Public Wi-Fi Network
30. July 2021

When is a public Wi-Fi network secure?

Since the global COVID 19 pandemic at the latest, remote working has become an integral part of corporate processes and procedures in many areas. Working from anywhere offers numerous advantages – but also risks. These are particularly explosive in the areas of IT security and data protection. For your remote work, it is particularly essential to know how to avoid security risks around public Wi-Fi networks.

Public Wi-Fi network security: How to ensure data security in public networks

Remote work, home office, and, last but not least, mobile working worldwide are no longer uncommon in most companies. Corona has made working outside the office more common. In agreement with their employer, many employees have moved their entire daily routine to their own four walls, and it is not uncommon to meet people in cafés or the park who are doing their work with a laptop and their smartphone. That also offers the opportunity to work in places where the working conditions are particularly well due to the climate or other circumstances. That can be in Chiang Mai, Thailand, just like a coworking space in Berlin. Whether one works in  Asia or the café next door, having a fast and reliable connection to the Internet is essential for remote work. Outside of their own homes, many employees use public Wi-Fi networks. These can quickly become a security risk.

When does a Wi-Fi network become a security risk?

The truth is: if you send documents directly via a public Wi-Fi network, that is just what any hacker targeting you has been waiting for. You might just as well use a projector to display the contents of your laptop on a screen.

Hackers can also quickly lure their victims into a trap using a trustworthy sounding Wi-Fi network. Anyone setting up a Wi-Fi network can choose its name freely. Because it is called “O2 Hotspot” does not guarantee that O2 is really behind it.

Of course, this does not mean that public Wi-Fi networks should always be considered a security risk. However, users should be aware of how they can protect themselves and how compliance can be maintained even when using public Wi-Fi networks.

One possible point of attack for hackers is the communication between the devices used and the access point. If the hacker gets in between, the data gets sent to him instead of to the network. The problem is obvious: By sending the data, cybercriminals then have all the information in their hands and can freely dispose of it, for example, access data or credit card usage data. That is particularly tricky when it involves so-called personal data following the General Data Protection Regulation (GDPR). Here, those affected have extensive rights. In addition, companies face severe sanctions if they violate the requirements of the GDPR. 

How to secure your work in the public network

An open Wi-Fi network enables everybody within range to read all your data. Even a password-protected Wi-Fi network is not secure. That means: Anyone logged into the same Wi-Fi network can still read your data.

Thus, you should therefore only transfer encrypted data.

There are two methods for doing this:

1. VPN

In addition to the actual Internet connection, a second encrypted connection is established to the company network via a so-called VPN (abbreviation for Virtual Private Network) before data can be transmitted. It enables you to use any Wi-Fi network securely.

ATTENTION: A VPN only protects your data en route from your cell phone or computer to the company. That is usually sufficient for in-house communication.

2. SSL encryption

More and more websites – including most US Internet services – are now encrypting the data they exchange with you via SSL. If you see a small, often green, closed padlock in your browser window, it means that all data you enter on  this website is not visible to outsiders.

ATTENTION: cell phone apps or computer programs are often not encrypted via SSL. So, when you use your cell phone to log in to a public Wi-Fi network, it may be that everyone can read the name and password of your email account. Unfortunately, you cannot see that yourself.

What other options are there for securing work within public networks?

In addition to the measures mentioned, you can avoid security risks by taking further precautions. These include:

  • Prevent data release: You can use the system settings to ensure that you do not share data without further action. We highly recommend this if you work in public Wi-Fi networks. It is the only way to ensure that you retain control over your data. 

  • Deactivate WLAN: To ensure that no data is exchanged even without a Wi-Fi network, you should exclude the possibility of further communication and always deactivate the WLAN when you do not need it.

  • Keep security programs up to date: Up-to-date security programs are essential, regardless of the operating system you use.

  • That applies not only to work in public Wi-Fi networks but generally whenever you establish communication “to the outside world” with your computer or with your end devices.

For more information on the topic of data protection, please refer to our article “Business and data protection laws! Practical tips for companies to secure and protect their customers’ personal data”.
To avoid cyber-attacks, we recommend the qualification of employees through training and continuing education like our online training “IT-Security for employees”. For employees outside a fixed workplace training courses that consider the special framework conditions are also essential.

How can risky Wi-Fi networks be identified?

In general, you should exercise healthy suspicion when using public Wi-Fi networks and implement the recommended security measures. In practice, some clear signs have emerged at which your inner “alarm bell” should go off:

Pseudo hotspot setup

Setting up a pseudo-hotspot is one of the easiest but most effective ways to grab data over a public Wi-Fi network. Hackers do this by posing as a public network and offering a link. Often, hackers use busy locations such as airports or shopping streets for this purpose. Users then connect to the pseudo hotspot and, in the worst case, deliver the online data traffic directly to the cybercriminals.

Lack of encryption

You should also be careful if, while surfing, you notice that a website that is usually encrypted is suddenly displayed unencrypted. You can recognize this by the “HTTP” in the browser instead of the secure “HTTPS”, which indicates a secure connection. Cybercriminals use the lack of encryption to steal login data. If you notice this, you should leave the site immediately and refrain from attempting to log in. Alternatively, you can use so-called VPN tools to surf securely even in unencrypted networks. Remember that some browsers (for example, Opera) already use a corresponding tool as factory default setting to allow users to surf securely without encryption.

13. August 2021
Clean desk policy and GDPR
16. July 2021
Why E-learning is THE solution to effectively train your team on GDPR
lawpilots GmbH Recht. Einfach. Verstehen. lawpilots bietet innovative & praxisnahe E-Learnings Anonym hat 4,64 von 5 Sternen 2175 Bewertungen auf