Public Wi-Fi has come a long way over the last few years in terms of improved security as many have realized that by offering this amenity, they are somewhat liable if their occupants get hacked while using it. Wireless access is now everywhere, on trains, in shopping centre and just about anywhere we meet other people.
Nevertheless, it is still very important to use these networks with caution and take a zero-trust approach.
IT’S AMONG THE FIRST things we say — sometimes to no one in particular — when we check into our hotel room: “what’s the Wi-Fi password?”
Well, logging onto the hotel’s internet might not be as innocuous as it seems. It often lacks adequate security controls and privacy, making it a prime target for cyber criminals looking to steal your information. Does this mean you should be paranoid every time you use hotel Wi-Fi? Absolutely not. But there are a few things you can do to keep yourself and your information safe while traveling.
This is what you should know about accessing hotel Wi-Fi responsibly, according to a cyber security expert.
Is it safe to use hotel Wi-Fi?
Hotels confer a degree of security with and air of cosy comfort. Unfortunately, that doesn’t necessarily extend to the internet services hotels provide. That’s largely due to the public nature of guest Wi-Fi, and the lack of appropriate privacy measures.
“Access to the internet via the hotel guest Wi-Fi usually public access with no security controls between guests at the hotel and those on the Internet,” says Ron Tosto, CEO and founder of the cybersecurity and compliance consulting firm Servadus Consulting. “That means anyone near the hotel can access the hotel network to monitor any traffic going to and from the internet. Every connected computer or mobile device is accessible for hacking.”
Logging into the hotel’s public Wi-Fi might seem like a simple, almost automatic action, but doing so means exposing yourself to more than you might realize.
“Anyone choosing to connect their computer or mobile device to the hotel network gives the public direct access to the device,” Tosto says. “It starts the moment the device connects to the Wi-Fi or on a wired network connection in the room.”
What about hotel Wi-Fi privacy? Do cyber criminals target hotels or individuals?
It might not sound like cyber criminals would bother with hotels when there are so many hedge funds, banks, and oil companies out there as more enticing targets. In reality, cybercrime has been on the rise across the board — and that includes the hospitality industry.
“Since the start of the COVID-19 pandemic, bad actors have been increasing the number of attacks on businesses worldwide,” Tosto says. “The Verizon Payment Security Report indicates challenges with hotel security related to the payment card industry (PCI) or credit cards. This combination of poor security and rise in attacks has the hospitality industry as a whole at risk.”
So no, cyber criminals aren’t targeting you directly and personally, but hotels are tantalizing for dragnet cybercrime — especially those that cater to business travellers. According to a recent PwC Hotels Outlook report, hospitality has the second-highest number of cybersecurity breaches after the retail industry, and an Insights study found 13 “notable” data breaches in the past three years alone. Sabre Hospitality, for example, suffered a breach in mid-2017 that heavily impacted its reservation system.
How to use hotel internet safely
There’s plenty you can do to protect yourself during your stay.
First, Tosto recommends avoiding entering your credit card information directly into the TV if you make a purchase through the hotel TV. Reputable hotels, he says, will never ask for payment information using equipment in the room, and should instead gather credit card details at check-in. He also recommends using a VPN (Virtual Private Network), which allows users to access a public network as if their computers were connected to private networks.
“The use of a VPN prevents anyone on the hotel network from seeing traffic sent from your computer and limits the ability of anyone who tries to access the computer remotely,” he says. “Business travellers should also keep their computers and mobile devices connected to the corporate network via VPN.”
He also recommends making sure the websites you visit are secure, and to not click on advertisements. You can check a website’s security status by looking for the green or closed lock on your web browser near the front of the web address.
You can also circumvent the need to use your personal device altogether by using the hotel’s equipment instead.
“If the goal is to watch Netflix or another popular streaming service,” Tosto says, “watch it on the TV in the room instead. Using the TV prevents the need to connect a personal device to the hotel network. If you travel often, it’s recommended to get a mobile hotspot such as a Jetpack, which supports multiple devices. For low-bandwidth tasks like checking email or surfing the web, just use the mobile hotspot feature of your mobile device. Or simply stick to data, given the excellent speed and widespread availability of 5G cellular service.”
So no, you don’t need to be fearful that hackers are lurking in the bushes outside of your Holiday Inn. The chances of being the victim of a cyber attack are small, and taking some simple security precautions make that risk even smaller
Don’t:
- Allow your Wi-Fi to auto-connect to networks
- Log into any account via an app that contains sensitive information. Go to the website instead and verify it uses HTTPS before logging in
- Leave your Wi-Fi or Bluetooth on if you are not using them
- Access websites that hold your sensitive information, such as such as financial or healthcare accounts
- Log onto a network that isn’t password protected
Do:
- Disable file sharing
- Only visit sites using HTTPS
- Log out of accounts when done using them
- Use a VPN to make sure your public Wi-Fi connections are made private