How to use public Wi-Fi safely

A free public Wi-Fi connection can seem like a lifesaver when you're on the go. But while Wi-Fi hotspots in coffee shops, airports, hotels, libraries and other public spaces can offer convenience, they may not always be secure, which means someone else could access your information.

Is public Wi-Fi safe?

According to the Federal Trade Commission (FTC), "because of the widespread use of encryption, connecting through a public Wi-Fi network is usually safe." To determine if a website is encrypted, look for "http" at the beginning of the web address (the "s" is for secure). If the address starts with "http," then that page is encrypted. If it's just "http," the site isn't encrypted, and your information can be vulnerable. It's recommended that you look for "http" on every page you visit on a website as some sites only encrypt their homepage or sign-in page. Know that if a site starts with “http” it isn’t safe by default, it’s still important to keep an eye out for suspicious links.

Is it safe to use mobile apps on
public Wi-Fi?

It generally is but be wary. According to the FTC, it can be hard to tell if a mobile app uses encryption, but the majority do. While public Wi-Fi risks have slightly diminished over time, there are still precautions to consider when using apps on public Wi-Fi. When possible, use an encrypted wireless network or your phone's data plan.

Dangers of public Wi-Fi

There are several things that can make using a public Wi-Fi service a risk to you and your system. Here are some dangers that are commonly used by hackers.

• Malware — this type of attack disables or damages computers and computer systems to leave your system vulnerable to unwanted access.
• Spyware — this is similar to malware, but instead spyware covertly burrows into your system, gathers private information and sends it back to the hacker. A common threat is a man-in-the-middle attack which allows them to read the data when your device communicates with a service or website.
• Ransomware — this refers to attacks that gain and restrict access to your system, usually to demand funds from you to regain your access or precious files. Know that paying scammers the money they ask for will not guarantee you regain control. If you’ve been targeted by this sort of attack, limit your communication with them and get in touch with the authorities right away.
• Unencrypted connections — if you’re connected to an unencrypted network, an attacker can easily inject malicious code into your device. Generally, encrypted networks either have passwords, which in your settings app may be depicted by small locks next to the network name or bring you to a launch page when you first connect.
• Malicious hot spots — hackers sometimes set up fake Wi-Fi networks using a tool referred to as a “Wi-Fi Pineapple” to mimic the name, or service set identifier (SSID), of a real network. While not as common, these can be difficult to spot, so try to remain cautious with what you do on public Wi-Fi.
• Social engineering — many scammers will simply pose as a well-known official or representative of a company to convince you to willingly hand over precious information. Do not give your passwords to anyone, even those who appear to be from where they claim. If you’re unsure, contact someone from the company or organization through official channels. For example, if they claim to be from your bank, consider going to a local branch in person and asking if the call or email is legitimate.

Tips to help protect your information when using public Wi-Fi

• Check the validity of available Wi-Fi hotspots. If more than one hotspot appears claiming to belong to the establishment you're in, check with the staff to avoid connecting to an imposter hotspot.
• Connect to few public Wi-Fi networks. Choose which networks you connect to carefully. The more you access, the more likely you may stumble upon one that is malicious or unsecure.
• Read the terms and conditions. Public networks often have these listed for you when you first connect. Consider reading through them for red flags.
• Set up HTTPS by default in your browser. Consider adjusting your browser settings to automatically force websites to connect using HTTPS.
• Don't stay permanently signed in to an account on a website. When you've finished using an account, log out. If you’re using a public computer, refrain from saving your login credentials for future use when you login.
• Avoid using the same password on different websites. Reusing a password could give someone who gains access to one of your accounts access to many of your accounts.
• Pay attention to web browser alerts. These warnings try to safeguard you when visiting fraudulent websites and can help protect you from downloading malicious programs to your devices. Keep your browser and security software up to date.
• Control when and how your device connects to Wi-Fi. Consider changing the settings on your mobile device, so it doesn't automatically connect to nearby Wi-Fi.
• Use a virtual private network (VPN) if you use Wi-Fi hotspots on a regular basis. Consider using a VPN, which will encrypt transmissions between your device and the internet.
• Use privacy screens. Filters can be used to make your monitor or phone screen visible only to you. Privacy screens are designed so that anyone looking at your display from an angle should only see a black screen.
• Avoid file sharing. Turn off the file sharing features on your computer as these settings may grant access to your files to anyone on the same public Wi-Fi network. This includes features like AirDrop or Bluetooth.
• Use two-factor authentication. Setting this up on your accounts can help keep your logins secure. When active, a hacker won’t be able to gain access to your accounts even if they’re able to steal your password because it will also require the temporary code sent to you via text or email.
• Install protective software. Antivirus software can help you further secure your computer from viruses and spyware. Remain cautious and regularly perform vulnerability scans as your computer may still be susceptible to viruses. Additionally, when downloading the software, be wary of fake programs claiming to be well-known antivirus companies.
• Keep a backup. If you do end up getting hacked, it may be helpful to have a copy of important documents or files on a separate drive. For additional protection, use an offline hard drive in addition to the cloud-based storage services you use.
• Update your operating systems. Older systems are at a higher risk for cyberattacks as they don’t have the latest patches for vulnerabilities or exploits.

What not to do on public Wi-Fi

Many hacker strategies rely on you using certain services while the perpetrator has access. To help prevent important data from being leaked, try to avoid the following when using public Wi-Fi:

• Filing your taxes. Tax forms require a lot of sensitive personal information. If a hacker infiltrates your system, they could use this information to your detriment.
• Making online purchases. Through online shopping, hackers can gain your credit card or login information to potentially make fraudulent purchases.
• Using your banking site. Login information, bank account numbers and other personal information may be leaked when accessing online banking.
• Paying bills. Depending on the bill you’re paying, hackers can gain access to sensitive info like your home address in addition to your payment information.
• Leaving your device unlocked. Regardless of which Wi-Fi you’re using, lock your device when leaving it unmonitored in public to help deter in-person offenders from gaining access.

Cyberattacks are generally done to steal someone’s identity. To take extra precaution, State Farm® offers Identity Restoration insurance, which may help you restore your financial situation. Consider contacting a State Farm agent if you want to learn more.