4 Best Practices to Protect Guest Data

Press enter to search
Close search
Open Menu

4 Best Practices to Protect Guest Data

12/22/2016
Whether traveling back home, to the mountains or down the street to grab that seasonal peppermint latte, there’s a good chance that many people will connect to an unfamiliar shared wireless network this holiday season. Connected devices have become so integrated into everyday life that it would be hard to come by a hospitality establishment or travel hub that doesn’t offer public Wi-Fi for its visitors. But there are serious security risks attached to the convenience of 24-7 wireless connectivity.
 
Many businesses do have security precautions in place to prevent their networks from becoming compromised. But most simply offer an open Wi-Fi network that does not require users to enter passwords. These are very dangerous, especially over the holidays with so many people relying on these open networks as they travel to visit family, shop for deals online, and stay in hotels.
 
So how can hotels and restaurants protect their guests? WatchGuard Technologies offers the ollowing Wi-Fi security risks and best practices.
 
Understand the three most common types of Wi-Fi attacks:
  • Possibly the most infamous wireless assault is the Man-in-the-Middle attack: a bad guy uses attack methods like IP spoofing and ARP poisoning to trick your client into sending all connections through him. Now, the attacker sits “in the middle” between your device and the rest of the internet. This allows the attacker to spy on your activity, steal data like passwords or credit card info, or even inject malware onto your device.
  • A different take on the Man-in-the-Middle attack is the Honeypot or “Evil Twin”: a bad guy sets up his own wireless network that pretends to be a legitimate connection and lures people to connect. Sometimes you can spot these traps by checking the name of the network, but smart hackers will name their fake hotspot something that appears valid like “Starbucks Guest Wi-Fi.”
  • Then, there’s the Karma attack: a phone or device with certain settings turned on will constantly send out probes in search of a known Wi-Fi connection to join. A bad guy can read these pings and pretend to be the network the device is looking for so the connection will happen automatically.
 
Abstaining from offering public Wi-Fi is the best prevention tactic, but this isn’t convenient or realistic for most holiday travelers. Fear not, there are ways to ward off these Grinchy Wi-Fi threats.
 
Use security best practices to safeguard your visitors’ information:
  • Periodically audit your wireless space to look for rogue access points that might be connected.
  • Use Wireless Intrusion Prevention System (WIPS) technologies to identify and disrupt any Evil Twin access points operating on your premises.
  • Use WPA-2 in Pre-Shared Key (PSK) mode and provide your patrons with the password. While adding a password reduces the usability of your public hotspot, it adds security by encrypting wireless traffic. This isn’t a perfect fix though, as anyone with access to the shared password could launch an attack to snoop on other users. Using WPA-2 PSK does increase the barrier of entry for attackers though, reducing attacks of opportunity against weak Wi-Fi networks.
  • Additionally, arm yourself with knowledge by staying up to date on the latest industry standards promoted by organizations like the Wi-Fi Alliance, a global network of companies that make and certify Wi-Fi solutions.