How to Reduce Public Wi-Fi Security Risks

By Joe Moran | Posted October 13, 2016

Public Wi-Fi is arguably one of the great modern conveniences. No matter where you happen to be—airport, hotel, restaurant, or perhaps just standing on any random street corner, you'll typically find at least one public and free Wi-Fi hotspot within range. The ubiquity of such hotspots makes them a natural choice when you need quick access to the Internet, particularly for mobile small-business people that need to stay as productive as possible outside the office.

[More on Wi-Fi security: 8 Ways to Improve Small Business Wi-Fi Security]

But that convenient public Wi-Fi network can harbor public Wi-Fi risks that should make you think twice—at the very least—before you blithely connect. In this article we outline public Wi-Fi security risks, highlight ways you can mitigate some of them, and explain why the best option might still be to skip public Wi-Fi altogether if you can.

Understanding Public Wi-Fi Security Risks

Public Wi-Fi hotspots pose two types of security risk. First, don’t know who else is on the public Wi-Fi hotspot with you— people who could potentially connect to your device and eavesdrop on its data transmissions. Second, that hotspot you connect to may be other than what it appears; Venues where lots of people gather frequently contain rogue hotspots. These rogues may provide access to the Internet, but they also intercept and record all the data that flows through them for the benefit of a fraudster looking to steal sensitive information.

So what can you do to protect yourself? At a bare minimum, use a VPN whenever you connect to ANY unknown Wi-Fi network to secure your connection and protect it from prying eyes. But you should also be aware that VPNs aren’t necessarily a panacea against public Wi-Fi security risks.

For starters, you pay a performance penalty—encrypting data and the extra step(s) of routing it through VPN servers takes extra time, and that slows downloads, page loads, etc. compared to an unsecured connection. This is particularly true in the case of free (read: ad-supported) VPNs such as those from Hotspot Shield, Spotflux, and TunnelBear. Free VPNs typically cap the bandwidth (speed) of your data transfers, as well as limit the total amount of data you can transfer in a given period.

However, paid VPN services from the aforementioned providers (and others including KeepSolid VPN Unlimited and ExpressVPN) generally eliminate any significant performance penalty along with any data caps imposed by their free counterparts.

Note: all the VPN services mentioned above are available for Windows, Mac, iOS, and Android.

How to reduce public Wi-Fi security risks

How to Reduce Public Wi-Fi Security Risks

Whether VPNs are paid or free, they can still leave you vulnerable to public Wi-Fi risks in certain circumstances because of something called a DNS Leak or DNS Redirection. As background (or a refresher), DNS (Domain Name System) is what matches the name of a site such as with its numerical IP address, so that you can reach it without memorizing a bunch of numbers.

The public hotspot that your device connects to typically determines what DNS server it will use. However, if the hotspot’s been compromised (or it's a rogue) it could use a malicious DNS that takes you to bogus look-alike websites (designed to fool you into providing account information) rather than the legitimate sites you intend to visit.

In theory, using a VPN should protect you from DNS Leaks/Redirection because the VPN uses its own DNS servers—not the hotspot’s. In reality though, not all VPNs use their own DNS servers, and others need to be specifically configured to do so.

Before you sign up for a VPN subscription, be sure to check if it supports "DNS Leak Protection" or a similarly-named feature. Want to check a VPN subscription you already own? Here's how:

  1. Visit when you’re connected to a hotspot—but not connected to the VPN
  2. Run the test and note the DNS servers listed
  3. Connect to the VPN and run the test again

If you see different DNS servers than you did the first time, the VPN is handling DNS for you, and you’re good. If you see the same ones, you’re still using the hotspot’s DNS. This doesn’t mean the hotspot is using bogus DNS servers, only that if it were, your VPN will not protect you from being redirected.

Public Wi-Fi Security Risks: An Inconvenient Truth

Here's an unfortunate fact; there’s no way to be absolutely sure that a public Wi-Fi hotspot is safe. That includes "members only" networks you might get access to as a perk from your ISP. Such networks might arguably be even more dangerous, because it’s not at all difficult for a maliciously-minded individual to set up a hotspot named "xfinityWi-Fi", "attWi-Fi", or some other familiar, commonly-used network name to entice you.

In fact, if you’ve ever connected to a legitimate hotspot with a particular name before, your mobile device will typically connect automatically to any network with the same name it encounters in the future. That’s why when you connect to public hotspots, it’s prudent to disable this automatic connection or make your device "forget" the network when you’re done. How you do that depends on the device and the OS, but a Google search should put you on the right path.

This takes a big chunk out of the public Wi-Fi convenience factor, because you may have to explicitly join networks more often. But more security often means less convenience.

Not every public hotspot is the online equivalent of Star War's Mos Eisley Cantina ("a wretched hive of scum and villainy"), but the risk is real. It’s important to be aware and act accordingly—always use a VPN, make sure the VPN uses its own DNS servers, and be especially skeptical of hotspots with familiar names.

Public Wi-Fi vs Personal Hotspot

For an extra degree of safety, consider avoiding Public Wi-Fi hotspots altogether in favor of your own personal hotspot device—like this one—from a mobile carrier. Yes, it's something else to carry around and keep charged, and yes it's dependent on having a strong mobile signal, and yes, you pay for the device as well as for the monthly subscription/data usage.

But carriers charge less for these devices and the data usage than they did even a few years ago, so the overall cost may not be all that much more than a paid VPN subscription. And you typically get better performance out of a mobile hotspot than a public Wi-Fi network.

Countless people—plus the establishment that provides it—share the bandwidth on a public Wi-Fi network. A 4G LTE personal hotspot can provide just as much bandwidth as a Wi-Fi network—and it’s all yours.

[Don’t miss these: 5 Easy Tips for Better Wi-Fi Performance]

Joseph Moran is a technology writer and IT consultant specializing in services for consumers and small businesses. He's written extensively for numerous print and online publications, and is the author of File Management Made Simple, Windows Edition from Apress.

Do you have a comment or question about this article or other small business topics in general? Speak out in the Forums. Join the discussion today!

Comment and Contribute


    Get free tips, news and advice on how to make technology work harder for your business.

    Learn more
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date