Welcome to the SmallBusiness.com WIKI
The free sourcebook of small business knowledge from SmallBusiness.com
Currently with 29,719 entries and growing.

WIKI Welcome Page
Local | Glossaries | How-to's | Guides | Start-up | Links | Technology | All Hubs
About · Help Hub · Register to Edit · Editing Help
Twitter: @smallbusiness | Facebook | Pinterest | Google+


In addition to the information found on the SmallBusiness.com/WIKI,
you may find more information and help on a topic
by clicking over to SmallBusiness.com and searching there.

Note | Editorial privileges have been turned off temporarily.
You can still use the Wiki but cannot edit existing posts or add new posts.
You can e-mail us at [email protected]

How not to be hacked while using public wifi

SmallBusiness.com: The free small business resource
Jump to: navigation, search
SB nuts+bolts.jpg

SmallBusiness.com How-tos are step-by-step instructions for specific small business tasks. They are created and edited by readers like you. You can help edit this How-to or you can create your own. Find more How-tos at the SmallBusiness.com How-to Hub.


For people who use internet enabled devices ranging from smart phones to laptop computers, the ability to access wirelessly to the internet through some for of public wifi is both convenient and productive. However, without taking a few steps to secure your device, using public wifi can be one of the easiest ways someone can hack into your device. Here are some precautionary steps you should take to prevent this from happening.


Try not to use a website that requires you to log on with a username and password

It's best not to check your email when using public Wifi or logging into sites--it's an easy way to get your password stolen. Email is particularly dangerous. Searching through your inbox can quickly give any hacker access to your other accounts. The same goes for making purchases over a public network. Your credit card information, encrypted or not, will be sent over the airwaves where it can be intercepted.

f you must log in to something, make sure it's encrypted

When you log in to a site, take a look at the browser's address bar and make sure you see a green lock (typically on the left hand side). The lock should remain green and closed throughout the entire login process, with bonus points if the lock remains the entire time you're browsing the site. The lock means your connection is using a protocol called HTTPS, which is more or less a standard HTTP connection encrypted with SSL. Although they can still be hacked, HTTPS connections are much, much more secure than standard HTTP connections. Most sites that have log in pages use HTTPS for at least the login portion of the site — if you're logging in somewhere and you don't see a green padlock, don't log in.

Don't use the same password for multiple sites

This is just a good practice in general. If you use the same password across multiple sites and someone steals it, it's easy for them to take everything: social media accounts, banking and email. You can keep the damage to a minimum by using unique, hard to crack passwords for each site. This can be daunting, if you have more than a few accounts. While it's not a perfect security solution, I recommend using a password management app such as Dashlane to manage your passwords. It makes it easy to create hard-to-crack passwords for each site that you have accounts with.

Enable multi-factor authentication for services that support it

This is also called two-factor authentication. Here's how it works: Say you enable multi-factor authentication for your Gmail account. Now, whenever you try to log in to your Gmail, you'll get a message with an authentication code sent via text message to your phone, which you need to type in to the browser before Gmail will let you access your account. In effect, a hacker would have to physically steal your phone to access your account. It adds less than 20 seconds to each login attempt, and the security benefits are well worth the hassle.

Not all services support this, of course, but a surprising amount do. Lifehacker has a nice list of services with two-factor authentication going.

Make sure you're not sharing files

Windows: You will get a prompt to select which type of network you're joining: Home, Work or Public. Be sure to select public.

OS X: Go to System Preferences and select "Sharing." Uncheck all boxes.

Don't connect to a fake or malicious network

If you're in an airport or a crowded urban area, there are likely several Wifi networks available. Make sure you're connecting to legitimate one, as it's possible for a malicious third party to set up a dummy network for the express purpose of listening in on your data. If the shop you're at doesn't have signage with the proper Wifi network name, find an employee who can get you the information.

Use a Virtual Private Network (VPN)

VPN connections are commonly used by businesses to allow their employees to access secure office networks outside of the office. You can also use them over a public network to encrypt all your traffic — in effect, it turns your public internet session into a private one. Depending on which type of VPN you're using, it can be like enforcing SSL encryption on all your traffic, which is a very good thing.

Setting up and connecting to a VPN can be complicated, but it's well worth the time and energy invested into it, especially if you find yourself needing to do business-critical tasks outside the office. To find out more about the benefits of VPNs and how to set one up, check out this article on How-To Geek, and this article on PC World.

See also

External links