Remote working? Don’t work from a hotel, says FBI

Escaping to a quiet hotel room might sound like bliss for some remote workers — but it could be a needless risk.
12 October 2020

Beware of public wi-fi. Source: Shutterstock

  • The FBI has observed a ‘trend’ of home-workers beginning to work from hotels, but cautions against using hotel wi-fi networks
  • US hotels have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment
  • The agency cautions of a rise in cyber attacks targeting inconsistent or lax hotel wi-fi and guests’ security complacency

Remote working has been a refreshing change for some, but the home office can quickly become a distracting place. Seeking to offset a lack of overnight bookings, many hotels are increasingly offering rooms as quiet, distraction-free work environments via daytime reservations.

But while this might sound idyllic for those seeking to escape the same four walls, you’d be wise to think twice. That’s according to the Federal Bureau of Investigation (FBI), at least.

Hotel targets

Observing a rising trend of workers making use of daytime room reservations, the FBI has officially urged caution when using hotel wireless networks for any type of remote working. In a public service announcement, the agency said: “While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home wi-fi networks.”

Hotel networks, in particular, are targeted in an attempt to steal personal details from guests, typically by using an “evil twin attack”, the agency explained. This involves the creation of a malicious copycat wireless network that can be easily mistaken for a hotel’s real wi-fi service. The method is a popular trick to lure potential victims where there are lots of people accessing hotel wi-fi in a confined space.

Hotels are regular targets of cyberattacks also because they hold guest name records, personal information, as well as credit card numbers. The possibility of hundreds of unaffiliated people using the same network poses a security risk in itself, and because hotel networks are built for customer convenience more than anything, they are never the most secure of networks to access.

Old and outdated network equipment can also make for an easy gig for hackers, while there is no way of knowing whether default passwords have been changed or how often the hotel firmware has been updated.

“Malicious actors can exploit inconsistent or lax hotel wi-fi security and guests’ security complacency to compromise the work and personal data of hotel guests. Following good cybersecurity practices can minimize some of the risks associated with using hotel wi-fi for telework,” added the FBI’s advisory.

Usual suspects

This type of cybersecurity threat isn’t new, but a change in working practices is highlighting its dangers. Many of the same security issues apply to cafes and other open networks. Last year, it was found that one of the New York branches of co-working startup WeWork had inadvertently compromised hundreds of connected devices on its network, exposing private data, including emails, financial records, client databases, ID scans, individual’s bank accounts details.

While the chances of being hacked via hotel wi-fi may seem low and worth the risk, the consequences can be dire, ranging from cyber espionage, data theft, and even ransomware attacks.

If workers do intend to use hotel wi-fi for work, it’s vital to always check the connection for any signs that the network has been compromised. This can include devices running unusually slowly, apps launching on their own without prompt, automatic website redirections, pop-up adverts appearing more often, battery life exhausting rapidly, cursors moving on their own, as well as an increase in unwanted emails, text messages, and calls. And while these signs can seem obvious, they can also be easily dismissed when remote workers are busy trying to complete tasks during the workday.

The best way to avoid wi-fi security issues is to steer clear entirely. Bringing your own wireless access via a mobile hotspot or data sim means you can still take advantage of a quiet room when working from home. A VPN will also provide extra protection while it’s also vital to keep all security and operating systems updated.

If there’s anything worse than being distracted at home during work hours, it’s being hacked. At a time when cybersecurity has never been so important, protecting yourself against looming threats is crucial for the mobile workforce.