How Secure Is Your Hotel's Wi-Fi?
Heed these precautions to keep data safe on the road
by Michael J. ShapiroOctober 1, 2012
Michael J. Shapiro
A senior editor who covers technology for Meetings & Conventions, would like to thank security evangelist Stephen Cobb at ESET
for his assistance and insight.
Look for cyber warnings at fbi.gov/scams-safety/e-scams.•
Always back up your system and do software upgrades before traveling.•
Avoid banking or bill-paying while on a hotel Wi-Fi network.•
Password-protect your mobile devices.•
Activate security that can remotely wipe your mobile device if stolen.
Is the hotel Wi-Fi network in your room secure? Probably not. Following are key steps for planners and individual travelers to take to keep gadgets and data safe.
This page is protected by Copyright laws. Do Not Copy
Do Your Research When selecting a hotel, ask the property what Internet service provider it uses, advises Stephen Cobb, a "security evangelist" at cyber-security software provider ESET. Especially if you're considering bringing a meeting to that location, the property should be willing to provide this information.
Be aware that no entity certifies or polices such providers. However, take a look at the provider's website: Does it look legitimate and professional? Does it refer to security measures and the type of encryption used? The major providers should mention these details, and often list the hotel companies for which they provide service.
Find out from the hotel or directly from the provider if they support Virtual Private Network connections. In many cases, corporate travelers use company-issued laptops to connect via the corporate VPN. Once connected in that fashion, the data on the laptop is far more secure.
Connect with Caution When connecting to a Wi-Fi network, note whether it is open or closed and, if the latter, what kind of encryption it uses. If you're using Windows 7, you can click on the network name to get more information about that encryption; on a Mac, the type of encryption is specified in the password request. YWPA2 encryption is the preferred mode; the old WEP protocol is too easy to crack.
Wi-Fi networks are frequently open, meaning you don't need to enter a password to join them. This often is the case in hotels, convention centers, even coffee shops. To actually connect to the Internet, though, a login screen generally appears in the browser once you've joined the hotspot. At that point you enter whatever login information is required -- a hotel room, name, password, a credit card number if access isn't free. The problem: That scenario is not very secure.
"Your information travels between your device and the Internet 'in the clear,' and it is susceptible to various attacks," says Cobb. Now, if you're connected to a website via a secure protocol, such as https, then the connection between you and that website is encrypted. (Make sure that's the case before entering credit card information.) "However," Cobb warns, "even then you are susceptible to 'side-jacking,' in which someone in range of that hotspot steals your credentials and pretends to be you." Any password information you enter on a login screen is there only so you can be identified and billed; it doesn't encrypt your connection.
Just in Case If you must use an unencrypted, or poorly encrypted, network, Windows 7 provides the opportunity to specify that you are on a "public" network. Once you do this, Windows will reduce the amount of information that's visible to prying eyes. And if you have the opportunity to log into a company VPN, it's especially crucial to do so while on an unencrypted network. That encrypts all data you communicate from a hotspot, regardless of the security of the Wi-Fi network itself.