How do you tell if the public WiFi on offer is secure or not secure?

Open WiFi Access – what is it and why is it bad?

Currently there are many businesses out there (over 90% according to our survey) which have open WiFi access. This is not secure.

WiFi encryption secures your wireless internet. Without it, you are leaving your device open to online threats like viruses, malware, data snoops and hackers. Put simply, encryption keeps your device secure – and this applies to any device like Windows PC or laptop, Mac, iPad and even Android tablets.

Think of encryption as an additional layer of internet security on top on the antivirus, anti-malware or OS-based software that you have on your electronic devices. It adds network security to the mix for real-time internet protection.

So, in the long list of public WiFi networks on your device, how do you know which one to pick? Unfortunately, until Hotspot 2.0 comes into effect, it’s up to users to work out which WiFi to use.

How do I know if the network is open, or if it’s secure?

Perhaps when it has a padlock that means it is secure, because it requires a password? Unfortunately not. That would be too obvious!

Confusingly, a padlock image next to the WiFi network name in your WiFi settings doesn’t necessarily mean that the network is secure. Just because it has a WiFi password doesn’t mean it’s safe to use.

Using an unsecure WiFi network can lead to things like a “man in the middle” attack, i.e. if another malicious user is on that same connection, they can steal login information simply by “listening” to the traffic your device is sending.

For example, if you login to your online banking and that information is transmitted without encryption in place, the malicious user can capture that data and use it for their own gain.

Good tips if using an unsecured WiFi network is unavoidable –

  1. Save really important tasks such as online banking for home on a wired network
  2. When on a WiFi network, look for websites that have “https” in the address bar.
  3. If you really want maximum security, use a VPN.

Our Purple WiFi survey indicated that 90% of businesses are offering potentially insecure and unprotected WiFi, i.e. their networks were either completely open or a standard password was given out. On top of this, over half of the venues surveyed confirmed they have no family friendly content filtering in place. Worryingly, this means that access to undesirable content isn’t being restricted.

So as a WiFi user, how do we know if a network is secure?

Short answer is there’s no easy way of telling — if you aren’t technical. Our advice is that it’s always best to be safe and not give out any personal data that you don’t want people to hack while in public. So, for example, don’t do your online banking. The only way to be really sure that the WiFi is secure, is to know the WiFi provider is a genuine one – for example Purple WiFi or another similar secure guest WiFi software provider!

As a venue, what should you consider when providing guest WiFi?

Venues need to provide a separate and secure system for guest WiFi to mitigate against the risk of anyone hacking into customers devices in the venue to get personal data. A secure login process also separates the business WiFi from guest WiFi, protecting the business’ own private network.

Some legal stuff

Although there are grey areas to the law, it is possible for venue owners to become liable for the actions of people in their venues. One such example is here: http://www.techradar.com/news/internet/broadband/uk-pub-fined-8k-for-drinker-s-wi-fi-download-654606

There are also various obligations of being a public WiFi provider, which may vary slightly country by country. In the UK, the Data Protection Act 1998 must be adhered to whenever personal data is collected or processed. It is best practice for service providers to retain certain communications data in line with data retention regulations 2009. These regulations assist in the prevention and detection of organised crime and terrorism. The Digital Economy Act 2010 targets online copyright infringement by end users, covering illegal or inappropriate downloading and file sharing.

Our advice for venues

The way that Purple WiFi recommend that businesses offer free WiFi in order to be safe and secure is:

  • Mitigate against all risk as a venue owner and public WiFi provider.
  • Provide a splash screen prior to log in explaining what the customer is signing up to.
  • Ask users to register and accept terms and conditions as they sign in to the WiFi.
  • Ensure the customer’s data is stored by a reputable provider in line with your country’s regulations.
  • Proactively engage in filtering of internet traffic, to block file sharing traffic or traffic to pornographic or suspicious websites.

Related links

http://www.pcworld.com/article/2031443/how-to-set-up-public-wi-fi-at-your-business.html

http://www.microsoft.com/en-GB/security/online-privacy/public-wireless.aspx