Free Wi-Fi comes with its own share of threats, issues and problems. However, by taking certain precautions, one can reasonably protect oneself from dangers revolving around Wi-Fi. Following are the major points of consideration.
Only Browser HTTPS Encrypted Sites:
Avoid log-in into any website that is not encrypted (non HTTPS complaint). Rather use public Wi-Fi for less sensitive tasks like reading news, playing an online game which doesn’t require log-in, watching online videos, finding directions etc.
Otherwise, any person snooping on your browsing can see everything you are seeing. If the sites you are using are not HTTPS encrypted, the person can eavesdrop on your conversation and browsing. And sadly many popular sites still don’t use encryption by default. In short, when on free Wi-Fi stick to HTTPS websites only. Any sensitive task should be done on a more secure private network like home.
Therefore, look for HTTPS at the beginning of a website’s address in the URL address bar. HTTPS implies that the connection between the browser (client side) and the web server (server side) is encrypted, so any data sent to the website is safe from eavesdropping or tampering. Most browsers include a padlock symbol at the beginning of the address to indicate that the site uses encryption.
Watch out for Rogue Hotspot:
Beware of unknown Wi-Fi connections that pops-up in your device list. With mere investment of few thousand anyone can setup a rogue Wi-Fi hotspot that appears legitimate. In some cases, they create Wi-Fi with same name, known as evil twins Wi-Fi. In others cases, they create Wi-Fi with names of known nearby popular locations such as McDonald, Burger.
Don’t join networks you don’t know about. If you see similarly named networks, make sure you double check with the owner of the network before joining it.
Use Virtual Private Network when browsing the web on a public network. This ensures that any data from client side to web servers is sent in encrypted form. Thus, your public Wi-Fi connection is protected from evil guys. Even sniffing tools, are of no use.
Turn off Wi-Fi when not in Use:
When Wi-Fi is switched on in your device, your terminal remains open even if you don’t access any website. The risk factor is not huge but hackers can still try to access your phone through bogus/ fake routers. Therefore, turn off your Wi-Fi when not in use. Also, Wi-Fi running on your device, consumes the phone’s battery. Turning it off, will prolong your battery life too!
Don’t Repeat Passwords:
Having one password for multiple accounts is a grave mistake in the virtual world. In such a scenario, if any of your account gets compromised, your other accounts may also get breached. Similarly, always create and use strong and unbreakable passwords. You may use password managers for this purpose.
Encrypted communication is your best bet against session hijacking. Also ensure upto date anti-virus solution on your device to ward off malwares. Finally, make sure to log off from your browser accounts when you are done. It will ensure that no one can use your session cookies after your leave.
Also make sure your device setting has “forget the network” enabled, so that it will not automatically reconnect to a particular network if you’re within it’s range without your prior permission.
Turn off Sharing:
As soon as you verify and connect to the public network, turn off the file sharing option. Otherwise, attackers can also access your files. Not only this, hackers can also send you files laden with malwares like spywares, Trojans etc.
Keep the Firewall Enabled:
Firewall may not provide you complete protection, but act as barrier that protects your device from threats of malwares. It monitors the data packets coming from networks and checks whether they are safe or not. Any malicious data packet, is proactively blocked by the firewall. Therefore, always keep the firewall enabled.
Anti-virus may protect you by detecting malwares that may creep in while using the shared network. Always make sure to use the latest version, to enable detect newer forms of viruses. An alert will be displayed if viruses are loaded onto your device or if there is any malicious attack on your system.
Consider installing extensions like HTTPS Everywhere. It enhances privacy by - forcing browsers to use HTTPS on supporting sites and forcing sites to use SSL encryption if available. Thus, it encrypts communication with websites. It's signified by “HTTPS” at the front of website's URL and padlock icon in the browser address bar.
Some sites make it difficult to use HTTPS by having unencrypted HTTP as default or by filling encrypted pages with links that go back to unencrypted sites. HTTPS Everywhere extension fixes these problems automatically by forcing the use of HTTPS.