Having access to free public Wi-Fi is one of the most important features of the always on, hyper-connected world. It means that you can travel and access emails, log in to company apps, read the news, even watch your favourite box set.
But, like much in life, there is no such thing as a free lunch – there is always some hidden cost, somewhere…public Wi-Fi may be free but the costs in terms of security can be high.
With research from Spiceworks showing that 61% of employees use company-owned devices on public Wi-Fi networks, making sure those connections are secure is vital.[1]
Why is Public Wi-Fi Insecure?
The Spiceworks survey also found that less than half of IT professionals are confident that their organisations data is protected when employees use public Wi-Fi. This is because there are a number of ways that data is vulnerable when an employee is outside of the confines of an enterprise network.
Top 3 Wi-Fi Vulnerabilities
- Man-in-the-Middle (MitM): If communications are not protected any data that moves between a client (e.g., browser) and a server (e.g., web server) will be at risk of being intercepted and stolen. For example, if you sent an email to a client with bank details for a money transfer, the email could be intercepted, and the bank details changed to the fraudster’s bank account.
- Rogue Wi-Fi: This is a Wi-Fi network deliberately setup by a fraudster to capture data transfer, like emails, login credentials, text messages, and so on. The networks will usually offer free connection or use the name of a cafe or shopping mall.
- Malware Insertion: If your device is vulnerable in any way, e.g., the device does not have the latest security patch, you are at risk of a malware infection. Cybercriminals use systems such as file sharing across a network to surreptitiously infect vulnerable devices with malware.
In certain circumstances, even protected (encrypted) Wi-Fi networks are at risk. Key Reinstallation Attacks or ‘KRACK Attacks’ were a set of vulnerabilities found in the protocol, WPA2, used to secure Wi-Fi networks.[2] If these flaws were exploited, even previously protected data could be at risk.
To address these vulnerabilities, the Wi-Fi Alliance is working on WPA3, an update to the WPA2 protocol, to address the security issues of the earlier protocol.[3] The group has also announced the Wi-Fi Enhanced Open™ networks that provide improved security on public WI-Fi networks.
What Data Can Be Stolen?
If you are unfortunate enough to be targeted when using public Wi-Fi any data that you transfer during that session is at risk. This includes:
- Account registration data: Personal data such as your name and address
- Online account login credentials: For example, username and password. These can then be used to attempt to access other accounts you may have online if you have reused these credentials elsewhere.
- Emails: Any emails sent and received can be intercepted
- Text messages: Any messages sent or received via a phone connected to a public Wi-Fi are at risk of interception
Top 10 Security Tips When Using Public WI-FI
To protect yourself when travelling or when you need to use a public Wi-Fi, follow The Defence Works “Top 10 Public Wi-Fi Security Tips”:
- Set up your Wi-Fi connection so it does not automatically connect
- Check that websites that you share data with (including login credentials) are HTTPS and not HTTP.
- Avoid using mobile apps to log in to an account via public Wi-Fi as the app itself may be insecure (much harder to tell)
- Avoid accessing sites such as online banking altogether whilst on a public Wi-Fi network
- Avoid free and open public Wi-Fi, i.e. one that does not require a password for access
- Disable file-sharing across networks when you are out and about
- Logout of accounts after you’ve finished using them
- Use a Virtual Private Network (VPN) which can help to protect against MitM attacks. Some examples of VPN products include:
- Consider using a travel Wi-Fi router – these are your own mobile internet connector to allow you to more securely connect when you are outside the office.
- Stay security aware – scams and fraud can happen at any time, but being security aware gives you the heads up to know how to stay cyber-safe
As more of us work remotely from coffee shops, travel and generally use devices to access online resources while out and about, we often turn to public Wi-Fi. If we must use these free public Wi-Fi networks, then we need to do so with a good level of knowledge about security issues. By following our top tips, you can stay secure and work safely, even in public.
[1] Spiceworks: https://community.spiceworks.com/networking/articles/2941-data-snapshot-wi-fi-security-in-the-workplace-and-beyond
[2] KRACK Attacks: https://www.krackattacks.com/
[3] Wi-Fi Alliance: https://www.wi-fi.org/discover-wi-fi/security
[4] NordVPN: https://nordvpn.com
[5] ExpressVPN: https://www.expressvpn.com/
[6] SurfShark: https://surfshark.com/