Staying connected when you travel is now a necessity rather than a preference. Whether you're traveling for business or pleasure, one of the first things you probably ask is, "Does the hotel have Wi-Fi?"
Little wonder then, that a survey conducted by research group Statista, identifies Wi-Fi as the single most sought after amenity for hotel visitors across the US.
However, in the rush to get online it's easy to forget about the potential pitfalls of connecting a personal device to an unsecured public Wi-Fi network.
Here are a few issues that every traveler should be well aware of beforehand.
What Could Go Wrong with Hotel Wi-Fi?
Remember, a hotel’s main focus is hospitality, not IT security, meaning you're unlikely to find any of the sophisticated security measures that you'll find on most corporate networks.
Because these networks are freely used by a variety of devices, they rarely make use of any wireless encryption processes such as WPA (Wi-Fi Protected Access). Essentially, WPA prevents outsiders from being able to understand the communications taking place over a secured network.
On a majority of hotel networks, data is sent in clear un-encrypted text. Anyone who wants to monitor this information can do so with a cheap Wi-Fi adapter and some free network analysis software. Because of these inherent vulnerabilities, hotel networks are often a target for cyber criminal groups.
In a commonly used ploy, hackers will set up a decoy network that resembles the freely available hotel network. When users unknowingly connect to these systems, hackers set to work recording and extracting sensitive information entered onto their networks. They'll also often set up processes to redirect users towards malware-ridden sites.
Once user devices have been infected, hackers are able to control and monitor victims’ machines long after they’ve disconnected from the fake networks. These sorts of infiltrations are particularly common at top-tier hotels likely to be frequented by wealthy clients.
How Can You Protect Yourself Against Wi-Fi Hackers?
Check Your Device’s Settings!
First, make sure your computer or smartphone is not set up to connect automatically to any available Wi-Fi networks; this will prevent you from giving away access to your device before you’re adequately secured.
If your Bluetooth is on, you should turn this off as well.
Second, if you’re using a PC or Mac, ensure that your computer’s firewall is enabled. On Macs you can check this setting on your System Preferences and on Windows PCs you can find the firewall option under the Network and Internet option on the Control Panel.
Next, check your network settings to see if file sharing is turned on - if it is, disable this option so you don't unwittingly share sensitive pictures or documents with unknown parties.
Verify the Hotel Wi-Fi
Confirm the exact name of the hotel’s network and verify whether you need a password to access their Wi-Fi.
Hackers often impersonate the hotel's network by setting up an "evil twin access point", making it look like the hotel network but making it easier to join, e.g. not requiring a password or other information. They then sit back and pick up everything you're doing, gathering passwords, banking information, credit cards, etc.
Make Sure Your Connect Via HTTPS
In the absence of WPA, you should only connect to websites that use the HTTPS protocol in their URL. The extra “s” in this case stands for secure, and it means that the data you enter and receive on these portals is encrypted and impossible to monitor without a key.
However, hackers have recently gained the ability to hijack devices before they can connect to secured websites, so to be on the safe side you should refrain from logging into any accounts that contain sensitive data (your online banking account, Amazon account etc.)
Get a VPN (Virtual Private Network)
Usually when you send data over a network, it goes through the ISP (in this case the hotel Wi-Fi provider) and then to its destination. A VPN functions as a middleman in this data transaction.
Instead of going directly to the destination, the connection is encrypted and sent to the VPN service. There it is decrypted and forwarded along to the original destination.
Because all traffic follows this path, there is no way to discover anything your computer is doing over the network from the insecure Wi-Fi hotspot.
Wi-Fi Security Tips That Can Keep You Safe Everywhere
Don't let Wi-Fi be your biggest security gap! Be sure to read our "Field Guide to Secure Wi-Fi" which outlines 8 Wi-Fi vulnerabilities that employees should be aware of when travelling.