Is Public Wi-Fi Safe?
The quest for uninterrupted connectivity often leads people to the welcoming arms of Public Wi-Fi networks. Whether it's a local café, shopping centre, bustling airport, hotel or many other locations, the convenience offered by Public Wi-Fi is undeniably alluring. However, beneath the surface of convenience, lies a host of cyber risks and threats that could potentially have dire consequences on your Business and Personal security.
Is Public WiFi Secure?
The first thing we should discuss is Wi-Fi Security. WPA2, which is the standard encryption in most routers is safe... or at least it is in a Home or Business setting where you are in control of who is given the password to your network and which devices have access to it. However, for Public Wi-Fi networks which use WPA2, anyone who accesses the network before you do can use tools to be able to see and steal your device’s encryption key to that network. They can then use this key to be able to monitor all of your web traffic, even though theoretically your connection to that network is secure.
However, many newer routers and access points are now switching to the newer WPA3 security standard which is designed to overcome this flaw in WPA2 security by using individualised data encryption between your device and the Access Point/Wi-Fi Router. But how can you know if the Public WiFi you are accessing uses WPA2 or WPA3? Unfortunately, unless you ask someone who knows the network security... it is not something that most people can tell. Device manufacturers have to either create their devices and firmware with this security in mind or upgrade existing equipment to be compliant with this new security standard, which is a long process and requires certification.
What are some of the most common Public WiFi threats?
One of the most prevalent threats when it comes to Public Wi-Fi is known as the Man-In-The-Middle (MITM) attack. In this sinister manoeuvre, the attacker can create a fake WiFi Network and name it whatever they want, imagine sitting in your local Café and seeing a Wi-Fi network titled “FREE Café Wi-Fi", you would probably think nothing of it. These networks are not as easy as seeing a network titled “Shady Man In The Corner On His Laptop WiFi”. But these Man in The Middle networks made by cyber criminals is able to intercept and potentially alter the communication between the user and the internet without them knowing. Imagine sending a confidential email to a colleague over a public Wi-Fi network, only to have it intercepted? Or how about the attacker intercepting your email login credentials and using those details to log into your email account and send emails to your customers/clients with malicious information or files without your knowledge? The repercussions of being targeted by this type of attack could be substantial, both professionally and personally.
Equally menacing is the act of Cookie and Session Stealing. Cookies, small files saved on your device by websites to remember your preferences, also contain session data. These types of attacks are not limited to Man-In-The-Middle attacks, if the Public WiFi network your device is connecting to does not have the necessary network security and traffic encryption in place, it could be used by attackers to be able to find and target other devices on the same network, attackers don’t even need any special “hacking” skills to be able to do this as many of these tools are readily available. if your device does not have a comprehensive Cyber Security tool in place, attackers could potentially access and steal these digital crumbs to bypass account credential requests such as Username/Email, Password, and even Multi-Factor Authentication. Thus allowing the attacker to gain unauthorised access and impersonate the victim on various websites such as their Bank Account, Social Media, Email Accounts, Online Stores and much more. Read more about Session Token Hijacking in this article.
Being aware of these dangers, you can quickly see why using Public Wi-Fi networks can be like navigating a minefield, with every click on a Public Wi-Fi network potentially leading to a catastrophic data breach. The inherent lack of security in many Public Wi-Fi networks is a tempting space for cyber attackers to exploit unsuspecting individuals.
How can you stay safe on Public WiFi?
Awareness is the first step towards protection. By understanding the risks involved in using Public Wi-Fi, and adopting cyber security best practices, can significantly mitigate these risks.
1: If you go to a new location and can not see signs that they offer customer Wi-Fi, ask a member of staff which is their trusted network and what the name of it is. If they do not and you can still see a network purporting to be for that location, inform their management that somebody could be using this for malicious purposes.
2: Use additional security/encryption when accessing Public Wi-Fi. By using tools such as a Business VPN, or a Proxy VPN service, you create a secure and encrypted tunnel from your device to a remote location, meaning that all of your web traffic is hidden behind an additional layer of security, preventing prying eyes from intercepting your web traffic.
3: Endpoint Security can prevent attackers from using Public Wi-Fi to remotely access your device. Endpoint Detection & Response uses Artificial Intelligence and Machine Learning to monitor for unusual, suspicious or malicious activity and block it in its path.
How can TwentyFour keep your users safe on Public Wi-Fi?
Next time you are tempted by Free Public Wi-Fi, remember the cyber threats that lurk beneath. It's not merely about staying connected; it's about staying safe and secure in a digitally interconnected world. At TwentyFour we work with your business to make sure that your employees and devices have the necessary tools, resources and security solutions in place to keep your business protected from all potential angles.
If you want to find out more about our Cyber Security services and find out if your business is secure against the more than 500,000 new cyber threats that are discovered daily, fill out the form below to receive a FREE Cyber Security Health Assessment.