Every year, thousands of people travel to Las Vegas to get a glimpse of the newest advancements in technology before everyone else at the Consumer Electronics Show. While tech-heads live-tweet about the coolest gadgets on the showroom floor—or Michael Bay’s breakdown via teleprompter malfunction—it’s likely they’re connecting to the Internet wirelessly through a public hotspot. It all seems pretty safe; after all, CES is no Defcon, one of the world’s largest hacking conventions, held in Las Vegas five months earlier. But it’s pretty easy for just about anyone to gain access to your personal information through a public Wi-Fi hotspot.

You’re not just vulnerable at tech conventions, but as Kent Lawson, CEO and founder of virtual private network (VPN) software Private WiFi, demonstrated live on the floor of CES, anyone who has the wherewithal to tap into your personal information can—via a public hotspot. “We cracked into the Wi-Fi from a couple of the casinos around town and were transmitting that information live,” Lawson says, quickly adding that he did so in a way that ensured everyone’s privacy.

But how? Lawson explains that the free, public Wi-Fi you use at Starbucks, the airport or the restaurant where you last grabbed lunch is a potential hazard because it’s just that—public. “Everything being sent back and forth between your device over Wi-Fi is just radio waves,” Lawson says. “They can be intercepted by anybody with a receiver tuned to the right frequency. All you need is an ordinary laptop and you can hack into all the communication going into the hotspot.” With the recent Target credit card breach and headlines about the NSA spying on our every move, ensuring our Internet privacy seems more important than ever—but is it possible?

Lucikly, surfing the Internet at home is, for the most part, safe. If you’re set up properly—that is, your connection is password-protected and you’re using WPA or WP2 security to hook up to the Internet at home—then your Wi-Fi signal is encrypted, Lawson says, “and that is quite secure.” But if you’re using an old Wi-Fi adapter (five years or more), then it’s probably using WEP security, “and that can be cracked in about three minutes,” Lawson says.

So what does that mean for you at home, making online transactions and checking your bank statements? “It means someone can be sitting outside your house and listening to everything that goes on. If your Wi-Fi is unencrypted, someone can share your files just as easily.”

Hopefully, you’ve taken the proper steps to secure your at-home Wi-Fi. But when you’re out in public, there are fewer preventative measures you can take to secure your information. Be careful what you do in a hotspot, Lawson says. If you’re using an HTTP secure (HTTPS) connection—you can tell if there’s a lock visible in your web browser— then you’re relatively safe. Facebook and Gmail use HTTPS connections, and probably your work email, too. Don’t make transactions online—save the online shopping for at home—and don’t log into your bank account in a public hotspot (this includes activity on your smart phone or tablet). It sounds simple, but how many times have you briefly logged into your bank to check your account balance? If you’re like me, it’s often.

Just like firewall and antivirus protection, there’s new software out there that allows users on a public Wi-Fi hotspot to have a personal VPN, just like the one that you’re likely on at work. The software isn’t free, but Lawson suggests it’s the next step in Internet security, especially when protecting your identity and information. But no matter how you decide to protect yourself when browsing the web, knowing the risks of public Wi-Fi hotspots can only help you surf safer. Whether you’re at CES, Defcon, or just a local coffee shop, Lawson says, “It’s your responsibility to protect yourself.”