It’s among the first things we say — sometimes to no one in particular — when we check into our hotel room: “what’s the WiFi password?”
Well, logging onto the hotel’s internet might not be as innocuous as it seems. It often lacks adequate security controls and privacy, making it a prime target for cyber criminals looking to steal your information. Does this mean you should be paranoid every time you use hotel WiFi? Absolutely not. But there are a few things you can do to keep yourself and your information safe while traveling.
This is what you should know about accessing hotel WiFi responsibly, according to a cyber security expert.
Is it safe to use hotel wifi?
Hotels confer a degree of security with and air of cozy comfort. Unfortunately, that doesn’t necessarily extend to the internet services hotels provide. That’s largely due to the public nature of guest WiFi, and the lack of appropriate privacy measures.
“Access to the internet via the hotel guest WiFi s usually public access with no security controls between guests at the hotel and those on the Internet,” says Ron Tosto, CEO and founder of the cybersecurity and compliance consulting firm Servadus Consulting. “That means anyone near the hotel can access the hotel network to monitor any traffic going to and from the internet. Every connected computer or mobile device is accessible for hacking.”
Logging into the hotel’s public WiFi might seem like a simple, almost automatic action, but doing so means exposing yourself to more than you might realize.
“Anyone choosing to connect their computer or mobile device to the hotel network gives the public direct access to the device,” Tosto says. “It starts the moment the device connects to the WiFi or on a wired network connection in the room.”
What about hotel WiFi privacy? Do cyber criminals target hotels or individuals?
It might not sound like cyber criminals would bother with hotels when there are so many hedge funds, banks, and oil companies out there as more enticing targets. In reality, cyber crime has been on the rise across the board — and that includes the hospitality industry.
“Since the start of the COVID-19 pandemic, bad actors have been increasing the number of attacks on businesses worldwide,” Tosto says. “The Verizon Payment Security Report indicates challenges with hotel security related to the payment card industry (PCI) or credit cards. This combination of poor security and rise in attacks has the hospitality industry as a whole at risk.”
So no, cyber criminals aren’t targering you directly and personally, but hotels are tantalizing for dragnet cyber crime — especially those that cater to business travelers. According to a recent PwC Hotels Outlook report, hospitality has the second-highest number of cybersecurity breaches after the retail industry, and an IntSights study found 13 “notable” data breaches in the past three years alone. Sabre Hospitality, for example, suffered a breach in mid-2017 that heavily impacted its reservation system.
How to use hotel internet safely
There’s plenty you can do to protect yourself during your stay.
First, Tosto recommends avoiding entering your credit card information directly into the TV if you make a purchase through the hotel TV. Reputable hotels, he says, will never ask for payment information using equipment in the room, and should instead gather credit card details at check-in. He also recommends using a VPN (Virtual Private Network), which allows users to access a public network as if their computers were actually connected to private networks.
“The use of a VPN prevents anyone on the hotel network from seeing traffic sent from your computer and limits the ability of anyone who tries to access the computer remotely,” he says. “Business travelers should also keep their computers and mobile devices connected to the corporate network via VPN.”
He also recommends making sure the websites you visit are secure, and to not click on advertisements. You can check a website’s security status by looking for the green or closed lock on your web browser near the front of the web address.
You can also circumvent the need to use your personal device altogether by using the hotel’s equipment instead.
“If the goal is to watch Netflix or another popular streaming service,” Tosto says, “watch it on the TV in the room instead. Using the TV prevents the need to connect a personal device to the hotel network. If you travel often, it’s recommended to get a mobile hotspot such as a Jetpack, which supports multiple devices. For low-bandwidth tasks like checking email or surfing the web, just use the mobile hotspot feature of your mobile device. Or simply stick to data, given the excellent speed and widespread availability of 5G cellular service.”
So no, you don’t need to be fearful that hackers are lurking in the bushes outside of your Holiday Inn. The chances of being the victim of a cyber attack are small, and taking some simple security precautions make that risk even smaller.