Know your environment
Being aware of your surroundings whilst using your device is maybe more important than you think
Using public Wi-Fi safely
Public Wi-Fi networks are those found in cafés, trains, airports or shops, but also include any Wi-Fi network you cannot be sure of, such as a friend’s network. They can be convenient, but they should always be treated as untrusted networks. As these networks are shared and often do not use good encryption, they may be monitored by criminals or impersonated by malicious actors.
Public Wi-Fi networks are those found in cafés, trains, airports or shops, but also include any Wi-Fi network you cannot be sure of, such as a friend’s network. They can be convenient, but they should always be treated as untrusted networks. As these networks are shared and often do not use good encryption, they may be monitored by criminals or impersonated by malicious actors.
Being aware of your environment when using public Wi-Fi is also important. Devices used outside of controlled environments such as the office or home may be exposed to additional risks, including physical theft, unauthorised viewing of your screen, as well as insecure networks.
If you need to connect to a public Wi-Fi network, follow the guidance below to reduce the potential risks.
Before connecting
Before joining any public Wi-Fi network, take a few steps to ensure you are connecting safely.
Before joining any public Wi-Fi network, take a few steps to ensure you are connecting safely.
- Verify the network name. Criminals sometimes create fake networks, known as rogue or “Evil Twin” hotspots, that can mimic legitimate Wi-Fi services provided by businesses. Always confirm the correct network name with staff or official signage before connecting.
- Use a trusted VPN where possible. A Virtual Private Network (VPN) encrypts your internet traffic, making it more difficult for others on the network to intercept sensitive data. Note that the University VPN service only protects access to some specific University systems; it does not provide general browsing protection. Most internet traffic today uses a secure protocol called HTTPS, which is encrypted and does not require a VPN. However, in some circumstances, a sophisticated attacker may be able to impersonate the legitimate service and intercept sensitive information. A good, trusted VPN service can protect against this. Note that many free VPN services are actually malware, or can themselves intercept sensitive information and so are not recommended. Although VPNs are legal to use in the UK, the legality of their use in other countries varies, so you should always check the legality of VPNs for the country you are in if you are not in the UK.
The NCSC provide guidance on the use of VPNs. - Disable automatic Wi-Fi connections. Turn off automatic connection or “auto-join” features so your device does not connect to unknown networks without your knowledge.
- Ensure your device is updated. Make sure your laptop, tablet, or phone always has the latest security updates installed, especially before using public networks.
While connected
When using a public Wi-Fi network, remain cautious about the information you access and how your device is configured.
When using a public Wi-Fi network, remain cautious about the information you access and how your device is configured.
- Avoid accessing sensitive services. Do not use public Wi-Fi for activities involving sensitive information such as online banking, financial transactions, or accessing confidential accounts or emails.
- Use secure websites. Check that the website address starts with https://. If it isn't visible, click in the address bar. Some modern browsers no longer show the full address, including the https:// part, nor display a padlock icon indicating that the connection to the website is encrypted, unless you click in the address bar. You may also need to click an icon next to the web address in the address bar and look for confirmation the connection is secure there.
- Disable sharing features. Turn off file sharing, Airdrop, Nearby Share or similar features to prevent others on the network from accessing your device.
- Use Multi-Factor Authentication (MFA). MFA adds an additional layer of protection to your accounts, even if your password is compromised.
- Be aware of “shoulder surfing.” In busy public places such as trains, cafés or libraries, it may be easy for someone to view your screen or keyboard. Avoid accessing sensitive information where it may be visible to others, particularly when typing in passwords.
After using the network
If you have needed to use a public Wi-Fi network, then once you have finished, take steps to reduce the likelihood of accidentally reconnecting automatically.
If you have needed to use a public Wi-Fi network, then once you have finished, take steps to reduce the likelihood of accidentally reconnecting automatically.
- Sign out of services. Log out of any websites or applications used during the session.
- Forget the network. Remove the network from your saved Wi-Fi list so your device does not reconnect automatically in the future.
Physical awareness and device security
As well as the risk of ‘shoulder surfing’, using your device in public environments can introduce more risks beyond the network connection itself.
As well as the risk of ‘shoulder surfing’, using your device in public environments can introduce more risks beyond the network connection itself.
- Do not leave devices unattended. Never leave your laptop, phone or tablet unattended in public spaces such as libraries, cafés or shared offices. Also be aware of the risk of a device being snatched even in your presence.
- Be aware of who has access to your environment. Devices used outside controlled environments may be accessible to others who may not understand the sensitivity of the information stored on them.
- Lock your device when not in use. Even brief periods away from your device can create an opportunity for unauthorised access.
Safer alternatives to public Wi-Fi
Where possible, consider alternatives that provide greater security.
Where possible, consider alternatives that provide greater security.
- Use mobile data. A mobile 4G or 5G connection is generally more secure than public Wi-Fi.
- Use a personal hotspot. Sharing your phone’s existing mobile data connection with your laptop or tablet can be a safer option than connecting to an unknown Wi-Fi network.
If you believe you may have been targeted by a scam or cybercrime incident
- If the incident involved your University account or a University-managed device, contact the IT Service Desk as soon as possible, and change your password as soon as possible if you think it may have been compromised.
- If you are the victim personally rather than the University, report it to Action Fraud. Victims can report cybercrime and fraud online via the UK’s official reporting service.
- Contact your bank immediately if any sensitive financial information may have been exposed. Many UK banks can be reached via the dedicated fraud reporting number 159.