Practicing safe public wi-fi: assessing and managing data security risks

21 Dec 2016

Public wi-fi is becoming a key part of Australia’s communication system. However, the convenience and accessibility that make public wi-fi so popular also make it vulnerable to malevolent or illegal activities, particularly targeted at intercepting sensitive or valuable personal information.

Despite its popularity, we know little about how consumers use public wi-fi, their understanding of the technology, and their expectations of service providers. This study contributes to filling knowledge gaps in this field.

The study analyses data from the first large scale Australian survey of public wi-fi use. The survey, designed by RMIT University and Di Marzio Research and administered by Di Marzio Research in 2014, gathered data from a nationally representative sample of 1,200 respondents on mobile broadband use and compared activities on more secure mobile 3G and 4G networks, with activities on public wi-fi networks. The survey gathered data on user awareness of public wi-fi network security issues, and how this awareness influenced decision-making on network use.

The survey data is introduced and contextualised by a discussion of public wi-fi regulation, risk and security issues. Analysis of the survey data is also contextualised with findings from fieldwork on public wi-fi provision undertaken by the RMIT project team in several Australian states. The discussion concludes with suggestions on simple actions network users can take to secure their communications. In addition to providing baseline data at a time when investment in public wi-fi is surging in Australia, the study is intended to inform awareness campaigns on the safe use of public wi-fi networks.  

Awareness of public wi-fi security issues does not necessarily change behaviour

  • 60% of public wi-fi users recognised that public wi-fi networks were somewhat insecure. Those who had conducted financial transactions on public wi-fi networks were more likely to perceive these networks as fairly or very secure.
  • Almost half of the public wi-fi users who conducted financial transactions recognised the networks were insecure, but proceeded anyway, preferring convenience over security.
  • When public wi-fi and cellular networks are available, almost one in five of public wi-fi users always choose to connect using wi-fi.
  • 19% of survey respondents indicated they had chosen not to use some networks because of security concerns. More commonly, though, concerns over privacy, log-in problems and quality of service were cited as reasons for not accessing public wi-fi.
  • 83% of public wi-fi users considered that authenticating with a password was important or very for protecting personal information.

The terms and conditions governing public wi-fi network use do not consistently outline user risks

  • Most public wi-fi networks are governed by non-negotiable terms and conditions (T&Cs). While there are examples of concise, plain language T&Cs, many are long and legalistic, and difficult to access on a mobile screen. Security advice and alerts are often buried at the end of T&Cs.

The report highlights shared challenges for public wi-fi users, employers, public wi-fi network providers, and policy-makers to promote public wi-fi security, while retaining the benefits of accessibility offered by this communication technology.

In particular:

  • there is a need for greater awareness of the risks of using public wi-fi and the security measures users can implement to minimise these risks. Public wi-fi security can be boosted with some simple steps, such as using a Virtual Private Network [VPN] or DNS Proxy, and/or ensuring that sites and services that are used operate under HTTPS or SSL protocols
  • our survey data on work-related use of public wi-fi, in line with wider trends in mobile work and bring-your-own-device (BYOD) arrangements, suggest that businesses and employers, and their representative bodies, should be active in developing protocols and procedures relating to public wi-fi use. Given the level of financial transactions conducted over insecure public networks, as shown in the data, financial institutions have a strong incentive to participate in publicity campaigns.
  • public wi-fi network providers should assist in promoting security awareness at user log-in stage. Terms and conditions should prioritise security information and follow best practice in network set up and operation. Network providers should check access points regularly to ensure network integrity.
  • the limited security awareness of public wi-fi users, as evidenced by the survey data, reinforces earlier survey data obtained by the Commonwealth Department of Communications and the Arts showing limited awareness of information sources for online security information. This suggests that more vigorous and perhaps targeted publicity is required. However, the prevailing emphasis on cybersafety, particularly aimed at children, needs to be supplemented with a more expansive concept of cybersecurity.
Publication Details
Published year only: 
Geographic Coverage