top of page

Staying safe on public Wi-Fi

When you're out and about, it’s recommended that you use mobile data or hotspot devices to connect to the internet, instead of public Wi-Fi where possible. But there are ways you can stay safe on public WiFi.

Public Wi-Fi networks pose security risks to users, it’s true, but fortunately there are many tips to take note of in order to stay safe and secure online. In a recent survey, 70% of tablet owners and 53% of smartphone/mobile phone owners stated that they use public Wi-Fi hotspots.

However, because data sent through public Wi-Fi can easily be intercepted, many mobile device and laptop users are risking the security of their personal information, digital identity, and money.

Furthermore, if their device or computer is not protected by an effective security and anti-malware product… the risks are even greater.

Wi-Fi Security & Safety Tips

With coffee shops, hotels, shopping centres, airports and many other locations offering their customers free access to public Wi-Fi, it’s a convenient way to check your emails, catch up on social media or surf the web when you’re out and about.

However, cybercriminals will often spy on public Wi-Fi networks and intercept data that is transferred across the link. In this way, the criminal can access users’ banking credentials, account passwords and other valuable information.

Concerned? Below are some useful safety tips…

Be aware

Public Wi-Fi is inherently insecure - so be cautious. And remember - any device could be at risk, whether you're using a laptop, a smartphone or a tablet, all are susceptible to the wireless security risks.

Treat all Wi-Fi links with suspicion

Don’t just assume that the Wi-Fi link is legitimate. It could be a bogus link that has been set up by a cybercriminal that’s trying to capture valuable, personal information from unsuspecting users. Question everything - and don’t connect to an unknown or unrecognised wireless access point.

For example, if you're in a coffee shop or public library, make sure to verify the name of the network with staff or on signage before connecting.

Some bogus links - that have been set up by malicious users - will have a connection name that’s deliberately similar to the coffee shop, hotel or venue that’s offering free Wi-Fi. So if you can speak with an employee at the location that’s providing the public Wi-Fi connection, ask for information about their legitimate Wi-Fi access point.

It's pretty easy for someone who wants to intercept your data in a man-in-the-middle-style attack to set up a network called "Free Wi-Fi" or any other variation that includes a nearby venue name, to make you think it's a legitimate source.

Use a VPN (virtual private network)

By using a VPN when you connect to a public Wi-Fi network, you’ll effectively be using a ‘private tunnel’ that encrypts all of your data that passes through the network. This can help to prevent cybercriminals - that are lurking on the network - from intercepting your data as it becomes much more difficult for a would-be intruder to sniff out your data.

If you don't already have a VPN set up through your employer or workplace, there are other options available, some of them free. Search the web for a VPN - before you go out, and on a secure network!

Avoid using specific types of website

It’s a good idea to avoid logging into websites where there’s a chance that cybercriminals could capture your identity, passwords or personal information - such as social networking sites, online banking services or any websites that store your credit card information.

Consider using your mobile phone

If you need to access any websites that store or require the input of any sensitive information - including social networking, online shopping and online banking sites - it may be worthwhile accessing them via your mobile phone network, instead of the public Wi-Fi connection.

Protect your device against cyberattacks

Make sure all of your devices are protected by a rigorous anti-malware and security solution - and ensure that it’s updated as regularly as possible.

Check for HTTPS

This is a very simple one, but don't forget to check for the lock symbol in your browser to make sure it's secure. No lock, no security.

Enable two-factor authentication

It's good practice to enable two-factor authentication on services that support it, such as Gmail, Twitter and Facebook. This way, even if someone does manage to figure out your password when on public Wi-Fi, you have an added layer of protection.

On the topic of passwords, try not to use the same password across multiple services. There are plenty of password managers available to make your life easier.

Forget the network

Once you have finished with your web browsing, make sure to log off any services you were signed into. Then, tell your device to forget the network. This means that your phone or PC won't automatically connect again to the network if you're in range. This can be done within the Wi-Fi settings of your device.


The video below looks at how easy a hacker can create a fake Wi-Fi access point and put your data at risk. The video also reiterates some of the tips above.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page