Public Wi-Fi Hotspot Security

Public Wi-Fi hotspots can expose you to the risk of identity theft, data loss or malware infection.

In their 2017 Wi-Fi Risk Report, Symantec reports that 60 percent of users feel their information is safe when using hotspots, but 53 percent can’t tell if the network is secure. The convenience is often too tempting to avoid the risk!

What if the Wi-Fi hotspot is unsecured?


When a Wi-Fi hotspot is unsecured, that means data you transmit or received is unprotected. Anybody on the same network could spy on your information if they have the know-how. If you decide to use free public WiFi, be careful with the service you use and the types of sites you visit when connected.

Protect yourself when using public Wi-Fi by following these basic tips:

Choose the Right Network


A common attack is to create a Wi-Fi hotspot that closely resembles the secure hotspot in the area.  For example an attacker may create an open hotspot called “Staarbucks Free Internet”.  This an effective way to trick you into logging in to the wrong network.  You should always double check the connection is legitimate.

Connect to a Secure Network

You should always try to connect to a network with the secure padlock icon. padlock iconThis padlock icon indicates that a password is required to connect. 

Sometimes the lack of a padlock doesn’t always mean a network is untrustworthy.  Hotel Wi-Fi hotspots do not have a padlock because they often redirect you to a web page login that requires a password.  Another example is our secure uofm-guest network. It is secure, but it does not require a password so there is no padlock icon.  But if you have a choice, always connect to the network with the padlock.

wifi secure

Avoid Accessing or Sending Personal or Sensitive Data

Any site that requires you to login with a userid and password should be avoided while using public WiFi. When connected to a public WiFi hotspot, avoid activities like accessing your bank account, shopping with a credit card or connecting to university services.

Use the U of M VPN


If you must access email or other systems, ensure that you are using the UofM VPN service which will create an encrypted secure connection.

Use Websites with Encrypted Connections (HTTPS)

Any website that requires you to login should be using “HTTPS” to ensure SSL (Secure Sockets Layer) is used for your connection. You will recognize a website with an encrypted connection by the padlock icon beside the site’s URL.  More and more websites are making their pages secure, even if they don’t require a login.  If you don’t see the padlock next to the website’s URL, avoid using this service when connected to a public Wi-Fi hotspot.

owa security login screen

security starts with you


Get relevant and important updates, notices, tips and answers to FAQs by following us on social media:

blog link

facebook link

twitter link


October is Cyber Security Awareness Month - Think Before You Click