FBI Warns Teleworkers of the Risks of Using Hotel Wi-Fi Networks

With physical offices shifting to a virtual environment during the pandemic, most remote workers can work from anywhere – café, a hotel or even a mountain lodge.

However, this newfound mobility has drawbacks. Working from public locations with unsecured Wi-Fi connections could lead to the compromise of personal and company data.

The latest Federal Bureau of Investigation (FBI) public service announcement warns citizens to be careful when using wireless hotel networks for remote work.

“The FBI has observed a trend where individuals who were previously teleworking from home are beginning to telework from hotels,” the announcement reads.

“US hotels, predominantly in major cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks.”

By exploiting the lack of necessary safeguards against cyberattacks, criminals can target hotel networks to gather sensitive guest information, such as names and credit card information

Cybercriminals could even create a malicious network (“evil twin attack”) masquerading as the hotel’s network to steal private data or take over the guest’s device.

“Hotel networks are often built favoring guest convenience over robust security practices,” the FBI added. “Smaller hotels will often post placards at the service desk stating the password for Wi-Fi access, and change this password very infrequently.”

With no industry standard to impose secure Wi-Fi access, people working from a hotel should adhere to good cybersecurity practices to minimize the risks of using these wireless networks.

The risks increase with old or outdated equipment often found in some hotels. However, the FBI highlights that, even if a hotel’s network system uses modern equipment, a “guest has no way of knowing how frequently the hotel is updating the firmware of that equipment or whether the hotel has changed the equipment’s default passwords.”

Additionally, connecting a personal or business device to an unsecure hotel network could allow bad actors to compromise the device and access the employee’s business network to deploy malware and ransomware.

The signs of device compromise may include:

• Sudden slowdowns of your mobile devices such as phones, tablets or laptops
• Websites automatically redirect away from the initial website
• The mouse cursor moves on its own
• Apps installed on the device launch without your consent
• Increased pop-up advertising
• Sudden data usage increase
• Unusual battery drain
• Unexplained outgoing calls, texts and emails

If you suspect your device may have been compromised, the alert advises you to immediately disconnect the device from the network and turn off Wi-Fi and Bluetooth connections. Never forward suspicious emails or files and consult with your corporate IT department of malicious activity. It’s also recommended to report any cyberattacks and scams directly to the Internet Crime Complaint Center at IC3.gov.

Following good cybersecurity practices can minimize risks associated with using hotel Wi-Fi for telework. If you are thinking of working from a hotel, here”s a list of recommended practices:

• Use a Virtual Private Network while working to encrypt network traffic
• If possible, use your phone data instead of the hotel Wi-Fi network for telework
• Make sure your device operating systems and software is up to date, and back up any important data
• Install a local security solution
• Avoid accessing banking websites or making online purchases while connected to the network
• Disable the Bluetooth connection on your device
• Enable multi-factor or two-factor authentication when logging into your accounts