Use of public Wi-Fi comes with inherent risks, and should be avoided if possible. Instead use your device’s data plan, hotspot, or if you must use public Wi-Fi, use a virtual private network (VPN) to encrypt your data. A VPN will protect your data in transit and will make it impossible for anyone spying on network traffic to see your data. Why should public Wi-Fi be avoided? Scammers may use public Wi-Fi to disseminate malware to unsuspecting victims connected to the same network. They also may use public Wi-Fi to intercept data, such as emails, payment information, passwords and more. For more information on the types of attacks that can occur on public Wi-Fi, please see the following Download article, Public Wi-Fi: Proceed with Caution.
There are two types of Wi-Fi networks, secured and unsecured. An unsecured or open WiFi network is one you can intentionally or unintentionally connect to, if your device is within range of the network. A secured network is one that is password protected and is the recommended connection type for those using public Wi-Fi. A provided, non publicly posted Wi-Fi password, obtained from a trusted source adds a layer of security over open/unsecured networks, but does not mitigate all risks.
The following are key public Wi-Fi Dos & Don’ts:
Do:
- Be wary of public Wi-Fi which requests personal data when joining. Legitimate businesses may use this as a method to recognize you across all locations and tailor advertising, but scammers may also use this as a way to steal your sensitive information. Instead look for public Wi-Fi hotspots setup by your mobile phone or internet carrier.
- Use a VPN when using public Wi-Fi. For information on NYU VPN, including locations offered, see www.nyu.edu/it/vpn.
- Prevent your device from automatically connecting to unsecured and open networks via device settings; disable auto-login or auto-connect settings in your devices, including blue-tooth.
- Protect your files by turning off file sharing (PCs) and AirDrop (Macs).
- Obtain Wi-Fi passwords from trusted sources, such as an employee of the business/organization.
- Be on the look-out for and avoid “look alike networks” with similar names to the legitimate network to which you’re connecting. These networks may even appear to have a stronger signal, and are set up by scammers to lure victims.
- Keep your devices within your sight and reach at all times.
Don’t:
- Access personal accounts or access or transmit other sensitive information while on public Wi-Fi unless you are also using VPN. This includes online shopping.
- Remain logged into accounts after you have finished using them.
- Perform updates on untrusted networks as updates may come with malware.
- Reuse passwords. If you do so, the compromise of one account will likely occasion the compromise of other accounts on which the same password is used.
For more information and other Wi-Fi related resources, be sure to check out the Security Awareness web page!