Call Us - We're Easy to Talk To (214) 999-9999
Tap to Call Direction

Increase in Telework from Hotels Could Pose a Cyber Security Risk for Guests

Posted on December 16 by

The FBI is worried about hotel Wi-Fi across the US. So worried in fact, the bureau is asking remote workers to think twice before using it. Please read the public service announcement and take the appropriate precautions. Here are the opening paragraphs, and some tips:

The Federal Bureau of Investigation is issuing this announcement to encourage Americans to exercise caution when using hotel wireless networks (Wi-Fi) for telework. FBI has observed a trend where individuals who were previously teleworking from home are beginning to telework from hotels. US hotels, predominantly in major cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks. Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests. Following good cybersecurity practices can minimize some of the risks associated with using hotel Wi-Fi for telework.

DANGERS OF USING HOTEL WI-FI

Attackers target hotels to obtain records of guest names, personal information, and credit card numbers. The hotel environment involves many unaffiliated guests, operating in a confined area, and all using the same wireless network. Guests are largely unable to control, verify, or monitor network security. Cybercriminals can take advantage of this environment to monitor a victim’s internet browsing or redirect victims to false login pages. Criminals can also conduct an “evil twin attack” by creating their own malicious network with a similar name to the hotel’s network. Guests may then mistakenly connect to the criminal’s network instead of the hotel’s, giving the criminal direct access to the guest’s computer.

Hotel networks are often built favoring guest convenience over robust security practices. Smaller hotels will often post placards at the service desk stating the password for Wi-Fi access and change this password very infrequently. At its most robust, access to a hotel Wi-Fi network is typically governed by a combination of room number and password. This combination only governs devices accessing the hotel’s network but does not provide a secure internet connection. Currently, there is no hotel industry standard for secure Wi-Fi access. If teleworking from a hotel, guests should not implicitly trust that the hotel has properly secured their network or is monitoring it for attacks.

RECOMMENDATIONS FOR REDUCING THE RISKS OF HOTEL WI-FI

  • If possible, use a reputable Virtual Private Network (VPN) while teleworking to encrypt network traffic, making it harder for a cybercriminal to eavesdrop on your online activity.
  • If available, use your phone’s wireless hotspot instead of hotel Wi-Fi.
  • Before traveling, ensure your computer’s operating system (OS) and software are up to date on all patches; important data is backed up; and your OS has a current, well-vetted security or anti-virus application installed and running.
  • Confirm with the hotel the name of their Wi-Fi network prior to connecting.
  • Do not connect to networks other than the hotel’s official Wi-Fi network.
  • Connect using the public Wi-Fi setting, and do not enable auto-reconnect while on a hotel network.
  • Always confirm an HTTPS connection when browsing the internet; this is identified by the lock icon near the address bar.
  • Avoid accessing sensitive websites, such as banking sites, or supplying personal data, such as social security numbers.
  • Make sure any device that connects to hotel Wi-Fi is not discoverable and has Bluetooth disabled when not in use.
  • Follow your employer’s security policies and procedures for wireless networking.
  • If you must log into sensitive accounts, use multi-factor authentication.
  • Enable login notifications to receive alerts on suspicious account activity.

The FBI encourages victims to report information concerning suspicious or criminal activity to their local field office (www.fbi.gov/contact-us/field-offices) or to the FBI’s Internet Crime Complaint Center (www.ic3.gov). For additional resources and best practices for staying safe while teleworking—such as guidance on managing VPNs, videoconferencing, or using wireless devices for telework—visit https://www.cisa.gov/telework.

Bob Kraft

I am a Dallas, Texas lawyer who has had the privilege of helping thousands of clients since 1971 in the areas of Personal Injury law and Social Security Disability.

About This Blog

The title of this blog reflects my attitude toward those government agencies and insurance companies that routinely mistreat injured or disabled people. As a Dallas, Texas lawyer, I've spent more than 45 years trying to help those poor folk, and I have been frustrated daily by the actions of the people on the other side of their claims. (Sorry if I offended you...)

If you find this type of information interesting or helpful, please visit my law firm's main website at KraftLaw.com. You will find many more articles and links. Thank you for your time.

Popular

Related Topics

Find us on your preferred network

Facebook Twitter Google+ LinkedIn
AVVO

Dallas

(214) 999-9999

Fort Worth

(817) 999-9999

Toll Free

(800) 989-9999