Disconnect your device from the Internet when you aren’t using it and make sure your device isn’t programmed to automatically connect to Wi-Fi. The likelihood that attackers will target you becomes much higher if your device is always connected.

With automatic Wi-Fi connectivity enabled, your phone will connect to any known network or SSID that doesn’t require a password. You might be at risk if these Wi-Fi connections are monitored by untrusted third-parties. Configure your mobile devices to forget networks you no longer need, or just turn off Wi-Fi entirely.

It’s been obsolete for years, but make sure you are not still securing any Wi-Fi networks with the legacy WEP standard. WPA2 is ideal as of early 2018 and supported by any legitimate modern router or wireless-enabled device. Be on the lookout for WPA3-certified products in the coming years, as they will have additional features.

Everything from your Wi-Fi router to a new baby monitor might ship with a default username and password, such as “admin” for both credentials. You should change them right away to prevent exposure to botnets designed to take over devices with easily guessed logins.

Avoid online shopping, banking, and sensitive work that requires passwords or credit card information while using public Wi-Fi. And only use sites that begin with “https://” when online shopping or banking.

Passwordless public Wi-Fi is unencrypted, meaning your data can be intercepted while using it. Consider setting up a virtual private network (VPN) to encrypt your connection and shield your activities from prying eyes on public networks. Short of that, look for “semi-public” alternatives such as coffeeshop/restaurant Wi-Fi with a requestable password (usually on a receipt) […]