Taking advantage of the free Wi-Fi at the airport or your local coffee shop is a great way to avoid using up your mobile data plan. But there are risks. If the hotspot is not properly set-up — and many are not — hackers can intercept your traffic with off-the-shelf tools and minimal know-how.

The good news: Adding a simple piece of software known as a virtual private network (VPN) to your mobile device (a computer, tablet or smartphone) largely solves the problem. Long the standard for corporate users, and increasingly valued by on-the-go Internet surfers, VPNs create a secure path between your device and the site you intend to visit. That protected path uses encryption to shield your data from prying eyes.

To get a better sense of how VPNs help, it’s important to know that the problem is not your computer or phone, but the Wi-Fi. For instance, if you use your mobile network to surf the Web, your risk of being hacked is low. It’s not zero, of course, but comfortably minimized. Your cellular service provider has a vested interest in protecting your data, so using a high-speed wireless data plan to access the Internet is pretty safe, all things considered.

The risk for hacking increases, however, when you allow your phone or computer access to an unknown public Wi-Fi network. While fast and easy to use, your devices are now relying on the security precautions of a third party. This is a party with whom you have no relationship and who has little reason to spend money to protect you.

To remedy this, there are a number of private service VPN apps you can download to your devices. Once you install and create an account, most will stay on in the background. When you attempt to connect to a Wi-Fi signal, the app should prompt you to make the connection via the VPN, thus securing your traffic.

While the quality and the reliability of the programs can vary according to your device’s make and model, the bottom line is that you should find one that is easy for you to use. Most of app services charge a small monthly or annual fee, although some run on an advertising model. Read the terms and conditions closely to make sure you are comfortable with the business model behind the service you choose.

There are additional steps you can take to lower your risk while on the go. Remember, security is best practiced in layers, so the more of these you can put into your Wi-Fi routine, the safer you will be from hackers on the prowl.

● Use HTTPS. Financial services and many social media and email services now default to this standard, which provides an encrypted version of the site. You’ll see HTTPS in the address bar, rather than simply HTTP (“S” stands for “secure”). However, be aware that some sites might offer you unsecured content elsewhere on the same page.

● Avoid sensitive transactions. One simple move is to not use your cellular phone or computer away from home to do bank or credit card transactions.

● Use strong passwords. It’s best to use complex passwords with combinations of letters, numbers and symbols. Your device’s browser might retain these for you, which is helpful. But in this case make sure you set your phone’s lock screen in case it gets lost.

● Install a VPN while you’re at home. The time to try out a VPN is on your own secured wireless network, where you can figure out if the service meets your needs and works the way you expect. Never install new software on the road over an unsecured Wi-Fi connection.

Greg writes about personal finance, business and technology. His work has appeared in Businessweek, Newsweek, Forbes, Bankrate and a variety of trade ​publications.