Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  Training and Awareness  ›  Protect What You Connect  ›  Public Wi-Fi Safety

Public Wi-Fi Safety

Coffee shops, hotels, shopping malls, airports, and many other locations offer their customers free access to open public Wi-Fi. It's a convenient way to check email, catch up on social networking, or surf the web when you're out and about. These "open" networks also involve un-encrypted connections, leaving users at great risk. Cybercriminals can infiltrate unsecured Wi-Fi networks and intercept data such as banking credentials, account passwords, and other sensitive information that is transferred across the web.

Here are some useful tips on staying safe when using public Wi-Fi:

  • Treat all Wi-Fi networks with suspicion: Don't assume that any Wi-Fi network is legitimate. It could be a bogus network that has been set up by a cybercriminal trying to capture sensitive information from unsuspecting users. 
  • Verify it's a legitimate wireless connection: Speak to an employee at the location that's providing the public Wi-Fi connection and ask for information about their legitimate Wi-Fi access point — such as the connection's name and IP address.
  • Avoid entering personal or sensitive information: It's a good idea to avoid logging into websites that store or require the input of any sensitive information — such as online banking services or any websites that store your credit card information. 
  • Consider using your mobile phone's network: If you need to access a website that stores or requires the input of any sensitive or financial information, it is more secure to use your mobile phone wireless network to access the site instead of the public Wi-Fi.
  • Use a Virtual Private Network (VPN): The most effective way to stay safe on public Wi-Fi is to install a VPN on your devices. A VPN makes it difficult for criminals lurking on the network to steal your data and spy on your activities. Visit the CMU Virtual Private Network homepage to get started.
  • Keep software up to date: Install updates for apps and your device’s operating system as soon as they are available. Keeping the software on your mobile device up to date will prevent cybercriminals from being able to take advantage of known vulnerabilities.
  • Disable auto-connect features and always log out: Turn off features on your computer or mobile devices that allow you to connect automatically to Wi-Fi. Once you’ve finished using a network or account, be sure to log out.
  • Ensure your websites are encrypted: When entering personal information over the Internet, make sure the website is encrypted. Encrypted websites use https://. Look for https:// on every page, not just the login or welcome page. Where an encrypted option is available, you can add an “s” to the “http” address prefix and force the website to display the encrypted version.