When you're on the go, free wireless internet (Wi-Fi) can be tempting. However, connecting to public or "open" Wi-Fi networks is a big security risk. If you can avoid it, don't ever connect to public Wi-Fi.
If you must use public Wi-Fi, it's important that you understand the risks so you can make informed decisions before you connect to open Wi-Fi. Following these best practices and tips can help to improve your security:
Only Connect to Secure Wi-Fi
The best choice for Wi-Fi is a secure wireless network that requires a user-specific private password to access, such as the JAYHAWK wireless network at KU.
eduroam: KU faculty, staff and students also have free access to eduroam Wi-Fi networks at many institutions around the globe. If you're visiting another campus anywhere in the world, check to see if they have eduroam. You can log in to eduroam with your KU Online ID and password and access a safer internet connection through the eduroam service. Visit eduroam to learn more.
Bring Your Own Wi-Fi: There are numerous options for pay-as-you-go and contract service personal Wi-Fi hotspots. If you're often on the go and need to access the internet, especially for high risk activities such as email, banking/financials, or online shopping—investing in your own personal hotspot is a smart security move.
Update, Patch, Upgrade Software and Apps
If something bad does get to your machine while you're connected to public Wi-Fi, having up-to-date antivirus software and apps may help. It's good security practice to keep all your software and apps up-to-date, especially your security (antivirus/malware) software. Up-to-date antivirus software is a must if you are connecting to public Wi-Fi. Set your software to update automatically, especially security software (antivirus/malware), to ensure you're always using the most recent versions. Keep your apps up-to-date to make sure you're using the latest versions and benefiting from security patches.
Avoid Email, Banking, and Shopping on Public Wi-Fi
If you must connect to public Wi-Fi, use common sense while connected. Never use open networks for email, online banking/financial services, or online shopping. Don't risk losing your most confidential personal information on an open network. Restrict your activity to only secure websites (i.e., only those with URLs that begin with "https://").
Don't Download or Install Anything on Public Wi-Fi
If you must connect to public Wi-Fi, don't download or install any software or apps while on it. Restrict software and app downloads, updates and installs to the times when you're on a secure network.
Only Visit Secure Sites
If you must connect to public Wi-Fi, restrict your browsing to sites whose URLs begin with "https://" The "s" at the end of "http" indicates that the domain holder has applied for additional validation.
DigiCert offers these tips to check a website's SSL certificate:
- If a URL begins with "https://" instead of "http://" the site is secured using an SSL Certificate.
- SSL Certificates secure data as it moves from the browser to the site's server.
- Companies have to go through validation process to get an SSL Certificate. However, there are different levels of validation, with some easier to get than others.
- Sites with the highest level of validation have a green address bar with a lock icon, indicating the site has an Extended Validation Certificate, the safest and most extensive validation available.
Use a Virtual Private Network (VPN)
Virtual Private Networks, or VPNs, create an encrypted internet connection between your machine and a network. Most VPNs are paid services. See The Best VPN Services of 2017 (PC Mag) » for some examples of VPN providers. Using a VPN on public Wi-Fi is a good way to increase your security, if you must connect to open networks.
KU Anywhere VPN Service for Faculty and Staff:
KU Anywhere is KU's VPN (Virtual Private Network) service. KU Anywhere allows secure access to resources on KU networks, such as departmental file servers, from a computer that is not connected to the KU's network but is connected to the Internet. For more information, including access and support, see KU Anywhere.
Verify Network Name Before Connecting
A common strategy by criminals is to broadcast free and open Wi-Fi. Always verify the name of the public Wi-Fi network before connecting. Look for a Wi-Fi info sign or ask someone who works there to be sure you're connecting to their public network.
Configure Your Devices for "Infrastructure" Networks Only
Configure your wireless card to use “infrastructure networks” only. Avoid connecting to “peer-to-peer” networks, also known as “hot spots” or “ad hoc” networks.
"Semi-Open" is Better Than "Open"
Networks that are "Semi-Open," meaning they require a password, but the password is widely available (e.g., coffee shops, hotels, etc.) are preferable to "open" or public Wi-Fi networks. You can often find a "semi-open" network in large spaces that have free public Wi-Fi (e.g., airports, malls, hotels). Although preferable to open networks, be very careful when connecting to "Semi-Open" Wi-Fi networks, and follow all the same security precautions of open networks.
Turn Off File-Sharing
Default settings on your mobile devices (e.g., laptops, smartphones, tablets) often leave your machine vulnerable to attacks. Turn off file-sharing functionality to prevent others on an open network from accessing the files on your device.
Turn Off Automatically Connect
Default settings often allow your device to automatically connect to available networks. Be sure to set your device to connect to networks manually, so you can fully investigate an available network before connecting.
Turn Wi-Fi Off When Not in Use
Turning off Wi-Fi when not is use is a good security practice. Only turn on Wi-Fi and connect your device to the internet when you need it.
Forget the Network When Done
Default settings often allow your device to remember networks that you've previously connected to. If you must connect to an open network, set you device to "forget" that network, so it doesn't connect automatically next time you're in network range.