How can you make public Wi-Fi as safe as possible?
Having warned you off public wi-fi in a previous post, this post covers how to protect yourself if you do need to use it.
Ultimately, the best way to protect yourself on public Wi-Fi is still not to use it, enabling you to sidestep all the issues caused by not controlling the local network or the people on it. I would encourage anyone who spends a lot of time on these networks to investigate a large data plan for their mobile phone, or alternatively a “Mi-Fi” device that uses a SIM card.
With that in mind, this post is written assuming that this is not an option.
1. Practice mindfulness
Not in the sense that you’ve probably heard the term more recently (though perhaps given there’s a need for it in this scenario, it doesn’t hurt to be thankful that there’s Wi-Fi available). Rather, be aware of what you’re doing on the network – if you don’t need to check your bank account, don’t. Some attacks don’t need to compromise your device, and instead will look for the traffic being sent on the network. Despite the encryption applied by many websites, it’s still possible to see the domain you’re using. For example, in normal use, it would be possible to view the domain of your bank’s website when you access it, even though the pages you view and data you send will be protected by that encryption. This would give a malicious party a foothold in terms of information about you, and they may in turn be able to combine this with other leaked information to carry out a comprehensive phish.
There are other challenges, especially with the use of apps, where security warnings and errors may be suppressed so that you don’t even know they’ve occurred. Some may hide that they don’t even encrypt the data at all!
2. Use a VPN, if you can.
VPNs are a game of trust – you’re effectively saying, “I would rather the operators of this VPN see my web traffic rather than the operators of the network I’m on”. With that in mind, I’d strongly emphasise you have some scepticism about VPN services that advertise heavily on YouTube or other social media. Ditto the services that advertise that they don’t log any traffic – they almost certainly do in one form or another, but it comes with the added bonus that you’re associating your activity with those of other people interested in a “no logs” service – which may not be what you want (and remember that you’ve probably tied your activity to “you” via a credit card or similar payment, so it’s much less private!).
If you’re shopping for a VPN, I’d recommend looking at those offered by security companies (such as Antivirus vendors) who have been operating the service for a while and have a proven track record. Many of these will also make their own software available to make the connection process easier.
To check the VPN is running as intended, access a service that tells you your IP (e.g. https://www.whatismyip.com/) – between the listed location and the ISP, this should give you an idea of whether you’re running traffic through it as it should tally up with the VPN you’re using if it’s working!
Some operators of networks may actively block the use of VPNs – this may be a point to reconsider whether you want to use the network at all.
3. Make sure your firewall is enabled
This is a simple one – go into your security settings and check that your firewall is active. In Windows 10, you can search for “Windows Security” which will open this part of the Settings Menu. You’ll see your firewall status under “Firewall & network protection”. A green tick means you’re good to go – anything else means you need to look at what’s wrong.
If you get asked what type of network, you’re on when you connect to Wi-Fi, pick “Public” for the highest security.
Even if you use a VPN, your device will still be able to communicate with the local network (including other people trying to connect to your computer), so it’s important that you check the firewall is active.
4. Check that your Antivirus is enabled and up to date
This is more likely to protect you if someone is able to access your system or get you to click a link, but you never know what might happen – in Windows 10 you can check this in the same “Windows Security” menu, this time against the “Virus & threat protection. Green tick again should mean everything’s in a good state.
5. Check other Windows 10 security features
It’s well worth making sure you’re in a good place with the other security features in Windows 10 as well. Click into Account protection, App & browser control, and Device security to check that you’re aligned to the Microsoft recommended settings. These include settings like the ransomware protection that’s part of Windows 10 and will be as useful at home as they are on public Wi-Fi.
6.Patch, patch, patch!
Install updates for Windows and any applications you have installed! If you’re running woefully out of date software, it can be trivial for an attacker to use an exploit tool like Metasploit and gain access to your system from the same network – having your firewall and antivirus active will make this more difficult for them, but sometimes all it takes is one mistake.
7. Think about whether you can justify changing your data plan or getting a separate “Mi-Fi” unit
You had to use public Wi-Fi this time, and whilst I said this guide would be written from that perspective – do you need to do it next time? If you regularly need the access on the go I would strongly recommend getting yourself set up to do this in a way that helps protect you from the pitfalls of public Wi-Fi.
And that’s it – basic steps you take to protect yourself and your data when you’re out about with the help of technology which is, in many cases, already available to you.
For more general tips on how to protect your digital presence, check out NCSC’s Cyber Aware, which includes a set of questions you can answer for a personalised action plan.
Joseph Smith, IT Security Specialist