Free wifi in a cafe, hotel or airport is convenient, yet also one of the riskiest places on the internet. It is easy to reach your data on it, but just as easy for someone else to reach it too. Let us explain what can happen and how to protect yourself.

Why public wifi is risky

A public network is open and shared with strangers. Communication over it tends to be less protected, so under certain circumstances someone nearby can eavesdrop on it. Even worse are fake hotspots: an attacker creates a network with a name like “Cafe_Free_Wifi”, and whoever connects sends data straight through their device.

What can happen

  • Interception of passwords and login details.
  • Redirection to fake sites that look like the real ones.
  • Tracking of what you do.

How the attack works

The most common scenarios are:

  • Traffic eavesdropping. On a poorly secured network an attacker can see which servers you connect to, and on an unencrypted site the content itself.
  • A MITM attack (man in the middle). The attacker slips between you and the internet, so all communication goes through them. They can read it and even change it.
  • A fake network (evil twin). The attacker creates a network with the same name as the real cafe wifi. The phone connects to it automatically and you notice nothing.
  • Outdated devices. An old system or browser has known holes that are easier to exploit on an open network.

How to protect yourself

  • Use a VPN. It encrypts all your communication, so it is safe even on a public network. More in the article on VPN.
  • Only open sites with HTTPS (the padlock in the address bar).
  • Do not enter sensitive things like banking until you are on a trusted network or via VPN.
  • Turn off automatic connection to open networks and “forget” the network after use.
  • Turn off file sharing. On a public network mark the connection as “public” so other devices cannot see you.
  • Keep the firewall on and the system up to date, because updates patch the very holes an attacker exploits.
  • Consider mobile data. Your own hotspot from a phone tends to be safer than someone else’s wifi, because you do not share it with unknown people.

What is fine and what is not on public wifi

  • Fine: reading the news, checking maps, browsing sites with HTTPS.
  • Better not without a VPN: internet banking, payments, logging into important accounts, work systems.

For companies

Employees who work on the move should have a VPN as a requirement, not an option. Sensitive company data does not belong on an open network without encryption. This is related to cybersecurity principles.

Beware of a false sense of security

HTTPS has its limits too. The padlock by the address only means that the connection is encrypted, not that the site is genuine. An attacker can obtain a valid certificate even for a fraudulent domain that differs from the real one by a single letter. So always check the exact domain name, not just the presence of the padlock. And avoid free, nameless VPNs; some of them sell your data themselves. A paid or company solution from a trusted provider is better.

Want to work securely outside the office too? Get in touch, we will set up a VPN and secure access for you and your team.