Some security consultants like to use scare tactics to sell their services. You may have received some alarmist advice warning you to stay away from public Wi-Fi at all costs. But is public Wi-Fi really that risky?
At Matterform, we believe that today’s encryption standards — along with maintaining up-to-date software and operating systems — mean that public Wi-Fi is far less risky than it used to be.
Encryption means you can safely use public Wi-Fi even when you don’t know or trust the network.
Yes, it’s okay to check your email, shop online, or look at your bank balance on public Wi-Fi, and it’s all due to the beauty of encrypted connections. So, what are encrypted connections? Simply put, they are a scrambling of the information you send over the internet so that the code is inaccessible to others.
This article from Electronic Frontier Foundation (EFF) further supports the idea of using public Wi-Fi, stating that “advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was.”
The primary reason for the shift in perception is the widespread deployment of HTTPS encryption on popular websites, including Google turning on HTTPS as the default for all Gmail users at low cost. Examples such as this showed that encrypted web browsing could be both inexpensive and simple to implement.
So, how do you know if you have the proper encryption coverage? How can you tell if a website is encrypted?
The folks at the Federal Trade Commission (FTC) have outlined tips for using public Wi-Fi networks, including looking for HTTPS at the beginning of the web address (the “s” stands for “secure”). This practice extends to every website you visit, meaning that you can’t just check when you sign in to your internet session. In addition, the “lock icon” in your address bar only confirms that you’re communicating securely with the URL in the bar, but it doesn’t confirm overall security.
Another tip from the FTC involves the use of mobile browsers, as opposed to mobile apps, when accessing the internet from an unsecured Wi-Fi network. Because mobile apps don’t have a visible indicator, such as HTTPS, you won’t be able to determine if an app is properly encrypted. On the other hand, a mobile website does allow you to check the web address, so you’ll want to be sure to access a company’s mobile website directly if you’re conducting a transaction on an unsecure Wi-Fi network.
Cybersecurity concepts can be overwhelming, and with the amount of time we spend online on our various devices, it can be easy to ignore any concerns and hope for the best. But it’s not something we can afford to ignore. Matterform risk analysts offer weekly cybersecurity tips and security best practices, which provide simple solutions that can help you and your organization to not only feel secure but confident about staying a step ahead of any threat.
Follow me on LinkedIn for cybersecurity tips every Tuesday.