The Wall Street Journal (subscription required) reports on the security risks involved in logging into hotspots in Cafes, airports and hotels – a topic this blog addressed in April of last year The Journal article notes that “many Wi-Fi users don’t know that hackers posted at hot spots can steal personal information out of the air relatively easily. And savvy criminal hackers aren’t settling for just access to credit cards, bank accounts and other personal financial information; they love to sneak into your company’s network, too”. It quotes Shawn Henry, deputy assistant director of the Federal Bureau of Investigation’s cybercrimes division as saying that “businesses that offer Wi-Fi, like hotels, often don’t know that their networks have been breached and many times don’t report incidents they know about for fear of bad publicity”. If Mr. Henry is right about his surmise on hotels, it is well nigh impossible to gage the extent of the problem in hotels. But the Journal also quotes Tom Brennan, manager for AccessIT Group, a company that assesses companies’ security vulnerabilities who opines that “the chances any one person will be hacked aren’t high, the payoff for criminals can be great” which is more likely the situation with hotel hotspots and indeed the security breach example cited in the Journal article occurred in a public park.
None of the above calls for complacency on the part of hotel IT staff and incidents reported by guests ought to be disseminated to help operators combat the problem vigorously. Some of the measures operators can take were mentioned in the April 2007 post on this blog and is reproduced below:
For starters, just asking the correct name of the hotspot connection helps ensure a false connection is not logged into. Secondly, disabling a laptop’s automatic feature that conencts to the “nearest” hotspot ensures the lazy way out does not result in loss of data. Having a personal firewall outside of corporate firewall (which typically does nothing in a hotel) will help. Corporate guests who have a corporate VPN (virtual private network) have an advantage over general consumers as they can “tunnel” into their corporate network and thwart hackers. Like in most aspects of technology Wi-Fi convenience tends to compromise safety and keeping a step ahead of the hackers is a continual process. Hotels that put out as much information to their guests as possible are doing their customers more than a service as the measures are likely to win appreciation and loyalty.