How to Reduce the Odds of Being Hacked While Using Public Wifi

Best practices for wifi security.

This post is part of the series, SmallBusiness.com Guide to Business Computer and Tech Security: Advice, alerts and information about digital security threats faced by small businesses. You can browse other posts in the series below.

  1. IRS Issues Urgent Warning to Small Businesses: Beware of W-2 Phishing Scam Return | 2017

  2. Lynda.com Alerts 9.1 Million Users After 55,000 Accounts Are Breached | December 2016

  3. What Does HTTPS Mean? And Why a Small Business Website Needs the ‘S’

  4. Yahoo Security Breach is Another Reminder of Why Password Protection is Critical to Your Business

  5. Homeland Security Tips for Choosing Harder to Hack Passwords

  6. Passwords Are Stolen Everyday; How to Protect Yours From Being One of Them

  7. How to Recognize and Avoid an Attempt to Crack Your Two-Step Verification Passwords

  8. How Voice Recognition Software is Being Used to Detect Cyber Criminals

  9. How to Avoid a New Cyber Attack Attempting to Access Small Business Bank  Funds

  10. Seven Resolutions for 2016 That Will Help Protect Your Small Business Computers

  11. Top Ten Free Antivirus Utilities For Your Small Business | 2016

  12. Most Small Businesses Have No Cyber Attack Response Plan

  13. If Your Business Bank Account Gets Hacked, Your Bank May Blame You

  14. Why You Should Still Use a Password Management System, Even if You Heard One Was ‘Hacked’

  15. Advice From Google on Avoiding Scams Directed at Small Businesses

  16. More Tips for Actively Managing Your Passwords

  17. What Small Business Customers Should Know and Do About the JPMorgan Chase Cyberattack

  18. How Hackers Use ‘Social Engineering’ and How to Prevent It

  19. Ten Tips From the FCC for Improving Your Small Business Cyber Security

  20. Password Protection Advice from SmallBusiness.com

  21. Ebay Asks 145 Million Users to Change Passwords

  22. What is Two-Step Verification and Why You Should Start Using Them

  23. How (and Why) to Use a Password Management Application

  24. How to Reduce the Odds of Being Hacked While Using Public Wifi

Unfortunately, shopping at Target isn’t the only way to get your credit card information stolen these days. Getting in a solid work session at the local coffee shop may be a tempting idea, but it has its risks. Like getting your personal information stolen because you were careless on a public network.

Sometimes, though, you’ve got to get work done while you’re waiting at the airport or waiting on clients at the coffee shop. Here are some guidelines to help make sure you’ll be spending your time making money, not giving it away to hackers.

1. Don’t log into a website or buy anything.

While checking your email may be unavoidable, it’s best to not do so. Logging in to sites on a public wifi network is an easy way to get your password stolen. Email is particularly dangerous, since it’s often possible to access your other accounts once a hacker has gotten into your email account — a quick search of your inbox and they can find out where you do your banking, for instance, and issue a password reset for your bank account. Not good.

Needless to say, the same goes for making purchases over a public network. Your credit card information, encrypted or not, will be sent over the airwaves where it can be intercepted. Wait till you get home to make that purchase.

2. If you do have to log in to something, make sure it’s encrypted.

Screen shot 2014-01-23 at 5

(Photo via John Riviello on Flickr)

When you log in to a site, take a look at the browser’s address bar and make sure you see a green lock (typically on the left hand side). The lock should remain green and closed throughout the entire login process, with bonus points if the lock remains the entire time you’re browsing the site. The lock means your connection is using a protocol called HTTPS, which is more or less a standard HTTP connection encrypted with SSL. Although they can still be hacked, HTTPS connections are much, much more secure than standard HTTP connections. Most sites that have log in pages use HTTPS for at least the login portion of the site — if you’re logging in somewhere and you don’t see a green padlock, don’t log in.

3. Don’t use the same password for multiple sites.i-will-not-use-the-same-password-for-everything

(Photo via teamchatter.com)

This is just a good practice in general. If you use the same password across multiple sites and someone steals it, it’s easy for them to take everything — social media accounts, banking, email, the whole shebang. Keep the damage to a minimum by using unique, hard to crack passwords for each site.

This can be understandably daunting, if you have more than a few accounts. While it’s not a perfect security solution, I recommend using a password management app such as Dashlane to manage your passwords. It makes it easy to create unique, hard-to-crack passwords for each site that you have accounts with.

4. Enable multi-factor authentication for services that support it.

Screen shot 2014-01-24 at 9

(Photo via Moe on Flickr)

This is also called two-factor authentication. Here’s how it works: Say you enable multi-factor authentication for your Gmail account. Now, whenever you try to log in to your Gmail, you’ll get a message with an authentication code sent via text message to your phone, which you need to type in to the browser before Gmail will let you access your account. In effect, a hacker would have to physically steal your phone to access your account. It sounds annoying, but in practice usually adds less than 20 seconds to each login attempt, and the security benefits are well worth the hassle.

Not all services support this, of course, but a surprising amount do. The good people over at Lifehacker have a nice list of services with two-factor authentication going, so check it out and protect yourself before, not after, you get hacked.

5. Make sure you’re not sharing files.

Screen shot 2014-01-23 at 5

(Photo via Anderson Mancini on Flickr)

This one should be fairly obvious, but it’s still worth mentioning. If you’re on a Windows machine, you should get a prompt to select which type of network you’re joining: Home, Work or Public. Be sure to select public.

On OS X, go to System Preferences > Sharing, and make sure that all the checkboxes are empty.

6. Make sure you’re connected to the right network.

Screen shot 2014-01-24 at 9

(Photo via j. on Flickr)

Especially if you’re in an airport or a crowded urban area, there are likely to be several Wifi networks available. Make sure you’re connecting to the right one, as it’s possible for a malicious third party to set up a dummy network for the express purpose of listening in on your data. If the shop you’re at doesn’t have signage with the proper Wifi network name, find an employee who can get you the information.

7. Use a Virtual Private Network (VPN)

VPN connections are commonly used by businesses to allow their employees to access secure office networks outside of the office. Turns out you can also use them over a public network to encrypt all your traffic — in effect, it turns your public internet session into a private one. Depending on which type of VPN you’re using, it can be like enforcing SSL encryption on all your traffic, which is a very good thing.

Setting up and connecting to a VPN can be complicated, but it’s well worth the time and energy invested into it, especially if you find yourself needing to do business-critical tasks outside the office. To find out more about the benefits of VPNs and how to set one up, check out this article on How-To Geek, and this article on PC World.