Public Wi-Fi hotspots are brilliant for ensuring you can check your email and surf the web while on the go. However, using public wireless internet can also leave you wide open to attack. We show you the proper precautions you'll need to take to ensure you're not inviting your coffee colleagues to partake in confidential information.
Your personal business is your competitors' business
But what if you think that your data isn't important enough for someone to snoop on?
Perhaps you're just browsing websites, not logging in to any email systems or web applications that require passwords. You should be safe then, right? Not necessarily.
Imagine you're on airport Wi-Fi while you're returning from an industry trade show.
Instead of checking the hundreds of email messages waiting for you (unlikely, right?), you decide to browse your competitors' websites, looking for ideas. Or maybe you elect to research potential acquisition targets.
In the background, however, your email client detects an internet connection and starts to download your email.
A colleague back at headquarters sees your instant-messenger status change to 'online' and sends you a panicked plea: "Huge problem @ factory. Possible recall. Call Bob ASAP!".
Armed with nothing more than wireless packet analyser software, a fellow conference attendee in the same seating area may be able to glean competitive intelligence based solely on the websites that you visit and your (probably unencrypted) instant messages - not to mention the personal email from the recruiter indicating you're ready to jump ship, or the notes reflecting your relationship problems with your significant other.
In short, the 'other guy' is reading your messages before you are, and you didn't even do anything.
Stick to SSL for webmail
First, to combat mail snoops, use a webmail system with HTTPS for the whole session.
Almost all webmail systems use HTTPS when asking you to log in, so your password is transmitted securely.
However, after authentication, they usually switch back to HTTP because it reduces the computational strain on their servers and makes serving advertisements easier.
That means that everyone who is on the same wireless network (either unencrypted or with a shared password) can read the content of your email.
In some cases, a person can steal your session cookie and log in to your webmail session without your password. That is, until you click the 'Logout' link - which you do every time, right?
Two very notable exceptions are Gmail and your corporate email system (such as Outlook Web Access).
Earlier this year, Gmail switched from the common practice of using HTTPS just for logins to using HTTPS throughout the entire webmail session.
Google Apps users were previously able to opt in to this feature, but it is now the default with the ability to opt out (if you hate security).
Your company's webmail system is also likely protected by HTTPS at all times, because that is the default configuration for most systems.
However, if you check your work messages using local software (Outlook, Thunderbird, Mac OS X's Mail) instead of HTTPS web-based email, you may or may not be using encryption.
NEXT PAGE: Paid hotspots: safety not included
- Make sure you and your data are protected
- Your personal business is your competitors' business
- Paid hotspots: safety not included
- Use your VPN
- Wi-Fi surfing safety summary