Dennis Underwood
Published on
March 23, 2023

What Security Risk Does A Public Wi-Fi Connection Pose?

Think twice before using the coffee shop Wi-Fi. Learn more about the security risk that a public Wi-Fi connection poses.

Did you know that four out of ten people had their personal information compromised when they used a public Wi-Fi connection? We often don't think anything of it when we use Wi-Fi at public places like airports, coffee shops, and libraries. 

But the reality is that compared to home and business Wi-Fi, these types of connections aren't secured. 

That means other network users can see exactly what you see and send people on Wi-Fi. Worse, they can completely hijack you, giving them your login information. From there, they have access to personal information. 

Biggest Risks of Public Wi-Fi

Skilled hackers have many ways of exploiting the fact that you're using public Wi-Fi. The more you know about these risks, the better you'll be at defending against them. 

So in this section, we'll cover some of the most significant risks of using public Wi-Fi. You can also visit this guide to learn more about the top security issues of 2023. 

Malware, Viruses, Cyber Attacks

Malware is an umbrella term that covers viruses, ransomware, worms, and many other different types of cyber attacks. 

Viruses are specific types of malware that infect the host file, which humans then spread. It typically involves an app or code designed to cause harm or intercept private, valuable information. 

Want to find out how CyberCrucible protects against extortion attacks? Learn more about our company here to find out. 

Unencrypted Connections

When you surf the internet on an unencrypted connection, you open up the door for bad things to happen. Precisely, cybercriminals can monitor your traffic and any file sharing you use. 

They do this simply by monitoring who is connecting to a router. From there, it's easy to inject malware into the laptop or mobile device they're using. 

Related: Cyber Liability Insurance for Ransomware: What's Necessary?

Rogue Networks

This type of security risk can be used to enable a man-in-the-middle attack. The rogue infrastructure typically mimics the legitimate infrastructure. 

It uses the trust the victim's machine places in the infrastructure to make the victim's machine behave in a way that benefits the hacker. 

Sometimes this is as simple as redirecting network communications through an ad server. Other times, the victim machine may unwittingly install malware from a rogue server.

So when users get on the network, they think it's a legitimate connection when it's not. 


Snooping, also known as network snooping, happens when a hacker has the ability to read network traffic that would otherwise be private. Typically, these types of attacks are conducted on Wi-Fi networks, and public wifi is the most vulnerable. It's an excellent way for them to monitor activity in case someone divulges sensitive information.

Credential Vulnerability

This problem occurs when you need a stronger password for your account. However, even a strong password is only sometimes enough to protect you. If you use the same strong password throughout all your bills, then once a hacker knows it, they have the key to everything. 

Related: Backup and Disaster Recovery Strategies Often Require a Cold War Mindset

Update Alerts

Update alerts are a relatively new way to target people. It hones in on mobile cellphones. It gives them an update alert; if they click on it, it downloads malware. 

Session Hijacking

Session hijacking occurs when a hijacker exploits a web browsing session that's completely legitimate. However, once they get access, they will immediately have all of the data on your network device. Unfortunately, this type of attack is increasingly common. The good news is that Cyber Crucible defends against the theft of session tokens.

A woman using a VPN inside a coffee shop

How to Mitigate the Risks of Public Wi-Fi

There's a reason why nearly 94% of United States web users encrypt their web pages. It's because there are ways to mitigate many potential risks when you or your employees utilize public Wi-Fi. 

In this section, we'll discuss ways to reduce these risks. You should also check out that guide that covers the five cybersecurity pillars

Related: Ransomware & File Corruption: How Does That Happen, & Who Can I Blame? (Part 3: Not The Criminal!)

Disable Sharing

The odds are that if you're using public Wi-Fi, you probably won't share anything with anyone. As such, there's no reason to leave it on, as it's a huge security risk to your device. You can turn off sharing by going to the Control Panel or System Preferences on your computer. 

Or, if you have Windows choose the Public option when you first connect with a new network. This will immediately disable any sharing features. 

Turn Off Wi-Fi When Not in Use

Many people think that if they haven't actively connected to a Wi-Fi network, their computer isn't transmitting to any network within their connection range. 

Sadly, this isn't the case. The good news is that there are types of security that prevent most the minor form of communication from ultimately compromising you. 

But it's vital to remember that not all routers are built similarly. Since hackers are clever, we recommend turning off your Wi-Fi whenever it's not in use, like when you work on a word document. 

Enable Two Factor Authentication (2FA)

Two-factor authentication, or 2FA, is adding a second step to login processes. This step can vary depending on the use. Usually, it's just a temporary passcode sent to another device. However, in some cases, it's a physical key that needs to be placed into the computer. 

Two-factor authentication can be a little annoying to complete. But it can often keep hackers out of your connection, even if they possess your password. 


A VPN, which stands for Virtual Private Network, is a must if you or your employees ever use public Wi-Fi. VPNs will encrypt any data that comes back and forth from your device. 

That means that even if a hacker does manage to get into your connection while you're on, the data will be encrypted. Now, there are decryption processes that a hacker can use. But it's essential that most of them want an easy target. 

As such, they'll usually throw out any stolen information that requires decryption. In particular, VPNs are exceptional at blocking man-in-the-middle attacks. 

SSL Connections

In addition to a VPN, there's an additional layer of encryption that you can add on when using a public Wi-Fi connection. Whenever you go to a website you go to often or one that requires your credentials, make sure you turn on the "Alway Use HTTPS" feature. 

This is important because people often use one or two passwords for all their accounts. So, sending your login credentials without encryption could open the gate for them to get into all of your accounts, from social media to your bank. 

The good news is that almost all sites that have a login offer HTTPS. The bad news is that HTTPS can be downgraded and hijacked. 

Want to discover how the SSL certificate in CyberCrucible's self-hosted appliance can protect your connection? Read this guide to find out. 

two co-workers using a laptop

Create Policies & Educate Employees

You can't expect your employees to know about public Wi-Fi's threat to your business. The reality is that many people have no idea that it poses a threat, which is a big part of the problem. 

Without knowing that public Wi-Fi is a security risk for both themselves and your business, your employees will likely try to use free Wi-Fi every chance they get. 

That's why creating workplace policies and educating your employees on the dangers is essential. If you want a good resource for teaching, you can share this guide with your employees. 

Fortify Your Business from Public Wi-Fi

Ultimately, the best way to avoid the risk of public Wi-Fi is not to use it at all. And, in a perfect world, everyone would do that. Sadly, this isn't an ideal world. 

If you're an employer, you can't prevent your employees from using public Wi-Fi when they're not on company time. And, because their devices might contain company information, it's important to follow the steps in this article to fortify your business.

Remember that internet crime causes a reported $4.2 billion in losses each year. So if you want to avoid these costs, you'll make sure to invest in cybersecurity. 

About the author
Dennis Underwood

Dennis Underwood is a veteran, cybersecurity leader, inventor, and entrepreneur with over 20 years of experience. He is an expert at cryptography, intrusion discovery and analysis, having discovered multiple previously unreported intrusions to clients throughout his career. Currently, he is leading a team of like-minded experts delivering next generation intrusion discovery and ransomware response automation tools to consumers.

Start a free trial today

Sign up for Cyber Crucible today to protect your system against ransomware extortion.

Create an account