A newly released study conducted by two faculty members and an alumnus from Cornell University’s hotel school shows that a “a substantial majority of hotels are not using all the possible tools to maintain their network’s security”. The study was the result of a direct analysis of the networks available to guests in 46 hotels and was supplemented by a survey of 147 U.S. hotels. The study is available free of charge at the website of Cornell’s Center for Hospitality Research.
The executive summary for the study notes that “many business travelers connect remotely to continue working while on the road, the potential for theft of corporate information exists. Some hotels still rely on relatively rudimentary hub technology for their networks, and these are particularly subject to hacking. Others have upgraded to more secure switches or routers. Even better is encryption for Wi-Fi connections, but that still does not prevent malicious users from intercepting guests’ transmissions”.
The study notes that some hotels are more active than others in securing their guests’ internet connections and cites a “best practice” example of a hotel in Dallas where the property “set up each node on its network as a virtual local area network, or VLAN. By using these VLANs, the hotel had separated each guest’s computer in a way that should protect against stolen data. It also gives the hotel greater control over the guest side of the network”.
Some internet security measures hotel operators can take with relative ease and low costs were highlighted in earlier posts on this site and are reproduced below:
– Urge guests to ask the correct name of the hotspot connection to help ensure a false connection is not logged into.
– Disabling a laptop’s automatic feature that conencts to the “nearest” hotspot ensures the lazy way out does not result in loss of data.
– Having a personal firewall outside of corporate firewall (which typically does nothing in a hotel) helps.
-Corporate guests who have a corporate VPN (virtual private network) have an advantage over general consumers as they can “tunnel” into their corporate network and thwart hackers.
Internet security of guests should be given just as much care as for personal valuables and that process could be helped along if more data on the extent of actual breaking into of guests’ computers is made available if only to enable operators to be a step ahead of the hackers and thieves.