I caught up with Sean Lyons, director of outreach at Netsafe, walking through an airport, where looking around him, he saw a "cacophony" of Wi-Fi hotspots, mobile personal hotspots and laptops. Were some fake?
"It's not hard to do that," he explained. "It's not something that people do a lot of, but it's absolutely possible. We need to be on our guard and connect to Wi-Fi points that we absolutely trust."
Of course, how we are using the internet is also a factor. "Vacuous tweets are one thing, sensitive data is another," he said, and recommended encrypted connections and virtual private networks (VPNs). "What you're sending out is effectively gobbledygook to anyone trying to snoop in."
There are places, he explained, where the internet connection is so wide open that you should avoid it. "Hotel lobbies are the worst places," he said. And while there are measures you can take, "nothing's foolproof".
Here's a list of ways to get online, from least secure to most:
• Fake public hotspot (not secure, a scam)
• Public Wi-Fi (less secure)
• Unencrypted Wi-Fi, even at home, with no password (less secure)
• Wi-Fi hotspot, password protected (a bit better)
• Your home Wi-Fi, WPA2 protected (most secure)
• Mobile network (most secure)
The short of it is, anything money related - banking or shopping - should never be done over a public Wi-Fi network. There's just no telling who else is on there, and whether they're logging everything we're doing while we're on.
Best bet is to go directly through your mobile provider over their secure network. Back to the data plan, it seems.
Top tips if you have to use public Wi-Fi
If you or anyone you know (your teens, for instance) find that you still need to use public Wi-Fi, here are some top tips:
• Choose one that's password-protected. You may need to buy a coffee at the café to get the password, but that will be worth it. (Hopefully the coffee's good too.)
• Pay close attention to the network you're joining. Is it the right one? Or is it bogus?
• Avoid logging in to any of your accounts that stores personal information.
This can be a long list: retail websites, health providers, banks or other financial institutions, email and of course social media.
• Make sure website addresses start with "https". The "s" stands for "secure" and data is encrypted.
• Use a VPN. A "virtual private network" is like setting up a protective tunnel that you surf through while on public Wi-Fi. Here's more on how to do this.
• Make sure your Wi-Fi is turned off afterwards. Your device may still be connected and transmitting even if it's away in your pocket.
These days, as long as I'm not out of data, I log on through my mobile network.
"Tethering" like this gives me some peace of mind that I can trust the network I'm on. But that's not always possible, so it's good to know how to stay safe in the wild world of public Wi-Fi, where we should never let our details, or our money, out in the open.
Get Sorted is written by Sorted's resident blogger, Tom Hartmann. Check out the guides and tools from Sorted – brought to you by the Commission for Financial Capability – at sorted.org.nz.
