Do you need a VPN when accessing public wifi?

This article explores the risks of using public wifi, strategies for protection and the best virtual private networks (VPNs) for securing your connection.

With over 300 million people being affected by data breaches in 2023 alone, cybercrime shows no sign of slowing down. Taking security measures to protect your data and privacy while using the internet is vital, particularly when connecting to public wifi networks. But can using VPN be an imperative step towards ensuring online security?

The figures obtained and analysed by our researchers are indicative. More than 364 million people were affected by data breaches between January and May this year, with the greatest number of compromised personal records associated with telecom providers. 

Although not every data breach results in fraud, it still entails financial losses for businesses due to lost customer trust and impaired reputation. Cybercrime is expected to cost US$10.5 trillion (£8.4 trillion GBP) annually by 2025. 

In this article, we’ll guide you through the dangers imposed by public wifi and the most effective strategies for protecting your data and identity while connecting to them. We’ll also discuss the best VPNs for securing your connection when using public wifi hotspots.

Public wifi refers to wireless internet networks accessible in public and commercial locations. These can range from bustling coffee shops and restaurants to libraries, hotels, airports and public transport such as trains and buses. 

The 2018-2023 Cisco Annual Internet Report foresees 628 million public wifi hotspots available by 2023. Unlike home networks, which are usually secured with password protection, public wifi is often unsecured, allowing users with a wifi-compatible device to connect easily.

This freedom of connection, however, has a downside. Public wifi’s lack of security can lead to significant security vulnerabilities, making data transmitted over these networks susceptible to intrusions or eavesdropping.

The risks in using public wifi lies primarily in its lack of security. Many of these networks are unsecured or “open”, meaning no password is required to connect. Moreover, the connections are typically unencrypted, risking any data that is transmitted.

In fact, research revealed 25 per cent of people using public networks while travelling have had their information compromised, with the majority of cases taking place while connecting to free wifi at airports. Also, around half of users use networks that don’t require a password, which means they can be accessed by anyone, with no restrictions on the number of connected devices.

It’s important to note that many smartphones and devices are set up to connect to available wifi networks automatically. So, without your knowledge, your device could expose your data and identity to a number of risks. 

What to look out for when using public wifi

• Honeypot hotspots: Some cybercriminals set up seemingly legitimate public wifi networks known as honeypots. Unwary users might connect to these networks, considering them free and convenient. However, hackers can monitor your unencrypted data once connected, potentially leading to information theft. They may also redirect you to deceptive phishing sites to trick you into revealing sensitive data or downloading malicious software.
• Man-in-the-middle attacks: In this scenario, a hacker connected to the same unsecured network can manipulate the data sent between your device and the network router. By imitating each device, they position themselves in the middle of the data exchange, which allows them to read, alter, or inject harmful content into your connection requests.
• Malware: Hackers can use an unsecured wifi connection to plant malware on your device. This malicious software could record your personal information or even lock your data using ransomware. The malware threat extends beyond the unsecured network, as once your device is infected, your data remains at risk even on secure networks.
• Rogue hotspots or fake networks: These malicious wifi networks mimic legitimate ones, often with similar names. Unsuspecting users may connect to these networks thinking they are authentic. However, once connected, you’re susceptible to cyberattacks by the fraudulent network operator.

Given these potential threats, awareness and caution are crucial when connecting to public wifi networks.

When using public wifi, a significant amount of your personal data can be put at risk. Here’s a breakdown of what that might include:

• Location data: You reveal your current location by connecting to a public network. Malicious actors can use this data to track your movement or establish patterns in your behaviour.
• Web activity: The websites you visit can be monitored while connected to a public network. This information could expose your interests, habits and potentially even confidential information if you visit secured websites like banking or health portals.
• Personal communications: Emails, messages, chats – all could be intercepted and read by a third party. This can reveal your personal information and sensitive data about the people you are communicating with.
• File transfers: Files can be intercepted when sending or receiving them over public wifi. This means photos, documents, or any other files you share could fall into the wrong hands.
• Sensitive information: Perhaps most concerning is the risk to your login credentials, passwords and other sensitive information. If a hacker obtains these, they could access your accounts, including banking, social media and work-related platforms.

These are the types of information that cybercriminals are after. With this data, they can steal your identity, drain your bank account, or engage in other malicious activities.

While public wifi brings convenience, protecting yourself from potential threats is crucial. Here’s a brief guide on how you can secure your data:

• Use a VPN: A VPN – even cheap VPNs – encrypts your data, making it unreadable to potential hackers, even on an unsecured network.
• Verify the network: Take your time connecting to any available network. Verify its authenticity with the location providing the service.
• Change your network settings: Configure your device settings to require you to grant access to public wifi. This will limit your device’s visibility on the web.
• Activate a firewall: Ensure your device’s firewall is enabled, adding an additional layer of security.
• Connect via HTTPS: If a VPN isn’t available, use HTTPS for web browsing, ensuring a secure, encrypted connection.
• Use two-factor authentication (2FA) where available: This provides an extra layer of security when logging into sensitive apps, requiring a second form of verification in addition to your password.
• Disable auto-connect: Many devices are set to automatically connect to the nearest available network by default. You can change your settings to prevent your device from automatically connecting to public wifi networks, limiting unexpected data exposure.

A VPN provides an essential layer of security on public wifi. It works by routing your internet connection through a private server, masking your actual IP address and making your online activity virtually untraceable.

VPN services use robust encryption protocols (typically military-grade AES-256 encryption) to safeguard your data. Even if you’re using an unsecured public wifi network, your information remains secure because it’s encrypted by the VPN tunnel. 

In other words, a VPN acts as a secure tunnel for your data, protecting it from potential hackers. Therefore, using a VPN on public wifi can significantly minimise the risks associated with public wifi usage.

Here are the best VPNs we recommend using on public wifi: 

• NordVPN – best overall: NordVPN offers best-in-class security with double VPN encryption and private DNS protection. With advanced security features, a vast array of servers worldwide and high performance, it’s an excellent option for privacy-oriented users.
• Surfshark – best value: Surfshark is known for superior speed and robust security features, including AES 256-bit encryption and a no-log policy. With an attractive price point, it offers exceptional value.
• Proton VPN – best free VPN: Proton VPN’s free version provides unlimited data and is committed to transparency with an audited no-log policy. However, it lacks some premium security features and streaming support. Its simple interface and free unlimited data make it an excellent choice for new users. If the free version doesn’t seem right for you, the provider also has paid-for subscriptions starting at €4.99 (£4.30) per month, which gives you access to a wider range of servers and locations.

Remember, the effectiveness of a VPN can vary based on specific needs and circumstances, so consider your requirements when choosing a VPN.