Return to the list of client alerts
As many Americans continue to work from home (WFH) for month after month, some of them are looking for other work options – one which is quieter and has less distractions.
From that is born WFH – Work From Hotel.
Hotels have mostly empty rooms as business travel as basically gone to zero and vacation travel is greatly reduced. Airline traffic has been reduced by 75%, which doesn’t help hotels either. So, getting creative, they have started offering rent by the hour rooms.
The only problem is that if we think that WFH #1 (your home or apartment) has both uncontrolled and less secure Internet than your office, WFH #2 (a hotel room) borders the same level of security you would get if you posted your password on the restroom wall.
This is not me saying this, this is the FBI saying this. They said:
“While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks,” the agency warned in an alert. It said hackers can exploit lax hotel Wi-Fi security to steal work and personal data.
https://www.zdnet.com/article/this-fbi-wi-fi-warning-could-spoil-your-working-from-home-escape-plan/
While you have a fair degree of control over your home WiFi, including who you allow to access it and what level of encryption you enable, as a guest of a hotel, you have no control over any of the security parameters.
MOST OF THE TIME, THE HOTEL DOESN’T HAVE ANY CONTROL OVER WIFI SECURITY – THEY OUTSOURCE THE WHOLE THING TO A THIRD PARTY!
At home, you may choose to use wired Internet. At most hotels, that is not even an option.
The consequences, the FBI says, are bad:
“Once the malicious actor gains access to the business network, they can steal proprietary data and upload malware, including ransomware,” the FBI said.
https://www.zdnet.com/article/this-fbi-wi-fi-warning-could-spoil-your-working-from-home-escape-plan/
The FBI did have some suggestions to reduce the risk of WFH #2, including:
As is always the case, this is a matter of :
(a) How much risk the company is willing to accept
(b) Company policy
(c) Messaging and training
But it starts with (a). Understand the risk and decide the level of risk that you are willing to accept. Then design policies and procedures that reduces the risk to a level you are willing to accept. Credit: ZDNet