Image: Woman with computer © Jose Luis Pelaez, Getty Images

If you use a free Wi-Fi connection in an airport, cafe, hotel or some other public space, you may be taking a big risk with your credit card information and other important data.

But the good news is there are steps you can take to secure your information.

About one in five people who surf the Internet have used free, public wireless Internet connections (or Wi-Fi), according to JiWire, a San Francisco company that directs advertising toward Wi-Fi users. In doing so, those Wi-Fi users were taking a chance -- whether they realized it or not -- that their computers wouldn't be hacked and their identities stolen by another person sharing the same connection. Experts say that's because anything you do while you're on a public connection is less secure than when you're logged in at your home or office.

"Whatever you send over the Wi-Fi, whether you are at a restaurant or a grocery shop, the only thing that is secured or encrypted is your log-in," said Rami Khasawneh, the chairman for the Management Information Systems department at Lewis University in Romeoville, Ill.

While most merchants, banks and credit card companies encrypt their websites so they are more secure than email and social networks, hackers can potentially use "cookies" from your email and social network sites to steal credit card data or other personal information. That's a serious vulnerability for lots of people, but it's one that many busy consumers are willing to live with.

"The speed of technology has far outpaced the security of the technology," said Robert Siciliano, the CEO of "What this boils down to is convenience. We forgo security for convenience, because we say we don't want to spend an entire Saturday in the office or on a wired connection at home. So we would rather risk a little bit to get a little bit."

Exposing the problem

Though experts say free public wireless connections have always left users vulnerable to attack from hackers, the issue came more to the public's attention after a Seattle-based independent software developer released the Firesheep program.

Someone using Firesheep can capture cookies transmitted over a public Wi-Fi connection and use those cookies to gain access to the email and social networking accounts of anyone using the network. Capturing this data allows fraudsters to "sidejack" you, pretending they are you and gaining access to whatever information you've provided the site. For example, if you've emailed credit card data, Social Security numbers or other personal information used to identify you in financial transactions, hackers can gain access to them through those emails.

The program's developer, Eric Butler, stated on his website that his intention was to persuade websites such as Facebook, Twitter, Yahoo, Hotmail and others to encrypt a user's session after logging in.

"Someone with bad intentions could do a lot, especially with the social networks, where it's so easy to reach out to someone's followers," said Julien Sobrier, senior security researcher at Zscaler, a San Francisco company that specializes in securing online data transfer.