720-891-1663

Return to the list of client alerts

FBI Warns About WFH – Work From Hotel

As many Americans continue to work from home (WFH) for month after month, some of them are looking for other work options – one which is quieter and has less distractions.

From that is born WFH – Work From Hotel.

Hotels have mostly empty rooms as business travel as basically gone to zero and vacation travel is greatly reduced. Airline traffic has been reduced by 75%, which doesn’t help hotels either. So, getting creative, they have started offering rent by the hour rooms.

The only problem is that if we think that WFH #1 (your home or apartment) has both uncontrolled and less secure Internet than your office, WFH #2 (a hotel room) borders the same level of security you would get if you posted your password on the restroom wall.

This is not me saying this, this is the FBI saying this. They said:

“While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks,” the agency warned in an alert. It said hackers can exploit lax hotel Wi-Fi security to steal work and personal data.

https://www.zdnet.com/article/this-fbi-wi-fi-warning-could-spoil-your-working-from-home-escape-plan/

While you have a fair degree of control over your home WiFi, including who you allow to access it and what level of encryption you enable, as a guest of a hotel, you have no control over any of the security parameters.

MOST OF THE TIME, THE HOTEL DOESN’T HAVE ANY CONTROL OVER WIFI SECURITY – THEY OUTSOURCE THE WHOLE THING TO A THIRD PARTY!

At home, you may choose to use wired Internet. At most hotels, that is not even an option.

The consequences, the FBI says, are bad:

“Once the malicious actor gains access to the business network, they can steal proprietary data and upload malware, including ransomware,” the FBI said.

https://www.zdnet.com/article/this-fbi-wi-fi-warning-could-spoil-your-working-from-home-escape-plan/

The FBI did have some suggestions to reduce the risk of WFH #2, including:

  • If possible, use a reputable Virtual Private Network (VPN).
  • If available, use your phone’s wireless hotspot instead of hotel Wi-Fi.
  • Ensure your laptop’s software is up-to-date and important data is backed up
  • Confirm with the hotel the name of their Wi-Fi network prior to connecting.
  • Do not connect to networks other than the hotel’s official Wi-Fi network.
  • Connect using the public Wi-Fi setting, and do not enable auto-reconnect while on a hotel network.
  • Always confirm an HTTPS connection when browsing the internet; this is identified by the lock icon near the address bar.
  • Avoid accessing sensitive websites, such as banking sites, or supplying personal data, such as social security numbers.
  • Make sure any device that connects to hotel Wi-Fi is not discoverable and has Bluetooth disabled when not in use.
  • If you must log into sensitive accounts, use multi-factor authentication.
  • Enable login notifications to receive alerts on suspicious account activity.

As is always the case, this is a matter of :

(a) How much risk the company is willing to accept

(b) Company policy

(c) Messaging and training

But it starts with (a). Understand the risk and decide the level of risk that you are willing to accept. Then design policies and procedures that reduces the risk to a level you are willing to accept. Credit: ZDNet