As more and more hotels are turning rooms into offices, the FBI is warning remote workers of cyber-threats lurking in the shadows.
With the COVID-19 pandemic forcing an increasing number of companies to shift to remote work, employees working from home have been struggling to find a quiet, distraction-free environment for work. The hospitality industry has also been impacted by the pandemic, with more and more hotels across the United States offering their empty rooms as daytime makeshift offices for remote workers seeking to work in peace.
Taking note of the trend, the FBI’s Internet Crime Complaint Center (IC3) has issued an announcement warning about the risks of using hotel Wi-Fi networks to access sensitive and work-related information. “Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests,” the Bureau warned.
Related reading: Public Wi‑Fi security: Your questions answered
Hotel guests connected to Wi-Fi networks can be easy targets for cybercriminals, who can launch a variety of attacks to target their victims. This includes infiltrating a poorly secured network to monitor their victims’ traffic and redirect them to fraudulent login pages, or launching an “evil twin” attack, wherein the attacker creates a malicious Wi-Fi network that carries a similar name to the hotel’s network in order to dupe unsuspecting guests into connecting to it and providing the black hat direct access to their devices.
If a guest or teleworker connects to an ill-secured or vulnerable Wi-Fi network, a threat actor could compromise their company-issued devices, gaining access to sensitive work data stored on the device or infiltrating the company’s network. This could allow the hacker to comb through the company’s systems in search of proprietary information, as well as implant malware such as keyloggers or ransomware that could then propagate to other devices connected to the network.
“Cybercriminals can use information gathered from access to company data to trick business executives into transferring company funds to the criminal,” added the FBI when highlighting the threat of Business Email Compromise (BEC) scams, also known as CEO fraud.
Related reading: 6 tips for safe and secure remote working
Remote workers who are considering making the leap to working from a hotel would do well to ponder additional risks beyond their control, such as the hotel’s approach to cybersecurity or how it handles its network infrastructure. The hotel-turned-office may be using outdated networking equipment that could be riddled with vulnerabilities or it may not update and patch its systems often enough, any of which could provide avenues for attacks.
However, if working from a hotel room remains an attractive option, there are steps that employees can take to protect their devices and mitigate the chances of falling prey to cybercriminals while working on a public hotel Wi-Fi.
- Using a Virtual Private Network (VPN) will help protect you from prying eyes by encrypting your internet traffic.
- Check to see if your work device as well as any device you will be connecting to the hotel’s Wi-Fi network have been updated to the newest versions of their operating systems and that all recent security patches have been applied.
- If possible, avoid accessing any accounts or files that carry sensitive data such as financial details.
- While logging into your accounts make sure that you’re using two-factor authentication, which will add an extra layer of security.
- Instead of connecting to the hotel’s network, you can use your smartphone to create a mobile hotspot.
written by Amer Owaida, ESET We Live Security