Free Public WiFi such as those found in coffee shops, airports and other public places are easy to connect to – however they could expose your personal data or your business data to security threats.
Problems with Public WiFi
Public WiFi which is open and does not require a ‘pass key’ (or password) when connecting means all your data is transmitted through the air unencrypted. Any websites you visit, files you send/receive, and usernames/passwords which you enter can be captured by anyone else nearby with a laptop and WiFi data capture software (which is freely available).
The attacker can clearly see this information because it is transmitted in plain text over the air without any encryption. Websites which are encryption enabled (https:// and have the padlock icon in your browser) – do provide some protection however the attacker can still capture the encrypted data packets which are being sent – and they can see which sites you have been visiting.
Infected Devices on the WiFi Network
Connecting to a public network (password protected or not) also exposes your device to all the other devices on that network. If any of them are infected with viruses or worms which are spread over the network your device could become infected without appropriate security software (or even through unpatched security holes in your software/operating system).
Impersonating WiFi Hotspots
In popular Free WiFi locations an attacker could setup another WiFi access point which impersonates the real WiFi access point. They do this by setting the WiFi name (SSID) to the same as the real one. When you look for WiFi networks your device will show multiple networks of the same name and makes it difficult to determine which network is the real one.
Additionally if you have 'remember network' enabled on your device – it will connect to the impersonating network automatically. Attackers use impersonating networks to capture all the data flowing across that WiFi access point (encrypted or not). The data can then be used for malicious purposes or sold on the deep web.
How to protect yourself
1/Setup your own personal hotspot using your iPhone or Android phone – this is more secure because it’s your personal network
2/If you must connect to Free WiFi then on Windows devices always choose the 'Public' network location (In Windows 8 and later choose ‘No’ when the ‘Connect to devices’ question appears after connecting to a new WiFi network)
3/Make sure you have an IT provider which can manage IT security and monitor for unusual activity on your business devices (security software is a good start e.g. Anti-Virus software and firewalls – but checking they are constantly working is just as important)
4/When connected to Free WiFi do not visit email accounts, banking sites, online stores or give personal or credit card information.
If you would like any more information please don’t hesitate to contact us.
If you would like information on protecting your business devices from IT security threats – we can provide a free analysis of your current IT security systems.