As remote work continues to take shape, people are more frequently finding themselves working in public spaces or co-working environments. These include airports, coffee shops, hotels, and shared offices. While here, they connect their devices to public or shared networks, but how safe is this practice?
We reached out to cybersecurity experts and asked them what they think about the use of public Wi-Fi. What risks does it pose to cybersecurity for individuals and businesses? How easy is it for hackers to steal information on shared Wi-Fi, and what can users do to improve security?
A Relatively Safe Option but Should Be Used with Caution
Unsecured Wi-Fi is not quite as dangerous as it once was. Years ago, a majority of websites transmitted data without any security in place. That meant anyone that could access that traffic could pick up all sorts of private information about you. Now, that risk is mostly abated, as most websites use a secure method of transmitting data between their site and your system. So, only you can read the traffic coming into your system. Others can still pick it up, but it’s indecipherable and would appear as gibberish. You can use VPNs to connect to secure corporate networks, but they are not necessary to stay secure in everyday browsing. These are the thoughts of Samantha “Sam,” Owner of Motz Technologies LLC.
According to Holden Watne from Generation IX, public Wi-Fi is generally safe unless a hacker is out to target a specific user. Using simple devices, bad actors can monitor your network traffic and possibly find out information on your phone. Besides, cybercriminals can create fake Wi-Fi networks, and once you connect, the hackers gain more access to a lot more data and information.
He advises employees to always verify with their employers about the proper network and credentials before logging in to prevent this from happening. When in doubt, you should avoid using public Wi-Fi or working on sensitive documents. While you are generally safe, it helps to be cautious.
Alexander Freund, Co-Founder, CEO, and CIO at 4IT, adds that working in a shared environment has the potential to allow other people to collect data from your devices. Although public Wi-Fi systems now support a feature called “subscriber isolation,” there is no way to know that it is activated by the public Wi-Fi administrators.
The feature prevents individual subscribers from being able to see or communicate with each other. As such, you should always assume that when connecting to public Wi-Fi, any other subscriber could be trying to break into your device. They could also be snooping on the data that is passing over the public Wi-Fi.
Joe Cannata, Owner, Techsperts, LLC, shares a similar opinion. Public Wi-Fi security varies from place to place. You will most likely not know if the proper security settings have been configured on the back end. Items such as encryption and network isolation are some basics required to secure public Wi-Fi. It is best to assume it is not secure and only engage in non-sensitive business while connected to public Wi-Fi. Unless you know for sure the network is secured properly, Cannata does not recommend using public Wi-Fi.
Don’t Give Up Your Security Rights
Depending on the End User License Agreement you sign when you accept the connection to the Wi-Fi, you may be giving up certain rights. You may allow the provider to resell your internet traffic. They may have the right to deliver ads to you, or worse yet, they may have such an unprotected setup that a bad actor could piggyback on it and use it for nefarious gains.
Scott Gallupe, President of 403Tech, recommends using a VPN whenever possible. This helps encrypt the traffic you send and receive while browsing the net. Some VPN services are free, while others range from a few dollars a month. “There is a common saying in security that if a product is free, you are probably the product,” adds Gallupe.
Samantha says that when connecting from a Windows computer, make sure you click NO when it asks if you want to “find PCs, devices, and content on this network.” Clicking NO will tell Windows that you are using a public network and that it should not trust any other devices that may try to connect to it.
The Risk Public Wi-Fi Poses
Kenny Riley, Technical Director at Velocity IT, feels that using a public Wi-Fi network is generally a bad idea. Some public Wi-Fi networks may be set up properly with encryption. However, the fact is that most of them are either using outdated encryption methods or no encryption at all. This makes using a public Wi-Fi network extremely insecure.
The most significant risk with public Wi-Fi networks is the ability for a hacker to position himself between you and the server or website that you are trying to connect to. This is also known as a Man-in-the-Middle attack. This technique allows the hacker to intercept every piece of information that you send over that network, including usernames and passwords, credit card numbers, social security numbers, sensitive personal and business data, and more.
Nick Allo, Director of Information Technology at SemTech IT Solutions, believes that both public and shared wireless spaces pose a similar risk as home environments. The bigger problem is that the user experience tends to be much worse in these settings due to limited speeds and internet filtering. You are likely to spend more time troubleshooting these problems compared to the typical work from home experience. Besides, you may not use public Wi-Fi for virtual meetings, as the background noise can be distracting. Allo says that the use of public Wi-Fi depends ultimately on the work you need to get done.
Samantha also notes some other risks associated with unsecured Wi-Fi. An improperly configured Wi-Fi access point could allow others to scan and possibly even connect to your system. That’s why it’s crucial to have updated security software at all times and make sure your firewall is enabled.
Recommendations for Using Public Wi-Fi
Freund gives some recommendations for using public Wi-Fi in the safest way possible.
Phones and Tablets
- Ensure you disable automatic connectivity: Some phone settings allow them to automatically detect and connect to open Wi-Fi networks. If your phone automatically connects to an unsecured network, and you don’t have a VPN enabled for protection, you’re putting yourself at risk of having your data compromised.
- Make sure your hotspot is turned off: Most phones now support a personal Wi-Fi hotspot that allows you to connect a laptop via Wi-Fi and use the phone for internet access. Make sure you turn this off when you aren’t using it so that no one else can connect to your hotspot.
- Check your hotspot password: Make sure that your hotspot password is at least eight characters long and has a mix of uppercase, lowercase, and numbers in it. This will prevent a hacker from using a tool to try password combinations when your hotspot is active.
- Use your cellular data instead of public Wi-Fi: If you’re on the go and cannot use a secure website or a VPN connection, avoid public Wi-Fi and use your mobile data instead. This is especially crucial if you are putting personal information into apps.
- Avoid using AirDrop or File Sharing on your laptop: AirDrop and File Share allows for the sharing of files between computers over Wi-Fi. Turn these off when using public Wi-Fi to prevent hackers from stealing files or information from your device. Riley adds that a hacker can inject infected software or malware into your computer when you turn on file sharing. He recommends that you completely avoid using public Wi-Fi. If you must, ensure you use a VPN.
- Have a firewall turned on: Windows and macOS have firewalls built into the operating system. Make sure that you turn on the software firewall on your device to protect your wireless adapter. The software firewall will reject all traffic coming to the wireless adapter that you did not initiate.
- Be careful when you sign up: Most public Wi-Fi networks will collect some information from the subscribers when they connect. Be cautious about inputting names, email addresses, and cellphone numbers. There is no benefit to providing this information, and every reason to assume that the solicitors will either use it for unsolicited marketing or worse. While names are ok, email and phone numbers are not.
- Only connect to HTTPS sites: When you are using the internet from a safe network, it’s much less important to check that the website open on your browser is using an encrypted protocol. When you are on public Wi-Fi, you must verify this information. It’s easy for hackers to capture the data going back and forth between your device and the website if it is not encrypted. Look for the little lock next to the browser address or verify that HTTPS is protocol in use.
- Use VPN: Ilan Sredni, CEO at Palindrome Consulting, suggests using VPNs whenever you use public Wi-Fi. Furthermore, make sure your laptops or devices are secured and locked down. If the machines are not secured or locked down, others within the same Wi-Fi network can see the device and potentially extract data from the device without having too much trouble. Not only can they extract information, but they could also potentially install a small program into that device that can be returned to an office environment and create a complex cybersecurity issue for the enterprise. When using public Wi-Fi on a mobile device with a secure application, you can use it freely and with little concern.
- Logout when you finish: Many websites allow you to choose whether you will stay logged in permanently while the browser is open. Don’t select this option when using public Wi-Fi. Additionally, look for the logout function on the website. This way, you can log out and end the session manually when you finish.
The security of your business systems is crucial, especially where your remote employees are concerned. As they get inclined towards using public Wi-Fi connections to do their work, take the necessary steps and educate them on how to stay safe.
You can also boost the security of their devices by installing or activating protective features like firewalls. All this can take much of your time and can be a demanding task if you don’t have the expertise. However, working with experts from Ulistic can make the process seamless. Talk to Ulistic today, and let us help you with all your cybersecurity needs to keep your business safe.