Using your digital devices in public places (such as a cafe or airport lounge, or hotel room) presents a number of additional threats and vulnerabilities that may not exist when you're using them in the privacy of your home or office. So it's important to be aware of these threats and take steps to minimise them.
The major difference between a private and public space is the level of control you have over the environment. In a public place, you don't have control over:
Each of these allows for a greater chance that you could lose access to your data, or your data could fall into the wrong hands -- or both.
You should already be aware of these factors even when you are using your devices in private spaces, but need to be especially mindful of them when in a coffee shop or hotel lobby. Below are a few tips and guidelines to follow.
The first step to protecting your data when you are in public places is to not carry or open it unless you need to. So don't store your sensitive data on the phone, tablet or laptop that you carry with you everywhere. Instead, consider storing it on an external hard drive that is kept in a safe place.
If you need to carry sensitive data (for example while travelling) then don't open it in public spaces. And while it is recommended to encrypt the data on all of your devices, it is especially recommended for when you have to carry or use a device in public spaces (more on how to do this below).
There are some cases where you may need to use your devices in a public space (such as if you have to show something to someone in a coffee shop, or you have to work on something urgently in the airport waiting area).
In such cases try to pick a spot where the screen of your device will be visible to as few passers-by as possible. So look for the least busiest place and try to find a seat with a wall (not window or mirror!) directly behind you.
Also, be aware of any surveillance cameras around that may have a view of your screen.
Again, you should always have your screen lock enabled, but it's all the more to check this before using your devices in public. If your phone or laptop are set up to automatically lock the screen after 30 seconds of inactivity, then there will be less chance of someone being able to access them if left alone.
You should certainly not leave your devices alone in public spaces, but having an automatic screen lock is useful in cases where you do so inadvertently.
Whenever you connect to a wi-fi network, your browsing and messaging can potentially be seen by the network administrator and possibly any other users connected to it. The wi-fi router itself may be compromised also.
So avoid connecting to free public wifi networks offered at hotels, airports and cafes unless necessary. Instead, consider using the data package on your phone, or use a wifi dongle. (Be aware though that while this hides your communications from the administrator of the hotel/airport/cafe wifi network, it will reveal your location to your internet service provider).
Using a VPN or Tor will hide your communications and browsing from both your wi-fi network and your internet service provider (ISP), so you should consider using it in any case, but especially in situations where you have to connect to a public wi-fi network.
Avoid checking any private or sensitive data (such as your bank account) online from public spaces, but if absolutely necessary then take an extra moment to check that you are connected through HTTPS.
Most of your devices have a public name for when they connect to a wi-fi network, bluetooth or local Windows network. Everyone who is connected to the network will be able to see this name, so it is important to choose a name that doesn't reveal any personal information such as your real name.
If you use a wifi dongle then also make sure that the network name (SSID) does not reveal any of your personal details as it will be visible to anyone near you.
You should be doing this in any case, but it is especially important to make sure the data on your devices is encrypted before travelling or working in a public space. In the event that your device gets lost or stolen, encryption will make it much more difficult for an unauthoried person to access your data.
Most phones and laptops on nowadays come with full disk encryption pre-enabled, or with built-in options to enable encryption. However, even for your other devices such as USB flash drives or external hard drives, you can encrypt the data on them using a tool such as VeraCrypt.
Before going on any long-distance travel, it's a good idea to power off any devices you take with you (other than your primary phone) as that will make it far more difficult for an unauthorised person to decrypt your encrypted data.
If you have any questions about this, or have requests about what to cover in future posts, send us an email!