Free Wi-Fi could cost you a great deal

In a number of conversations I’ve had with clients recently, the topic of online safety has come up, particularly in regard to the availability of free Wi-Fi hotspots.

Whilst there are some advanced techniques that the paranoid or highly technical users can do in order to see if a network is “safe”, there are a few common sense rules you can use.

Firstly, what do we mean by safe? For the purposes of this post, let’s assume 4 different levels of safe:

1. Unsafe: You’re fine to do general internet stuff (Google something, read a news site, etc.) but do not do anything which requires you to log in. Don’t check email, Facebook, online banking, etc.
2. Probably Unsafe: General internet use is OK, logging in to sites that use the secure HTTPS should be OK but avoid logging in to web-based email, using your credit card number or doing online banking. (Naturally, you should always use different passwords for your email and banking, and those should be different again from login passwords for any other sites.)
3. Probably safe: General internet use is OK, logging in to sites that use the secure HTTPS should be OK but avoid using your credit card number or doing online banking if possible.
4. Fully trusted networks: These should be safe for most internet usage.

With those definitions in mind, here are two simple questions to ask yourself:

First question: When you connected to the Wi-Fi hotspot, did it ask you for a password? (This is separate to asking you to accept terms and conditions). If it did not, then you should always consider the network “Unsafe” – the information is travelling unencoded between your laptop/phone and the wireless access point. Anybody else in the vicinity can “listen in” to see anything you are doing on the network.

Important note: Computers in internet cafes, airport terminals and business lounges should be always be considered unsafe. There a many reported instances of these types of public access computers being accidentally – or deliberately – infected with viruses or password stealing malware. In practise, you should consider any computer other than your own personal desktop/laptop/tablet/phone to be Unsafe.

Second question: How well do you trust the people who set up and maintain the network? This requires a little bit of thought. Is the internet access being provided or managed by a name you recognise or trust? Most telecommunications companies have really good IT security people on staff. Your local library probably has a full time IT administrator looking after their systems too. Your local coffee shop might not – but if you’re a regular, why not ask who does their IT and how often they check in / maintain it?

If you don’t trust them, then consider the network “Probably unsafe”. If you do, it’s “Probably safe”.

The final category, “Fully trusted networks” is reserved for your own house (or a friend’s private internet link) – or if a suitably qualified and experienced IT specialist has checked it over and reassured you.