What to Know Before You Connect to a Wi-Fi Hotspot

Protecting your online privacy

Hanging with friends at the coffee shop.
Luis Alvarez/Getty Images
PRODUCT DISCLOSURE $

Many people don't think twice about logging in to the free Wi-Fi at their favorite coffee shop or using the wireless network in a hotel when traveling, but open wireless networks are targets for hackers and identity thieves. Before you connect to a Wi-Fi hotspot, protect your personal and business information and your mobile devices using these security guidelines.

Don't Allow Automatic Connections to Non-Preferred Networks

On your device, disable the setting to automatically connect to non-preferred networks. If this setting is enabled, your computer or mobile device automatically connects to any available network, including rogue or bogus Wi-Fi networks designed to lure unsuspecting data victims. It does this without notifying you or asking permission.

Enable or Install a Firewall

A firewall is the first line of defense for your computer (or network, when the firewall is installed as a hardware device). Firewalls are designed to prevent unauthorized access. Firewalls screen incoming and outgoing access requests to make sure they are legitimate and approved.

Both Windows and macOS operating systems have built-in firewalls that should be enabled, especially before connecting to a public Wi-Fi hotspot. You can also install third-party firewall software if you need more control of the firewall settings and rules.

Turn File Sharing Off

When you use a private network, it's safe to turn on file sharing or store files in a Shared Documents or Public folder. Before you connect to a public Wi-Fi hotspot, disable file and printer sharing so that other hotspot users don't have access to your shared files.

Only Log on to Secure Websites

Don't use a public, open Wi-Fi hotspot for anything that has to do with money (online banking and shopping, for example) or where the information stored and transferred is sensitive. If you need to log in to any sites, including web-based email, make sure your browsing session is encrypted and secure. The address bar should show a URL that begins with HTTPS (encrypted) rather than HTTP (not encrypted). You may also see a padlock in the address bar that means the site is secure.

Most instant messaging programs are encrypted, with caveats. For example, Google Hangouts and Apple iMessage messages are encrypted between your device and their servers, although these companies do have access to the messages on their servers.

To enable end-to-end encryption of Facebook Messenger, move the Secret slider in the top right corner of the composition window to the right.

The secret conversation slider in Facebook Messenger

Use a Virtual Private Network

A virtual private network (VPN) creates a secure tunnel over a public network. If your company provides VPN access, use the VPN connection to access corporate resources and create secure browsing sessions.

Remote access solutions such as LogMeIn also create a secure tunnel to a second computer at home, from which you can access files or do other computing. Or, use a free personal VPN service such as Hotspot Shield, which is designed specifically for protection over an unsecured network.

Beware of Physical Threats

The risks of using a public Wi-Fi hotspot aren't limited to fake networks, data interception, and hacking. A security breach could be as simple as someone looking over your shoulder to see what sites you visit and what you type.

Busy public locations such as airports and coffee shops are prime risk areas for laptop theft. This makes physical security measures such as laptop security cables and privacy screens important.

Privacy protection isn't the same as security. Many applications mask your computer address and conceal your online activities. These solutions only protect your privacy, they don't encrypt data or protect your computer from malicious threats. If you use an anonymizer to hide your internet activity, take security precautions when accessing open, unsecured networks.