due to the nature of wireless communications, common devices are capable of receiving data intended for any computer on the network. Using special software, it is possible—and common—to go to a location with public Wi-Fi, and passively look at other people’s network traffic, in hopes of obtaining valuable sensitive information such as passwords and credit card details.

There is another concern that, while not as big of a risk, is still important to be aware of. That risk is the lack of trust in the operator of the network. Even if you’re at, say, a coffee shop that’s part of a major chain, the owner or manager of the store may not be trustworthy. A rogue network operator has the ability to modify any network traffic going through his or her network, performing a man-in-the-middle attack. This could have the effect of falsifying information that appears on a website, for instance.

One very simple precaution that will provide adequate protection from both of these issues is to always use encrypted protocols while on public Wi-Fi networks, such as HTTPS. If you see “https://” at the beginning of a URL (note the ‘s’), you’ll know anything you do on that site is as safe from prying eyes as it would be on a private network. And if someone attempts to perform a man-in-the-middle attack and modify the information as it’s sent, your browser will detect that and display an impossible-to-miss warning. Email that uses encryption (such as TLS) is also safe.

If you, as a business, want ensure that this doesn’t become an issue, however, you can set up an encrypted VPN and require all employees use it when they are off-premises. This way, all network traffic will be safe.