• United States




Why you should never, ever connect to public Wi-Fi

Jan 09, 20185 mins
Data and Information SecurityTechnology IndustryWi-Fi

There may come a time when your only option is an unsecured, free, public Wi-Fi hotspot, and your work simply cannot wait. If that’s the case, understanding the risks of public Wi-Fi may prevent you from falling victim to an attack.

When considering whether to connect to the public Wi-Fi network at your local coffee shop, the airport, etc., I have two simple words of advice—don’t and don’t. The massive flaw discovered in WPA2, the encryption standard that secures all modern Wi-Fi networks, launched the possibility that anyone near you could easily access your information if you use a Wi-Fi network. This includes information that was understood as being encrypted. Today’s Wi-Fi standards are flawed and should not be trusted.

One of the biggest threats with free Wi-Fi is the ability for hackers to position themselves between you and the connection point. So, instead of talking directly with the hotspot, you end up sending your information to the hacker. The hacker also has access to every piece of information you send out—emails, phone numbers, credit card information, business data, the list goes on. And once a hacker has that information, you’ve basically given them the keys to the kingdom.

However, despite numerous warnings, headlines, and efforts to educate, many people still don’t understand why connecting to free Wi-Fi is an incredibly dangerous situation regardless of what you’re doing online. And while you may think ‘okay, I’m not checking my personal email or logging into my bank account, I’m just checking the sports scores,’ remember anything you do on a public Wi-Fi network is NOT secure. Any information you share or access on these networks is as good as gone.

If you find yourself in a situation where you absolutely must connect to Wi-Fi (first ask if you REALLY need to connect) here are a few suggestions to improve your safety:

1. Do not touch any of your personally identifiable information (PII)

If you use information over a public Wi-Fi network, you are not treating it like it is valuable. Therefore, if you must use a public Wi-Fi network, avoid touching any PII including banking information, social security numbers and home addresses at all costs. Remember, some accounts require you to enter things like phone numbers when you sign up, so even though you may not remember entering it, you may inadvertently be allowing access to personal information.

2. Use virtual private networks (VPN) instead

A VPN allows you to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi and more. They are an excellent alternative to public Wi-Fi networks. While they do cost some money, the peace of mind and additional security is well worth it. Additionally, most employers will equip their employees with a way to connect to a VPN network on the go. And, they should. While employees are on the go and need to access Wi-Fi networks to do their jobs, the company’s data is at a high-risk if they use a public network.

3. Use SSL connections

If you don’t have access to a VPN. you’re not completely out of luck. You can still add a layer of encryption to your connection. When browsing the internet, be sure to enable the “Always Use HTTPS” option on websites that you visit frequently, including any and all sites that require you to enter any type of credentials (most websites that require an account or credentials have the “HTTPS” option somewhere in their settings).

4. Invest in an unlimited data plan

Most of the time, individuals find themselves hastily connecting to public Wi-Fi networks to save themselves from overage charges on their phone bills. But your mobile is just as likely to be attacked as your laptop, if not more. In fact, with the WPA2 flaw mentioned above, Android mobile devices were found to be the most vulnerable. Investing in an unlimited data plan will not only eliminate your need for accessing insecure Wi-Fi networks, it will also often allow you to use your mobile device to create a personal internet “hotspot,” meaning a VPN connection wouldn’t even be necessary.

5. Turn off sharing

Be honest, when connecting to the internet at Starbucks or on the road at the airport, do you really need to have file sharing turned on? Not likely. File sharing is usually pretty easy to turn off from the system preferences or control panel, depending on your OS. Or let Windows turn it off for you by choosing the “public” option the first time you connect to a new, unsecured network.

There may come a time when your only option is an unsecured, free, public Wi-Fi hotspot, and your work simply cannot wait. If that’s the case, understanding the risks of public Wi-Fi may prevent you from falling victim to an attack. Regardless, it’s high time that individuals and employers take the risks associated with our growing use of public Wi-Fi networks more seriously. These steps are simple, easy, relatively inexpensive and could save you from massive amounts of data theft both at home and at work.


Justin Dolly is EVP, Chief Security Officer and CIO of Malwarebytes. Prior to Malwarebytes, Dolly was the VP, Chief Security and Privacy Officer at Jawbone, where he oversaw the security and privacy implications of consumer wearable technology. He also held the Vice President and Chief Information Security Officer position at ServiceNow, where he provided strategy and vision for all information security-related initiatives.

Before that, Dolly was the CISO at VMware Inc., where he developed and led all information security-related programs and initiatives. Previously, Dolly held various security and technology leadership roles at Kaiser Permanente, CNET/CBS Interactive and Macromedia.

The opinions expressed in this blog are those of Justin Dolly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.