🔒 Cybersecurity for lawyers

It can often be convenient to connect to public Wi-Fi. But bear in mind that you are connecting to a fundamentally untrusted third party network.

Collecting information for access — do you need to give over your name and other details?

You might get away giving a fake name.

If you need to sign up with an email address, use a unique email address for that service.

What are they doing with your data? Selling it? Reading their privacy policy.

Is the network encrypted? Not all public Wi-Fi networks encrypt the communication between your computer or phone and the wireless access point which broadcasts the Wi-Fi signal.

Even if the connection is encrypted, how do you know that it is not some rogue third party operating the access point?

Anyone can set the broadcast name of a Wi-Fi network — what is known as the SSID — to anything they like.

But if anyone can set any network name that they want, how do you know that the network called “Starbucks”, for example, is actually operated on behalf of Starbucks? It could be anyone, including someone just sitting with a device in their bag, pretending to be the Starbucks network, and capturing the traffic you send across their network.

If you permit your device to connect automatically to known networks, may connect to a rogue network, and start sending data over to an unknown third party before you even realise it.

Wi-Fi which requires a login page (a “captive portal”): requires you to connect to it without going through your VPN, you’ll need to connect to their login page directly.

You will need to communicate with a “captive portal” without connecting to the VPN, and that give an opportunity for a malicious actor to acquire information from your device, or see where your device is trying to send traffic.

If you do want to rely on the Wi-Fi, probably want to run a VPN session over it. Or you could use Tor.

But, for the reasons discussed above, particularly in the context of “captive portal” Wi-Fi, it is not a perfect solution.

Good guidance from the National Cyber Security Centre: https://www.ncsc.gov.uk/guidance/end-user-devices-common-questions

May be better off connecting to your phone, rather than relying on some questionable Wi-Fi. Depending on how much you trust your mobile phone provider.