Remote working is here to stay, and whilst it’s not for everyone, many employers and employees alike, have taken to it.  There are multiple problems related to cyber security around this, working from home or on the move, and today I’m going to concentrate on the prevalence of people working from insecure sites such as coffee shops, railway and air terminals etc.   It’s a subject that I tend to jump on every so often because it’s one that people just don’t seem to get.  I dropped into a coffee shop this morning for my caffeine infusion, and there were six people with their laptops open, working away on business issues.  I could see open spreadsheets (and easy to read if you were sitting behind them), and all had their email open.  One was on a video call, and I heard all her side of the conversation, annoying enough for other café users but she wasn’t aware of the data she was releasing into the wild, at all.

Of course, this is nothing new, it’s been ‘a thing’ for years now, but is it a safe thing to be doing?  A recent survey suggests that a significant proportion of the connections to unsecured Wi-Fi networks result in hacking incidents, when from working in coffee shops, restaurants, airports, and other public places.

If you are among those Wi-Fi lovers, there’s bad news for you… your online privacy and security is at risk, if you rely on the weak to non-existent Wi-Fi security protocolsat these insecure locations.  This means that you could be exposed to various threats such as identity theft which has over 15 million cases each year, data theft/breaches, introducing malware to your business network and that of your customers/suppliers.  This list is not exhaustive.

Free or public Wi-Fi’s are hotspots for hackers and data snoopers who want to steal your private data or financial information. It is easy for cyber criminals to do that nowadays. You will be surprised to know the different ways they can compromise your device or your private information and why you shouldn’t rely on public Wi-Fi security as it comes with a lot of risk.  Using insecure public Wi-Fi exposes you to a range of cybersecurity risks because you’re sharing a network with unknown and potentially malicious persons. The core issue is that these networks often lack proper encryption and authentication, making it much easier for attackers to intercept or manipulate your data.

One of the biggest risks is data interception (packet sniffing). On an unsecured network, attackers can use simple tools to capture data packets traveling between your device and the internet. If the data isn’t encrypted (for example, websites not using HTTPS), sensitive information like passwords, emails, or credit card details can be read directly.

A closely related threat is the Man-in-the-Middle (MitM) attack. Here, an attacker secretly positions themselves between you and the service you’re accessing. Instead of communicating directly with a website, your traffic is routed through the attacker, who can monitor, alter, or inject malicious content into the communication without your knowledge.

Another common issue is rogue hotspots or “evil twin” attacks. Attackers set up fake Wi-Fi networks with names that look legitimate (e.g., “Free Airport Wi-Fi”). When you connect, all your traffic passes through their system, giving them full visibility and control over your activity.

Public Wi-Fi also increases the risk of session hijacking. Even if you log into a secure site, attackers may capture session cookies, small pieces of data that keep you logged in, and use them to impersonate you without needing your password.

There’s also the danger of malware distribution. Some attackers exploit vulnerabilities in devices connected to the same network to push malicious software. Others may trick users into downloading infected files via fake pop-ups or compromised websites.

Many public networks lack proper network segmentation, meaning devices on the same network can sometimes directly communicate with each other. This makes it easier for attackers to scan for vulnerable devices, open ports, or shared files, potentially gaining unauthorised access.

Another issue is unencrypted connections and misconfigured security protocols. Some networks use outdated encryption standards (like WEP) or even none at all, making it trivial to crack passwords or decrypt traffic.

Additionally, automatic connectivity on devices can be exploited. If your device is set to automatically connect to known networks, attackers can spoof those network names and trick your device into connecting without your explicit approval.

Finally, there’s a broader privacy concern: even if attackers don’t actively interfere, network operators themselves (or anyone monitoring the network) may log your browsing habits, device information, and other metadata.

How to reduce risk:

• Use a VPN to encrypt your traffic
• Only access HTTPS websites (look for the padlock icon)
• Avoid logging into sensitive accounts on public Wi-Fi
• Disable file sharing and use a firewall
• Turn off automatic Wi-Fi connections
• Verify network names with the venue before connecting
• Only use authorised protocols to access your company network or cloud

In short, insecure public Wi-Fi removes many of the protections that normally keep your data private, making it far easier for attackers to observe, intercept, or manipulate your online activity.

The risk reductions above are essential but even then, don’t get complacent.  A VPN for instance, encrypts your data as it transits the internet, putting up a secure ‘tunnel’ for it to move through.  However, that data is only protected once you start sending it.  Other data on your laptop is not encrypted and remains vulnerable.  Disk encryption such as Bitlocker on Windows or File Vault on Macs, is designed to encrypt your disk as you are shutting down, so that if your machine is stolen, the data can’t be accessed.  But once you start it up and log on, the disk is unencrypted.  The safest encryption uses what is known as file level encryption which encrypts your files by sensitivity level and only allows them to be read by authorised persons on your corporate network.  That way if your machine is accessed whilst it is up and running in your coffee shop, the sensitive data can’t be read.

Stay aware and stay vigilant.  You have to be successful all the time; the criminal has to be successful just once.