Keeping Your Hotel Guests Secure When Using Your Public Wi-Fi Network
The hospitality sector has emerged as a prime target for cybercriminals and it now ranks among the top five industries accounting for more than 60% of all cyberattacks on businesses. Two primary factors are believed to contribute to this.
Firstly, online payment processing in the hospitality industry makes it an attractive prospect for criminals seeking financial gain. This is often greater than in other industries. Secondly, the use of a higher number of network-connected devices by the industry creates greater opportunities for cyber attacks.
Hotels are particularly vulnerable due to the prevalence of online bookings and the high number of devices connected to their IT networks. Hotels commonly provide public Wi-Fi access to guests, which adds another layer of vulnerability, as they aren’t always aware of who is connecting to their network.
In this blog post, we aim to mitigate the risks created by a hotel’s public Wi-Fi network, by providing advice in the following areas.
Establishing a Secure Wi-Fi Network for Hotel Guests
Providing Secure Access to Your Hotel’s Wi-Fi Network
Educating Hotel Guests on Cyber Security Best Practices
Educating Hotel Staff on Cyber Security Best Practices
Public Wi-Fi Services for Hotels From Acronyms
Establishing a Secure Wi-Fi Network for Hotel Guests
Ensuring guest safety on a hotel’s Wi-Fi network is primarily dependent on creating a secure network for them to connect to. If the network is fundamentally insecure, then the rest of the advice in this blog post won’t matter. You can create the basis of a secure Wi-Fi network by doing the following:
Pre-warning this section is somewhat technical in nature. We’ve tried to make it easy to understand, but should you want any clarification or more information, simply reach out. As this part is fundamental to creating a secure connection for your hotel guests, we didn’t want to leave it out!
Using a secure network protocol, such as WPA2 or WPA3.
These protocols authenticate legitimate users and their devices and encrypt data. This not only makes it more difficult for hackers to intercept guests’ data, but should they do so, it makes it more difficult to understand that data.
In simple terms, encrypting data means converting readable information, into unreadable information when passing it from one place to another.
WPA3 is the most recent and sophisticated protocol and therefore what we’d recommend. However, WPA2 is commonly used as well. The access points (the physical hardware guests wireless connect to – often attached to walls or ceilings) your hotel uses will often dictate which protocol you use.
It is best to check with your IT manager or IT provider regarding the protocol in use at your hotel, and whether they have plans in place to move to WPA3, should you be using WPA2.
Implementing a firewall and ensuring it is well-managed.
A firewall is a common component of IT networks as it manages access to and from the network. It does this by setting a defined list of rules. It prevents unwanted traffic from entering the network and protects guests from external threats such as hackers and malware.
As a firewall is a common part of any IT network, and therefore it’s extremely likely that you already have one.
The key here isn’t to simply have one. You want to be sure that those responsible for your IT network are managing and maintaining your firewall regularly.
Cyber security threats evolve over time, whilst technology also changes, as well as the context in which your hotel operates. If your firewall doesn’t react to all this change, it might not be providing adequate protection to your network and therefore your guests.
Using an air-gapped network.
An air-gapped network is an effective way of securing the hotel and protecting guests from cybercrime.
It means having no connections between the public Wi-Fi network and the hotel’s business network. Essentially you create an air gap between the two!
This means that any malicious activity on the public network cannot compromise the business network, ensuring guests’ data safety. As hotels store sensitive data like personal information and payment methods, an air-gapped network provides an additional layer of protection.
Providing Secure Access to Your Hotel’s Wi-Fi Network
With a secure Wi-Fi network configured the next step is to provide your hotel’s guests with access to the internet in a manner that not only keeps them safe but is user-friendly as well. There has to be a healthy balance between security and usability, especially in an industry heavily reliant upon customer experience.
The following recommendations are suggested to securely connect guests to the internet:
Use a captive portal.
A captive portal is a means of logging into a Wi-Fi network with a username and/or password and is highly recommended over a completely open Wi-Fi network.
Whilst it might be tempting to have a completely open Wi-Fi network as it makes it easy for your guests to connect to the internet, we would always strongly recommend against it. Despite making things easier for your guests, it surrenders all control you have over the network, making it inherently risky from a cybersecurity perspective.
A good captive portal should be easy for guests to use, while still ensuring they are legitimate guests of the hotel. It is important to be selective in granting access to the captive portal, limiting it to customers only.
You will want to regularly change passwords, making sure they are complex, random passwords that are not easily guessable. Room numbers or references to the hotel or city in which it’s located can be easily guessed and make it easy for malicious third parties to gain unauthorized access.
As an additional benefit captive portals can also be used to gather valuable marketing and sales data, and enhance the customer experience. For example, it might highlight the opening hours of your swimming pool, and the specials on offer at your restaurant or provide additional information guests might find useful such as local attractions or places to visit on their trip.
Enforce multi-factor authentication.
Multi-factor authentication is a means requiring multiple means of access such as a password and a text code. You will likely have experienced this with online banking where it is commonly used to approve transactions. In these instances, you may be sent a text or a push notification to confirm you authorise something to happen.
Multi-factor authentication is an additional layer of security for your Wi-Fi network. This approach limits access and provides more control over who can connect to the network and helps detect unauthorized access.
We would recommend that you provide guests with the captive portal password and then send a second means of access to their email or mobile phone.
Whilst in its infancy multi-factor authentication could be a little clunky and hard to use, with advances in technology it can now be configured in various ways to ensure it does not negatively impact the guest experience.
Offer wired internet connections.
While Wi-Fi connections are convenient, they are inherently less secure than wired connections, as they can be intercepted. This is commonly known as a man-in-the-middle attack.
Hotels should therefore consider offering wired connections to guests, especially in rooms or locations where Wi-Fi may not be appropriate. Wired connections also offer better performance, which may be preferred by business guests.
Educating guests on the benefits of wired connections and providing them with a choice between wired and wireless access can also enhance their experience.
Educating Hotel Guests on Cyber Security Best Practices
A recent study has revealed that cyber security is a significant concern among hotel guests, with 70% of respondents feeling that hotels do not provide adequate protection against cyber threats.
It is likely that a guest’s perception of security will impact their decision to stay at a hotel, return for future bookings, or recommend the hotel to others, especially if they are a business customer that may be reliant upon your internet connection. Therefore, a delicate balance between maintaining a secure environment and providing an exceptional customer experience is crucial.
To address this issue, we recommend a simple process to inform guests about your hotel’s cyber security practices. The best time to provide this information is before your guests arrive, preferably shortly before they arrive for their stay. This email should include relevant information about connecting to the hotel’s internet service and the measures in place to ensure their safety.
When guests arrive, the front desk staff should remind them of the email they received and provide them with an access password and two-factor authentication instructions. It is important to keep the explanation simple and focused on how the hotel is ensuring guests’ online safety. After all your guests are there primarily to relax and enjoy themselves and don’t want a lecture on internet security!
The front desk staff should also inform guests that more information is available in their rooms and recommend that they read it, should they connect to the hotel’s Wi-Fi.
The in-room information should provide more detailed instructions on how to connect to the hotel’s Wi-Fi network and the measures in place to ensure guests’ security. This information should be presented in a factual and helpful manner, without causing undue alarm. Guests should also be directed to hotel staff for further assistance with connecting to the network, should they have any problems.
By following this process, hotels can demonstrate their commitment to guest safety and cyber security without compromising the guest experience. A proactive and transparent approach to cyber security can help hotels build trust with their guests and ensure a safe and enjoyable stay.
Educating Hotel Staff on Cyber Security Best Practices
Educating hotel staff on cyber security best practices is a critical step in ensuring guest safety on hotel Wi-Fi networks while enhancing their overall experience.
It is imperative that staff who interact with guests are knowledgeable about network connectivity, basic troubleshooting, and potential security risks. By doing so, hotels not only demonstrate their commitment to guest safety and data security but also to customer experience.
If a guest has a problem with their connection, they will want assistance getting online. They don’t want to hear that your staff have no means of helping them.
We’d recommend incorporating cybersecurity education into employee training and new starter inductions. However, it is essential to tailor the training to the specific network and setup of the hotel. This will make it both more effective and interesting for those learning from it.
The training should include information on common hotel-related cyber security risks, how to spot them, and what to do should they be identified. Additionally, staff should be well-versed in how guests are likely to use the Wi-Fi network and basic tasks such as safely changing passwords, or providing guests with basic troubleshooting.
It is important to recognise that staff members are potential access points to the network. Therefore, providing them with the necessary knowledge and tools is critical to mitigating the risk of unauthorised access to sensitive data.
To help with successful cyber security training, hotels can do the following:
- Clearly communicate the importance of cyber security and its role in protecting guests’ data and providing a positive customer experience
- Provide training that is easy to understand and follow, using clear step-by-step processes, and avoiding technical jargon where possible.
- Use relatable examples and anecdotes to make complex concepts easier to understand.
- Regularly update staff with current information and cyber threat awareness.
- Offer a point of escalation for additional technical support to ensure that staff can provide optimal assistance to guests while maintaining network security
Public Wi-Fi Services for Hotels From Acronyms
At Acronyms we can manage your public Wi-Fi and internet connection, so you can concentrate on providing your guests with an excellent experience.
With this in mind, we’ve helped many hotels get the most from the Wi-Fi connections, as well as the IT and technology within their organisation.
To find out how we can assist your hotel you can book a free, no-obligation consultation with one of the team here.
Alternatively, here are a number of resources you might find useful:
Our Internet Connectivity Services
Acronyms’ Work in the Hospitality Industry