Whether it’s to check into a flight, catch up on work emails, or stay in touch with loved ones, chances are if you’re staying at a hotel, you’ll use the property’s Wi-Fi network. It’s a common amenity, meant to make the guest experience more convenient. It’s also an amenity that comes with security and privacy risks.
Identity theft is at an all-time high across the United States, with a new victim falling prey to the attacks every 22 seconds. In recent years, most of the major hotel groups, including Marriott Bonvoy Hotels, Hilton Worldwide Holdings, InterContinental Hotels Group, and Hyatt Hotels, have reported data breaches, which makes using their Wi-Fi a risky choice for conducting sensitive activities, such as online banking and accessing confidential work documents.
“Hotel Wi-Fi is often not as secure as one might hope, primarily because it typically lacks stringent security measures,” John Price, CEO of SubRosa, a cybersecurity and risk advisory firm. “These networks are usually accessible to many guests, potentially including malicious actors who might exploit the network to intercept data transmitted over it.”
That’s not to say you can’t use your hotel’s internet. It does mean, however, that you should consider taking some precautions. Here’s what you need to know about safely using a hotel Wi-Fi network.
What are the risks of connecting to your hotel’s Wi-Fi?
Thousands of guests typically use a hotel’s Wi-Fi each month, which results in heaps of customer data stored in databases, website cookies, and devices. That’s very enticing for hackers. Even the FBI has issued warnings on the dangers of using hotel Wi-Fi.
According to a whitepaper on hospitality cyber threats, “Through a hotel’s Wi-Fi system, hackers can access guests’ laptops or mobile phones in order to use malware to infect guests’ devices, hijack their data, and steal passwords to their bank or other accounts and more.”
The easiest way for hackers to get your personal information is through unsecured networks, meaning anyone can sign into it without a password. Once in a network, hackers can intercept data, including passwords and credit card details. If you can avoid using an unsecured network, you should. And it’s worth noting that even if your browser loads a welcome or sign-in page, it could still be an unsecured network.
“You can check using your network settings of whatever device you’re using—generally, there will be a section that says the security type of the network,” said Alexander Linton, director at the encrypted messaging app Session. “Secured networks require a password before you can connect to the network. However, if the password is widely shared, it’s still not an ideal scenario for your security or privacy.”
Another risk is a Man-in-the-middle (MITM) attack, which Linton explains is when “the attacker is able to intercept and possibly alter your communication. For example, if you were trying to load your bank’s website, a MITM could present a ‘fake’ website to you—[and] possibly to try and steal your login information.”
Threats also occur when hackers position themselves as a Wi-Fi network—the so-called bad twin. “In this scenario, cybercriminals set up fake, unprotected Wi-Fi hotspots next to the hotel to trick guests into connecting,” said Franklin Orellana, chairperson of the Data Science Program at Post University. “These networks often have unsuspecting names such as Guest Wi-Fi or Free Hotel Wi-Fi. When victims connect to this hotspot, their personal information is sent to the hacker.”
How to protect your information on hotel Wi-Fi
Using your hotel Wi-Fi to browse for restaurant recommendations or things to do in a given city is generally safe, according to Kurt Long, cofounder of Bunkr, a cybersecurity company. However, he said risks go up fast if you conduct a transaction or send personal information.
“A very good assumption is that the hotel Wi-Fi is compromised,” Long said, adding that “we should assume this about every public network, not just our hotel’s Wi-Fi.”
Below are tips for decreasing your exposure to identity theft, fraud, and cybercrime.
Use a VPN
A virtual private network (VPN) encrypts your internet traffic, so even if someone intercepts your activity, they won’t be able to see any of it (and therefore won’t be able to steal it). Ensure you use a reputable VPN service and connect to it whenever you use hotel Wi-Fi.
Enable HTTPS
Websites that use HTTPS encrypt the data transmitted between your browser and the site (the S stands for secure). Look for https:// at the beginning of the URL or a padlock icon in the address bar to ensure your connection is secure, especially when sharing sensitive information such as login credentials, credit card numbers, and email login information. Linton said you might also consider downloading a browser extension such as HTTPS Everywhere, which will warn you if the website you’re viewing is not encrypted through HTTPS.
Keep software updated
Ensure that your operating system, browser, and antivirus software are up to date. Updates often include security patches that protect against known vulnerabilities.
Use two-factor authentication
Enabling two-factor authentication on your accounts adds an extra layer of security by requiring a second form of verification (such as a text message code) in addition to your password when you sign in.
Avoid sensitive transactions
Refrain from accessing banking services, making online purchases, or entering sensitive information while on hotel Wi-Fi. If you need to make a sensitive transaction, consider using your mobile data connection instead of the hotel Wi-Fi.