Once a luxury item, free public WiFi has morphed into a standard service that consumers expect when patronizing everything from restaurants and retail stores to airports and hotels. Free WiFi users aren’t just checking Facebook or posting vacation photos to Instagram, either; all of us have sat down on a train or in a coffee shop and seen business people tapping away on their laptops, taking advantage of public WiFi to work on the go.

However, public WiFi networks open users up to numerous cyber attacks, especially if anetwork is unsecured. These include:

* Phony rogue networks set up specifically by cyber criminals. These networks often have innocent-sounding names such as “Customer Public WiFi” and are unsecured.
* Man-in-the-middle attacks where hackers commandeer a public WiFi network and redirect users, often to a phony login site where their credentials are stolen.
* Wireless sniffer tools that locate unsecured public WiFi networks, analyze their packets, and steal data, monitor network activity, or gather intel for use in a future attack against the enterprise’s network.
* Having your device infected by a worm on another user’s device that travels through the public WiFi network.

Hacking public WiFi networks is so easy and lucrative that cyber criminals step up their game during major events where they know large crowds will gather and connect to public networks. In February, US-CERT issued a press release warning travelers about expected cyber attacks at the 2018 Olympic Games in Pyeongchang.

Staying Safe on Public WiFi

The best way to prevent an attack on a public WiFi network is to never connect to one in the first place, even if it is “secured.” The WPA/WPA2 WiFi standard currently in use has multiple security flaws, and the new, far more secure WPA3 won’t start rolling out until later this year, when devices supporting it are scheduled to be released. Instead of using a public WiFi network, tether your laptop to your mobile phone or use one of your mobile carrier’s hotspots. If you travel a lot, it may be worth investing in an unlimited mobile data plan.

What if using mobile tethering or hotspot is not an option, your work just won’t wait, and public WiFi is the only realistic option? Protect yourself using these best practices:

Use a Virtual Private Network (VPN)

VPNs allow users to connect to servers through secure connections. While many free or ultra-low-cost VPN services are available, they may not be trustworthy; it’s better to pay for the peace of mind. Employers should provide their employees with VPN access to protect their company’s data when their employees are working in the field.

Use Secure Connections

Configure your browser to default to the “always use HTTPS” option on websites you use frequently, especially those that require login credentials.

Don’t Access Anything Sensitive

Do not check your bank account or credit cards, go shopping, or access any other sites that would expose sensitive personal information.

Turn Off Automatic Connectivity

Change the settings on your devices so that they do not automatically connect when they sense an open WiFi network; you could end up connected to a phony rogue network.

Even if you’re not stuck using a public WiFi network, never leave your electronic devices unattended while in a public place, and make sure to turn off Bluetooth and file sharing capabilities. It is highly unlikely you’ll need to use them; all they’ll do is open you up to an attack.

Author's Bio: 

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions.

He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.