It’s pretty easy for someone who wants to intercept your data in a man-in-the-middle attack to set up a network called “Free Wi-Fi” or any other variation that includes a nearby venue name, to make you think it’s a legitimate source.

If you are connecting via Windows, make sure to turn off file sharing and mark the Wi-Fi connection as a public network. You can find this option in the Control Panel > Network and Sharing Center > Change Advanced Sharing Settings. Under the Public heading, turn off the file sharing toggle. You may also want to turn on the Windows Firewall when connecting to a public network if it’s not already activated. These settings are also found in Control Panel > Windows Firewall.

On Mac, open up System Preferences and navigate to the Sharing icon. Then, untick the checkbox next to File Sharing. Here’s a full rundown on how to disable sharing and removing public home folder sharing options in OS X.

You can also turn on the firewall within OS X by heading to System Preferences, Security & Privacy and click the Firewall tab.

Use a VPN

Creating a virtual private network (VPN) is one of the best ways to keep your browsing session under wraps. A VPN client encrypts traffic between your device and the VPN server, which means it’s much more difficult for a would-be intruder to sniff your data.

If you don’t already have a VPN set up through your employer or workplace, there are other options available. One free implementation is SecurityKISS which offers ad-free VPN access with data limited to 300MB/day. That’s plenty of scope for checking email, looking at maps and other casual Wi-Fi uses.

CyberGhost is another option that offers a free tier, but also has a paid version that boosts speed.

For detailed instructions, here’s how to set up a VPN on an iOS device and on Android.

There are many other VPN services available, including paid and free options. It’s worth doing your research to work out which is best for your needs, especially if you are a heavy-duty user.

Disconnect.me helps to protect against session hijacking via browser extensions for Chrome, Opera and Safari, but on the VPN front it also offers a standalone Android app called Secure Wireless that automatically detects unsecured Wi-Fi and activates a VPN where needed.

Check for HTTPS

Like the old saying goes, check for the lock in your browser to make sure it’s secure. One way you can force your browser to use HTTPS is through an extension, such as HTTPS Everywhere. This is available for Chrome, Firefox, Firefox for Android, and Opera.

It’s important to note that HTTPS Everywhere works by activating encryption on all supported parts of the website. As outlined in its FAQ:

“HTTPS Everywhere depends entirely on the security features of the individual web sites that you use; it activates those security features, but it can’t create them if they don’t already exist. If you use a site not supported by HTTPS Everywhere or a site that provides some information in an insecure way, HTTPS Everywhere can’t provide additional protection for your use of that site.”

Patch it up, check your apps

It’s time to start forming some good patching habits. Keep your browser and internet-connected devices up to date with the latest versions, but make sure to do this on a trusted home or work network — not on public Wi-Fi.

There have been instances of travelers being caught off guard when connecting to public or hotel Wi-Fi networks when their device prompts them to update a software package. If accepted by the user, malware was installed on the machine.

Also, if you’re on a mobile device, don’t assume that your apps are automatically secure or using HTTPS. Unless outlined by the app developer, it’s safest to presume that the app is not conducting a secure transaction. In this case, you should use your browser to log on to the service, and check for a HTTPS connection in the status bar.

Enable two-factor authentication

It’s good practice to enable two-factor authentication on services that support it, such as Gmail, Twitter and Facebook. This way, even if someone does manage to sniff out your password when on public Wi-Fi, you have an added layer of protection.

On the topic of passwords, try not to use the same password across multiple services. There are plenty of password managers available to make your life easier — here are six of our favorites.

Forget the network

Once you are all done with your Web browsing, make sure to log off any services you were signed into. Then, tell your device to forget the network. This means that your phone or PC won’t automatically connect again to the network if you’re in range.

In Windows, you can uncheck the “Connect Automatically” checkbox next to the network name before you connect, or head to Control Panel > Network and Sharing Center and click on the network name. Click on “Wireless Properties” and then uncheck “Connect automatically when this network is in range.”

On Mac, head to System Preferences, go to Network, and under the Wi-Fi section click Advanced. Then uncheck “Remember networks this computer has joined.” You can also individually remove networks by selecting the name and pressing the minus button underneath.

In Android, you can do this by entering into your Wi-Fi network list, long press the network name and select “Forget Network.” On iOS, head to Settings, select Wi-Fi networks, click the “i” icon next to the network name and choose “Forget This Network.” As an extra precaution, you should also turn on “Ask To Join Networks” which is also found in the Wi-Fi networks menu.

Finally, be very careful with what you do on public unsecured Wi-Fi. It’s best to save that Internet banking session for when you’re able to connect via cellular data, or on a secure network.