Stop Doing These Things While You're Connected To Public Wi-Fi
There are various reasons to use a public Wi-Fi network when you're out and about. Maybe you have a limited or metered cellular data plan or one without tethering to let other devices use your phone's internet connection. Maybe you're a T-Mobile customer who has unlimited data but is close enough to the borderline that you try to stay under the 2GB monthly threshold that lets you get a $10 "Kickback" per billing cycle. Maybe you live in a city that doesn't have cellular service along the subway tunnels or doesn't have it between stops, and the city provides Wi-Fi access to fill the gaps. Maybe you need a connection somewhere that has better Wi-Fi speeds and lesser cellular signal penetration. And so on.
However, using a public Wi-Fi network comes with a lot of potential security issues. Broader improvements to Internet security mean that you don't have to be quite as restrictive of your activity when connected to a public network as you might have needed to be five or ten years ago. However, there are still many different security risks to be aware of. There are ways to do online banking or enter login credentials for other important accounts with relatively little risk, but the risk is still there. Let's go over a few things that you should avoid doing to mitigate those risks as much as you possibly can.
Transmitting sensitive data without encryption
In the past, the conventional wisdom was to not go to your bank website or log into social media accounts while on public Wi-Fi. Today, you don't need to be as strict, but that doesn't mean you shouldn't show caution. Ensure that your data is going through at least one layer of encryption.
In the case of bank websites and social media, they generally use Hypertext Transfer Protocol Secure (HTTPS), denoted in the address bar by the "https://" prefix or lock icon. If you're logging in via the HTTPS version of a website, then all of the data sent to and from that website is being encrypted in transit. One sign that you might be on a compromised public network is the "https://" prefix suddenly switching to unencrypted "http://" as you log in. If you see that happening, get away as soon as you can.
You can also add a layer of encryption by routing all your traffic through a trusted virtual private network (VPN). Though users often flock to VPNs to get around geo-blocked content, security is another great reason to use VPNs. They encrypt traffic while hiding your location and routing it through their servers. To find a trustworthy VPN, our list of 2023's best VPNs is a good start, but Google also has one now that comes as part of Google One subscriptions.
Connect to an unknown or unencrypted network
VPNs and HTTPS are not the only areas where you should be taking encryption into account, though. There's also router-level encryption, and since it's usually turned off by default, even well-meaning administrators may set up legitimate public Wi-Fi networks that aren't encrypting your traffic at the router level. Not having an encrypted connection to the router doesn't make it inherently malicious — a small concert venue, for example, not encrypting its public Wi-Fi network — but it's something to keep in mind.
The key is that you're still careful and discerning about what public Wi-Fi networks you connect to. Scammers sometimes set up unencrypted, above-board-looking "public" Wi-Fi networks to intercept the traffic of those who connect to them. As noted earlier, one telltale sign of this is the "https://" URL prefix suddenly turning into "http://."
With all of this taken into account, if, by some chance, you need to connect to an unencrypted Wi-Fi network, then you should always do so through a VPN. But if you have other options, be they your cellular data connection (directly or tethered to another device) or an encrypted Wi-Fi network, then you should definitely go with one of those. Your data privacy and security is worth more than paying extra for a small discount on metered data, the $10 "Kickback" discount that T-Mobile offers for using less than 2GB of their data on a line in a billing cycle, etc.
Automatically connecting to public networks
Something you need to ensure you're diligent about when using public Wi-Fi is telling your device not to automatically reconnect by turning off "auto-reconnect" or choosing the "forget this network" option.
Generally speaking, you don't want your phone to start reconnecting to any of these networks. One reason is pretty simple: it happens in the background, so you might not immediately notice it if you're not closely watching the wireless status icons on your device. Technically speaking, the other is a bit more complex: With auto-reconnect turned on, you're broadcasting to potential bad actors that your device is happy to treat a nearby network as being as good as your home network. Since devices recognize known networks by their SSIDs (network names), bad actors can stealthily connect to your device without you having any idea that this is happening.
"Let's imagine on Monday, you went to your favorite cafe and manually connected to its Wi-Fi network called 'Starbucks Wi-Fi,'" NordVPN security expert Daniel Markuson explains in a 2021 Hindustan Times interview. "You know that the network at this cafe is normally secured, and you feel like you have nothing to worry about. But then, on Tuesday, a hacker can set up an evil twin network nearby with the same SSID (network name). And, when you come to grab your daily cup of coffee on Wednesday, you cannot be sure which network your device will automatically join."
Leaving network file sharing turned on
This one applies much more to laptops than to phones or tablets (at least those not running desktop operating systems), but you should absolutely make sure to have local network file sharing turned off when you're out and about. Leave it on, and you'll give anyone else on the network access to whatever folders are shared from that computer. It also creates another potential attack vector: Bad actors deliberately sharing a folder containing malware with the idea that your curiosity will get the best of you.
To turn off file sharing in Windows 11, go to Settings -> Network & internet -> Advanced network settings -> Advanced sharing setting. On Windows 10, it's in the Network and Sharing Center. Meanwhile, On macOS, at least as of Sonoma, you just need to go to System Settings, search for "sharing," and ensure that it's turned off in the right-hand column.