Why you should avoid hotel Wi-Fi like the plague

What are the cybercriminals after?

Your digital footprint. "Cybercriminals aren't interested in a laptop or email addresses in isolation, but in stealing a victim's online ID and gaining access to all the resources they are able to connect to," says Emm. The target isn't the laptop itself, but company servers, emails and other remote resources.

Business traveller

Business travellers are prime targets for cybercriminals. Image courtesy British Airways

Are we safe with SSL websites?

You shouldn't assume that using SSL websites (those using 'https://') mean you're protected. "You might think you're protected if you only use SSL websites, but beyond passive listening an attacker in another hotel room can redirect your traffic via his machine, and easily defeat SSL," says Wilkinson.

Nor are portals safe. "Networks that have portals requiring a username and password can also still be intercepted or manipulated by an attacker," says Chismon.

How can I stay safe on hotel Wi-Fi?

The threats are many, but the solution is simple – use a Virtual Private Network (VPN). "This will encrypt traffic leaving your devices all the way to your VPN server," says Wilkinson. "Most IT departments should have one for employees to use, or these services can be rented for a small fee."

"A VPN encrypts traffic data, making it far more difficult to sniff," says Crocker, who advises that all business travellers turn off file sharing, check firewalls are up to date and patched, use different passwords, force HTTPS wherever possible, and turn Wi-Fi off when it's not being used.


Global Wi-Fi hotspots like Goodspeed are much more secure than public Wi-Fi

Is there a safer alternative to hotel Wi-Fi?

Public and citywide Wi-Fi is just as risky; consider these networks unencrypted and open. If you're a commuter using public Wi-Fi, you're putting corporate data at risk.

The safest way for businesses and frequent international travelers to get online while abroad is via the mobile network. Where possible, travelers are recommended to use mobile 4G connections, either tethering to their phone or by using a dongle. Many providers now offer free data roaming in numerous countries, although those after a 'little black box' global Wi-Fi hotspot for multiple devices also have options.

The Goodspeed 4G Hotspot is available for $149, offers a daily flat rate of $8.50 for 250MB of data when roaming, and has password-protected coverage in 85 countries. Other global operators are now starting to offer unlimited EU/global data plans for business customers, while those visiting remote places can rent a mobile hotspot from TEP or Vision Global WiFi.

Is mobile data as good as hotel Wi-Fi?

"In many locations the upload and download speeds are as good, if not better than Wi-Fi," says Leybourne. "Mobile data is more secure than Wi-Fi due to the encryption automatically applied to CDMA/LTE and HSDPA/3G-based connections by mobile operators," adds Tyler. "There is no longer an excuse not to use them."

"An alternative would be to look into products like iPass or Skype Wi-Fi in combined usage with VPN technology to secure the connections used," says Moody.

Wi Fi traffic

Traffic is broadcast loudly over Wi-Fi, so MiFi or 4G is safest

What should hotels do to secure their Wi-Fi?

This would seem the most sensible option, especially since there are legal implications for hotels offering Wi-Fi networks that get hacked.

"With the demand for free Wi-Fi on the rise, hotels need to ensure they are integrating the latest solutions that can provide packages that are tailored to guests' download demands and cost requirements," thinks Lee Marsden, President of ZyXEL Europe.

"Connectivity and security vendors are increasingly looking to provide Unified Threat Management (UTM) solutions to both public spaces and hotels alike." UTM means network security for guests, and helps meet the growing demand for higher-speed web connections. This doesn't just apply to hotels – coffee shops, train stations and towns need to consider UTM, too. 

Over time, things should also improve. With the discovery in 2017 of the KRACK vulnerability, which exploits the four-way handshake for a client to join a wireless network, the Wi-Fi Alliance announced its new security protocol, known as WPA3 at CES 2018. Expected to be available in 2018, the enhancements will include encrypted security sessions even at public wireless hotspots.

When in doubt, a belt-and-braces approach is best – business travellers should routinely use a VPN or their mobile network, because free hotel Wi-Fi could prove hugely costly.

Securing your digital lifestyle doesn’t have to be a tedious or expensive process. You can achieve that in the next 60 seconds by downloading a trial of CyberGhost VPN here, risk free.