How to be secure on public Wi-Fi networks

Oh Sieng Chye, Asia Pacific Malware Researcher, ESET

Asia Pacific is home to the largest number of online users in the world, with high levels of internet connectivity as well as wide availability and affordability of connected devices. It is no surprise that in recent years, public Wi-Fi has become common in cities across the region, offering unprecedented convenience to access the Internet on-the-go.

As convenient as this may be, there are certain risks that should not be overlooked. Wi-Fi signals act like radio waves, meaning that anyone within the range of a public Wi-Fi network can see what users are sending and receiving, which can result in unwanted snooping, and even the loss of sensitive personal information.

A recent study released by ESET, found that over 60 percent of the 1,800 online users surveyed across Hong Kong, India, Indonesia, Malaysia, Singapore and Thailand agreed that it is dangerous to connect devices to unsecured public Wi-Fi networks. Interestingly however, despite knowing these risks, the surveyed showed that over half (59 percent) still use public networks whenever available.

The results of the survey is alarming, showing a lack of understanding of the risk using public Wi-Fi. We often find that many people believe it will never happen to them. The reality is that it does, and ignoring the risk is not the way to deal with it. In fact it is quite easy to stay protected while enjoying the convenience and freedoms of public Wi-Fi.

With this in mind, here are some tips to staying safe on public Wi-Fi:


  1. Check the authenticity and always manually select networks. It is important to check for the correct network name and password. Be wary if there is no password required to access the Wi-Fi, as the connection is unencrypted. You should also pay close attention to potentially spoofed hotspots that bear close resemblance to the official name, as this may be a tactic by hackers to gain access to unsuspecting computers and personal devices. We've all been there — gone to a café or shopping mall, and clicked to connect to the free Wi-Fi without a second thought about whether it is legitimate and secure. This is very risky behaviour and the implications are plentiful.

    Users should also make sure their communication devices are set to manually select a Wi-Fi network, rather than having automatic connection. Another good practice is to 'forget' networks if they are no longer in use or required. Also, turn off sharing and Wi-Fi capabilities when the wireless is not in use, as this cut downs possible avenues for cybercriminals to find a way in.

  2. Avoid accessing sensitive information and logout when finished. By and large, public Wi-Fi networks should not be used to access email, online banking and credit card accounts, or any other sensitive data for the matter. Your best bet is doing these things from home, where hopefully your Internet service provider's router is both password-and firewall-protected. However, if this must be done, don't stay permanently signed in to your personal accounts on public Wi-Fi hotspots as you may leave yourself exposed. For further security, log out from each website after each session.

  3. Patch before you go. Patching and updating software on a regular basis is an essential security practice, especially when it comes to Wi-Fi. You should keep your web browser, software and antivirus solution up-to-date to fix bugs, while an up-to-date antivirus engine will scan, detect and remove the latest threats. Attackers will sometimes take advantage of poor patching by tricking unsuspecting users into downloading something they believe to be a software update. However, they will quickly realise that their machine has been infected with malware instead.

  4. Look for HTTPS. You should ensure that the web pages you visit are https encrypted where possible. You can check this by looking for 'https' at the start of the URL address bar, or for the security padlock sign. This indicates that the particular page has a valid digital certificate and up-to-date SSL/TLS encryption, thus making Man-in-the-Middle (MiTM) attacks — instances where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other — much less likely. If there is no encryption, log out — especially if you're doing something sensitive like online banking. You should also pay close attention to mobile sites, as there's no guarantee they will be providing secured HTTPS access.

  5. Use a VPN and additional security tools. If you travel a lot and don't have a cellular dongle but still need connectivity for work or play, consider a virtual private network (VPN). A VPN provides a secure connection between your computer and the VPN servers, meaning that all communications between your computer and the VPN are encrypted. This also masks your IP address so that opportunities for phishing are dramatically reduced.

1  2  Next Page