Beware of Cybersecurity Risks When Teleworking from Hotels

October 20, 2020

Teleworking from a hotel could increase the potential of criminals stealing sensitive information. Hotels, predominantly in major U.S. cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, the FBI warns that accessing sensitive information from hotel Wi-Fi poses an increased security risk over home networks.

“Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests,” the FBI said in an alert. “Following good cybersecurity practices can minimize some of the risks associated with using hotel Wi-Fi for telework.”

Dangers Using Hotel Wi-Fi

Cyber criminals can take advantage of hotel Wi-Fi to monitor a victim’s internet browsing or redirect victims to false login pages. Criminals can also conduct an “evil twin attack” by creating their own malicious network with a similar name to the hotel’s network. Guests may then mistakenly connect to the criminal’s network instead of the hotel’s, giving the criminal direct access to the guest’s computer.

Hotel networks are often built favoring guest convenience over robust security practices, according to the FBI. Smaller hotels will often post placards at the service desk stating the password for Wi-Fi access, and change this password very infrequently. At its most robust, access to a hotel Wi-Fi network is typically governed by a combination of room number and password.

Risks to Business Data

Connecting personal or business devices to the hotel’s wireless network may allow malicious actors to compromise the individual’s device and then access the business network of the guest’s employer. Once the malicious actor gains access to the business network, they can steal proprietary data and upload malware, including ransomware, the FBI said. Cybercriminals or nation-state actors can use stolen intellectual property to facilitate their own schemes or produce counterfeit versions of proprietary products. Cybercriminals can use information gathered from access to company data to trick business executives into transferring company funds to the criminal.

Signs Your Device has been Compromises

According to the FBI, there may be no visible changes to your device. Some signs that may indicate your computer, phone, or tablet has been compromised include:

  • mobile device slows down suddenly
  • websites automatically redirect away from the website you are attempting to visit
  • the cursor begins to move on its own
  • a mobile device begins to launch apps on its own
  • an increase in pop-up advertising
  • a sudden increase in data usage
  • faster than usual decrease in battery life
  • unexplained outgoing calls, texts or emails

What to do if Your Device has been Compromises

  • Do not forward any suspected e-mails or files
  • Disconnect the device from all networks immediately and turn off Wi-Fi and Bluetooth
  • Consult with your corporate IT department, ensuring they are notified of any significant changes
  • If there is no IT department, consult with qualified third-party cyber security experts.
  • Report cyber attacks or scams to the FBI’s Internet Crime Complaint Center at ALTA has created a video on how to file a complaint.

Recommendations for Reducing Risks of Hotel Wi-Fi

  • If possible, use a reputable Virtual Private Network (VPN) while teleworking to encrypt network traffic, making it harder for a cybercriminal to eavesdrop on your online activity
  • If available, use your phone’s wireless hotspot instead of hotel Wi-Fi
  • Before travelling, ensure your computer’s operating system (OS) and software are up to date on all patches; important data is backed up; and your OS has a current, well-vetted security or anti-virus application installed and running
  • Confirm with the hotel the name of their Wi-Fi network prior to connecting
  • Do not connect to networks other than the hotel’s official Wi-Fi network
  • Connect using the public Wi-Fi setting, and do not enable auto-reconnect while on a hotel network
  • Always confirm an HTTPS connection when browsing the internet; this is identified by the lock icon near the address bar
  • Avoid accessing sensitive websites, such as banking sites, or supplying personal data, such as social security numbers
  • Make sure any device that connects to hotel Wi-Fi is not discoverable and has Bluetooth disabled when not in use.
  • Follow your employer’s security policies and procedures for wireless networking.
  • If you must log into sensitive accounts, use multi-factor authentication.
  • Enable login notifications to receive alerts on suspicious account activity.

Contact ALTA at 202-296-3671 or [email protected].