A recent survey found the majority of U.S. consumers regularly engage in risky public Wi-Fi behavior because they are unaware of the risks and don't understand how to use a virtual private network (VPN).
The Norton Wi-Fi Risk Report found 58 percent of U.S. consumers logged into their personal email, 56 percent logged into social media accounts, and 22 percent of the respondents accessed financial/banking information over public Wi-Fi connections, all tasks which researchers defined as risky behavior if done on an unsecured network.
The report said most of the respondents engaged in these and other risky actions because there is a significant lack of understanding about the best way to protect personal information when using public Wi-Fi.
According to the report, 24 percent of U.S. consumers said they didn't know the best way to protect their information when using public Wi-Fi, while 18 percent knew that using websites with HTTPS and that have green bar at the top of the browser is the best way to protect their data.
Only 26 percent of the respondents replied that using their own private network such as a VPN is the best way to protect information.
While using a VPN is the best way to access information on a public Wi-Fi network, a lack of knowledge about how to use these systems is a core cause for the risky behavior, researchers said in the report.
Of those surveyed, 38 percent of said they don't know how to use a VPN, 25 percent said they don't know where to buy/how to install one, and 17 percent said its inconvenient, according to the report.
Despite the findings, once users became aware of what constituted as risky behavior, they expressed significant concern with 85 percent of respondents expressing now being worried about having their information stolen over free Wi-Fi networks and of unauthorized access to financial information, while 84 percent expressed fear of malware infections.
“An open Wi-Fi network is any network that does not require you to have a passphrase or a certificate before connecting,” Tripwire Computer Security Researcher Craig Young told SCMagazine.com via emailed comments. “This includes services that allow you to connect and then open a browser to login.”
Young said that although many people understand that data sent to an open wireless network can be intercepted by a nearby attacker or the wireless service operator, they likely do not realize how connecting to these networks leaves their devices open to attackers in less obvious ways.
He said an attacker can glean information from victims and even manipulate data within connections.
“The best practice is to completely avoid open wireless networks, but if they are sometimes needed, it is best to use a VPN client after connecting and to immediately delete the connection profile after disconnecting so that the device will not automatically reconnect to that network,” Young said.