Wi-Fi security risks are always something to consider when using any kind of public hotspot, but the FBI has this week issued a specific warning about working from hotels during the coronavirus crisis …
The agency said that it’s noticed a growing number of people using hotels for working as they seek respite from distractions at home, such as young children.
FBI has observed a trend where individuals who were previously teleworking from home are beginning to telework from hotels.
US hotels, predominantly in major cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks.
Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests. Following good cyber security practices can minimize some of the risks associated with using hotel Wi-Fi for telework.
The FBI specifically warns about man-in-the-middle attacks, where an attacker uses a laptop and some low-cost equipment to create a fake hotspot.
Criminals can also conduct an “evil twin attack” by creating their own malicious network with a similar name to the hotel’s network. Guests may then mistakenly connect to the criminal’s network instead of the hotel’s, giving the criminal direct access to the guest’s computer.
It notes that hotel Wi-Fi networks often offer a very low level of security thanks to a combination of elderly hardware and prioritizing ease of use over protection.
Hotel networks are often built favoring guest convenience over robust security practices. Smaller hotels will often post placards at the service desk stating the password for Wi-Fi access, and change this password very infrequently […]
Currently, there is no hotel industry standard for secure Wi-Fi access. If teleworking from a hotel, guests should not implicitly trust that the hotel has properly secured their network or is monitoring it for attacks […]
Even if a hotel is using modern equipment, the guest has no way of knowing how frequently the hotel is updating the firmware of that equipment or whether the hotel has changed the equipment’s default passwords. The hotel guest must take each of these factors into consideration when choosing whether to telework on a hotel network.
The FBI makes a series of security and privacy recommendations, beginning with using a reputable VPN to protect your connections.
- If possible, use a reputable Virtual Private Network (VPN) while teleworking to encrypt network traffic, making it harder for a cybercriminal to eavesdrop on your online activity.
- If available, use your phone’s wireless hotspot instead of hotel Wi-Fi.
- Before travelling, ensure your computer’s operating system (OS) and software are up to date on all patches; important data is backed up; and your OS has a current, well-vetted security or anti-virus application installed and running.
- Confirm with the hotel the name of their Wi-Fi network prior to connecting.
- Do not connect to networks other than the hotel’s official Wi-Fi network.
- Connect using the public Wi-Fi setting, and do not enable auto-reconnect while on a hotel network.
- Always confirm an HTTPS connection when browsing the internet; this is identified by the lock icon near the address bar.
- Avoid accessing sensitive websites, such as banking sites, or supplying personal data, such as social security numbers.
- Make sure any device that connects to hotel Wi-Fi is not discoverable and has Bluetooth disabled when not in use.
- Follow your employer’s security policies and procedures for wireless networking.
- If you must log into sensitive accounts, use multi-factor authentication.
- Enable login notifications to receive alerts on suspicious account activity.