Fire up your VPN when using public Wi-Fi

It’s best to play it safe when you’re out of the office using someone else’s Wi-Fi network.

Mobile data has traditionally been rather expensive in Australia so we’re in the habit of jumping onto free Wi-Fi networks wherever we find them—from cafes and shopping centres to sporting stadiums and airport lounges. These days mobile data costs have fallen and monthly download allowances are more generous, yet we still tend to use free public Wi-Fi when we’re out and about.

The trouble with using public Wi-Fi is that you don’t know who controls the network and whether they’re trying to eavesdrop on your online activities. In somewhere like an airport lounge, who is to say that the nearby “Public_WiFi” network isn’t really being generated by someone sitting at the next table, hoping that you’ll assume it’s a legitimate network?

Even if you are connecting to a legitimate Wi-Fi network in somewhere like a cafe, can you be sure that the network hasn’t been infiltrated by someone who is up to no good? The cafe owner might make a great latte, but what are their credentials when it comes to wireless network security? Would they even know if someone was lurking on the network, watching for passwords and other sensitive information?

If you can’t vouch for the integrity of a Wi-Fi network then it’s best to engage a virtual private network (VPN) to cloak your activities. A VPN creates an encrypted tunnel between your device—your computer, smartphone or tablet—and the VPN server. The VPN server then acts as your gateway to the internet.

The benefit of this is that no-one else on the Wi-Fi network can monitor what you’re doing online, not even the network operator. They might be able to tell that you’ve created a secure encrypted connection, but they can’t peer inside to see what you’re doing.

There are plenty of free and paid VPN providers to choose from, although you tend to get what you pay for in terms of speed and security so be wary of using a free service to protect important business data.

Alternatively you might run your own VPN server in the office and let remote staff connect directly to that server. One advantage of this is that your people are making a secure connection all the way to the office, rather than just to a third-party VPN server in the cloud. Another advantage is that once connected to the office VPN, your people can access in-house servers and other systems that aren’t accessible across the open internet.

As Australia’s 4G mobile data networks become cheaper and faster there’s less and less reason to use public Wi-Fi hotspots, but if you do, it’s important to take sensible precautions to protect your privacy.

Anthony Hill is the head of technology at Geeks2U, a national on-site computer repair and tech support company.

Trending

COMMENTS

Subscribe
Notify of
guest
4 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
kazari
kazari
3 years ago

Yeah, but how safe are those VPN apps on your phone anyway?

https://blog.csiro.au/tinker-torrentor-streamer-spy-vpn-privacy-alert/

Kait Drechenburg
Kait Drechenburg
3 years ago

I have made it a habit of using VPN whenever I am on a public Wi-Fi network. I have been using PureVPN coupled with it Nat Firewall plugin and it’s working pretty good.

Nick
Nick
3 years ago

I agree that VPN became a must, especially on public hotspots (which can be “evil twins” wi-fi networks). I am using Traceless VPN, because it is offering simultaneous connection on several devices, so it keeps me protected wherever I go and no matter what device I’m using.

Rob Knight
Rob Knight
3 years ago

For those businesses who are very security conscious and have a lot to lose in terms of data leakage with the associated investigations and potential fines (which in the EU go up considerably next year) – don’t connect the end user device direct to a public Wi-FI connection in the first place.

If you must use public Wi-Fi (i.e. overseas travel where mobile roaming costs are potentially high), then ensure your business implements an always-on VPN that fails closed (i.e. if no VPN is possible, no data leaves the device) together with a robust set of host based firewall policies – in other words, the only traffic out on internet connected connections should be the VPN traffic itself and potentially DNS to resolve the gateway address unless you’re using hardcoded IP addresses/host file entries.

To use public Wi-Fi connections with landing pages (captive portals) use a small, low cost mini-router device with a cheap phone (both very portable) – connect the router to the public Wi-Fi, deal with the landing page via the cheap phone and then connect your corporate device through the mini-router.

Additional Nat’ing, SPI firewall and the much more robust security posture of the corporate device with the always-on VPN will ensure that your data is safe.