From Amenity to Vulnerability: Tackling Wi-Fi Risks in Hospitality
Today, public Wi-Fi is table stakes for the hospitality industry. Guests expect to have quality, free Wi-Fi at any hotel they go to. In fact, a recent study from Hospitality Technology magazine found that Wi-Fi is the number one amenity; respondents said they would not return to a location that offered a poor Wi-Fi experience.
That means a great Wi-Fi experience can become a differentiator, especially to business customers who rely on Wi-Fi to get their work done while on the road. Some hotels are going so far as to install tablets in each room to detect the health of the room’s Wi-Fi signal. And at least one major hotel chain has introduced secure Wi-Fi auto-connect (after a one-time set-up process).
However, though Wi-Fi is a modern hospitality requirement, it also creates security risks. If a public Wi-Fi network is unsecured or poorly secured, staff and guests are vulnerable to financial fraud, identity theft, data breaches and other cyber risks. It’s critical for hotels and resorts to get Wi-Fi security right so that guests keep coming back – and so that these facilities don’t suffer from damaging breaches.
DNS and Security Risk
If you are connecting to the internet on a wired or Wi-Fi network, the one common service is the Domain Name System or DNS. DNS is basically the directory of the internet. Every time you access a website, you send what’s known as a DNS query. However, with every site accessed, with every link in an email, with every click, there is the possibility of accessing a material threat.
Some of those queries are malicious; bad queries typically redirect traffic from the website you want to a malicious one with a similar name. Cybercriminals use this method for activity like phishing and ransomware. On average, someone using the internet will typically access 5,000 DNS queries each day, and on average, five of them could be malicious. That comes out to just over 1,800 incidents each year.
Hotels and resorts are expected to supply public Wi-Fi, but it presents significant security risks. A survey by OnePoll revealed that hotels’ public Wi-Fi accounted for 20% of all personal data compromise.
Threats to Public Wi-Fi
Owning and operating a public Wi-Fi service can be a liability. Two common worst-case scenarios are:
- While using your public Wi-Fi, your customer is compromised either by a hacker on that network or they get hacked remotely by clicking a malicious link. ultimately, a compromised customer is a lost customer.
- There’s strong evidence that the most sophisticated state-sponsored attackers and elite cybercriminals operate from various public Wi-Fi networks.
A protective DNS solution can be affordable and effective option for this scenario.
There are weaknesses in guest Wi-Fi networks that pose cybersecurity risk. Some of the most common and significant threats include:
- Advanced Persistent Threats (APTs): Criminals breach a network without detection and pull data out over time.
- Man-in-the-Middle (MitM) attacks: Attackers eavesdrop on digital communications and manipulate the data being sent or simply listen in.
- Malware: An increasing variety of malicious software aims to infiltrate or harm a network.
- Ransomware: This form of malware encrypts files and demands a ransom to decrypt them.
Keeping Wi-Fi More Secure
Resorts and hotels must make their guest Wi-Fi as safe as they can afford to, including implementing a system so that if a problem does occur, network administrators can detect and respond to it quickly. It includes prioritizing the encryption of all data and include secure web filtering to block access to malicious sites.
The following measures are recommended for creating a more secure public Wi-Fi network:
Proper set-up of the layer 2 network: The data link layer (layer 2) is where Wi-Fi and Ethernet live. Network admins must set up a separate network for public users to block them from getting access to the internal network.
Acceptable Use Policy (AUP): Make sure users agree to certain terms and conditions before they can access the network. Doing so reduces liability and clearly explains acceptable network usage.
Modern authentication: Enterprise-grade solutions like 802.1X or techniques like WPA3 (Wi-Fi Protected Access 3) offer strong security for users as they connect to the network. These help block unauthorized access. Network admins can also use Multi-Factor Authentication (MFA) for added security.
Logging and monitoring: Keep logs of network activity for both security and legal compliance. They record which users accessed the network, what resources they used and any questionable behavior. They are essential for law enforcement investigations after a cyber-attack or other illegal activity, and they help find and mitigate security threats as they happen.
All these measures undergird protective DNS filtering, which works by blocking access to malicious domains. By filtering out these threats at the DNS level, hotels can significantly reduce the risk of cyber-attacks and protect their users.
Another recommendation is to let guests use Virtual Private Networks (VPNs), which create encrypted tunnels for the private, safe passage of data between the user and the network.
Making Wi-Fi Secure
The hospitality industry has a mandate to provide guest Wi-Fi, but it also must abide by the mandate to secure it. The data shows that not providing high-performing Wi-Fi is a business killer – but so is not securing it properly. Know the threats to your network and compare your current cybersecurity strategy to the recommendations discussed above. Make whatever changes are necessary to keep your business and your guests secure.
About the Author
Carl Levine is the Sr. Product Manager at DNSFilter, with over 20 years of tech industry experience. Levine has held numerous roles in functions spanning support, product management, product and brand marketing, network operations, sales enablement and sales engineering throughout his interesting career.