Why the FBI warns: Beware hotel WiFi security

Pandemic employees use hotel WiFi without sufficient security to protect their personal and employer data from hackers.

Cellular RouterDuring the COVID-19 pandemic, many remote workers use poor hotel WiFi. A fascinating phenomenon has developed — a significant number of people are now working from home due to COVID lockdowns. Business people with young families have found their home environment, at times, caused a productivity problem. As a result, some workers are unable to find peace at their home office and are now using hotel rooms and hotel WiFi to create the quiet they need to work.

With occupancy rates remaining low due to the pandemic, many hotels recognized the phenomenon and began marketing their rooms as office spaces. Hotels have been offering rooms with day rates for stays as long as from 7 a.m. until 7 p.m. The rates often include free high-speed hotel WiFi Internet, fitness center access, and more.

The FBI issued a stern security warning to work-at-home employees using hotel WiFi and rooms for work.

Hackers suddenly have new hotel guests unaccustomed to the Internet security problems that “road warriors” have been fighting for years. The FBI noticed this phenomenon, too. Last week, they issued a lengthy warning about working from hotel rooms.

Hackers have a variety of weapons at their disposal. One is the “evil twin attack.” That’s where a hacker sets up a malicious network that’s easily mistaken for a hotel’s real WiFi service. The “evil twin” might even have the same network name as the actual hotel network.

Hackers gain access to a hotel network because some hotels don’t regularly update and upgrade their computing and network equipment. Many hotel networks use poor password systems. Even a password system that uses guests’ names with their room number is vulnerable, particularly if the hacker overhears guests’ names with room numbers at the front desk. When at the front desk, if a hotel employee mentions your room number, ask for another room. Sometimes hackers gain access to hotel networks through security holes due to easy to crack passwords or skipping important security updates to servers, workstations and network gear.

The FBI has reported a 300 percent increase in reported cybercrimes in the U.S. since the COVID-19 pandemic began.

Too many hotel guests believe that being hacked via hotel WiFi is rare, until it’s too late. According to Cybint, a cyber security educational company, there is an Internet hacker attack every 39 seconds and hackers affect one in three Americans every year. They note that the FBI has reported a 300 percent increase in reported cybercrimes in the U.S. since the COVID-19 pandemic began. In addition, they report that 95 percent of cybersecurity breaches are due to human error, people not doing what’s necessary to prevent the breaches.

Learn how secure WiFi can make a whopping difference
The best tip for a great hotel stay — get a hotel human touch

While perfect security is unobtainable, hotel guests can substantially protect their devices from hackers.

While no hotel guest can make themselves 100 percent safe from hackers, I have a number of concrete recommendations that can substantially help you protect your electronic devices from hacker attacks.

Operating system:
Install all security updates for your devices’ operating systems.

Antivirus and Anti-Malware:
Install and maintain high quality, reputable antivirus and anti-malware software on your devices.

Particularly for any laptop computer you’re using, install and maintain a high quality software-based firewall from a reputable company on your devices or at least use the one built into your devices’ operating system.

Using a VPN connection is essential to protect any electronic device connected to a hotel WiFi network.

Use a VPN (virtual private network). It can give you a private network across the hotel network, enabling you to send and receive data as if your computer was directly connected to the distant computer you’re accessing. It protects your data from prying eyes through various protocols and encryption. I use a VPN service whenever traveling.

Protect your Passwords:
Avoid typing passwords into your computer, if at all possible. That prevents you from revealing them to a hacker in case they’ve managed to install a “keystroke-logger” on your device. To avoid it, you can use a memory stick with a password file installed to copy and paste your passwords instead of typing them. I prefer using a password manager to enter my login information. Use strong passwords and change them regularly.

Use Two-Step Authentication:
Frankly, strong passwords aren’t enough. Employ two-step authentication whenever possible. This requires you to use authentication software, a security key, or enter a one time, limited time code, sent to you by text message or email, in addition to your username and password combination, to be able to access your accounts.

Smartphone or Cellular Router Hotspot:
If available, use your smartphone’s hotspot or a cellular router, if you have one, instead of the hotel’s WiFi system. I typically use my cellular router during domestic travel for Internet access while in hotels.

Before using any hotel WiFi network:
Before using your hotel’s WiFi network, confirm its name. Don’t use any network other than the hotel’s official WiFi network. Never enable auto-connect on hotel networks to help avoid connecting to an “evil twin.”

Even when using the prescribed recommendations, be careful about connecting to sensitive websites such as banks and credit card companies.

Careful where you connect:
Avoid accessing sensitive websites, such as banking sites, or supplying personal data, such as social security numbers, while at a hotel. Connect to them when you return home.

Make sure that no device has discoverable Bluetooth on. Better yet, disable Bluetooth when in a hotel.

Anyone working from a hotel room needs to use the above security methods to protect their devices to the extent possible. Without using them, hackers can too easily exploit hotel WiFi systems and guests’ electronic device weaknesses to steal guests’ personal data and employer data, as well.