Privacy

Is hotel Wi-Fi safe? Staying secure on public Wi-Fi

There was a time when traveling safely meant securing your passport, keeping your wallet out of the hands of thieves, and making sure you didn’t lose your credit cards. That’s all still important. But traveling safely today also means protecting yourself when using public Wi-Fi.

Think of your mobile device as your online passport. You’d never leave your passport laying around your hotel room, giving others access to your personal information. But by using unsecured public Wi-Fi while you travel, you could be exposing data that could make your online accounts vulnerable and put you at risk for identity theft. Is hotel Wi-Fi safe? That’s a legitimate question to ask.

Here are three top spots you’re likely to spend some of your travel time, and how-to tips for using public Wi-Fi safely at each one. These include the Wi-Fi network at your airport, cafe Wi-Fi networks, and hotel Wi-Fi networks.

Whiling away time on airport Wi-Fi

If you’re flying to your destination, you may plan on catching up on emails or posting your status on social media. Some airports offer free, time-limited Wi-Fi, but whether it’s secure is always an unknown.

When a Wi-Fi hotspot is unsecured, that means data you transmit or receive is unprotected. Anybody on the same network could spy on your information if they have the know-how

If you do decide to use free public Wi-Fi, be careful about the types of sites you visit. It’s safest not to log in to any sites that require a password, because hackers could be using software kits to capture yours.

Avoid websites that hold any of your sensitive information, like banking or financial institutions, or transactional sites — such as online retailers —on which you store credit card information.

Connecting to Wi-Fi at cafes and coffee shops

Besides offering us a caffeine boost, cafes are also good spots for us to charge our devices and catch up with our social networks while traveling. Many cafes offer free Wi-Fi network access when we purchase a cup of java. Unfortunately, even supposedly secured, password-protected networks aren’t necessarily safe for use.

Coffee shops could be havens for cyberthieves or others who want to eavesdrop on your online activities because people often connect to free Wi-Fi without thinking of the risks. Using specialized tools or fake hotspots, hackers could launch Man-in-the-Middle attacks to get in between point A (your device) and point B (a website) to intercept your valuable personal information.

Without a trusted VPN — short for virtual private network — to encrypt your connection, any information you send or receive on public Wi-Fi could be vulnerable. That might include your social media logins, bank account credentials, and credit card numbers.

Logging on to hotel Wi-Fi

You’ve made it to your destination and are ready to unwind. But don’t get too relaxed about using your hotel’s Wi-Fi network. As with airport Wi-Fi, hotel Wi-Fi hotspots are not always secure — even with a password.

After all, hotels specialize in hospitality, not information security. There’s no guarantee that the person who set up the hotel’s Wi-Fi network turned on all the security features. And when patches for vulnerabilities are released for popular hotel routers, it may take a while for those patches to be implemented.

When checking in, be sure to get the official name of the hotel’s Wi-Fi. Even then, you should still be cautious about using the hotel Wi-Fi, unless you have a VPN to help protect your search history and personal information. Browsing online for restaurants or local tourist attractions should be low-risk activities without a VPN, but avoid logging in to any sensitive online accounts.

Potential consequences of using unsecured hotel Wi-Fi

Sure, public Wi-Fi is convenient. But here are some examples of how your personal information can become compromised over public Wi-Fi.

Stolen credit card numbers

It can be easy for hackers to steal your credit card information when you’re using public Wi-Fi. Cybercriminals might set up a Man in the Middle attack. In this type of attack, thieves intercept the data flowing from your laptop or smartphone before it gets to a bank, store, or other destination.

To do this, hackers find an unsecured or poorly secured Wi-Fi router. Often, this poorly secured router is in your hotel’s lobby or in that coffee shop you like. When you enter your credit card information to make a purchase online? The hacker can intercept your information.

Other cyberthieves might try the Evil Twin attack. In this attack, hackers create their own Wi-Fi signal that looks like the one provided by a hotel, coffee shop or restaurant. When you log onto this unauthorized Wi-Fi, the cyberthief can monitor everything you do online.

That includes anything you do with your credit card numbers.

This is why security experts recommend that you never use your credit cards on public Wi-Fi.

Stolen bank account information

It’s just as easy for cybercriminals to steal your bank account information when you’re relying on public Wi-Fi. They can use the same type of attacks — Man in the Middle and Evil Twin — to monitor you as you log into your online bank account or enter your payment card information while online shopping. Again, never use public Wi-Fi to shop online or to check your bank account balances.

Eavesdropping on your online activities

You might think the web pages you view, email messages you send, and videos you watch while using public Wi-Fi are private. But they’re not.

With some basic technology, hackers can intercept just about anything you do online after connecting to the public Wi-Fi offered by hotels, restaurants, retailers, and libraries. The message, again, is clear: Don’t visit any sensitive sites, send important emails, or watch any embarrassing videos while using public Wi-Fi. You never know who’s watching where you surf.

Stealing your usernames and passwords

Anytime you enter your usernames and passwords to log onto sites while surfing public Wi-Fi, you risk exposing these log-in credentials to strangers.

Type your username or password to log into your bank account? Hackers can snatch those credentials and log onto your account whenever they want. The same thing can happen if you sign into online portals offered by your credit card provider, doctors, or retirement accounts.

Again, never access financial or personal sites while using public Wi-Fi. To be safe, never visit any site that requires you to log in while you are surfing at a library, restaurant, or hotel.

Infecting your computer with malware

Skilled hackers don’t have to rely on intercepting data or stealing your passwords. They can also send malware to your laptop, smartphone or other connected devices when you are using public Wi-Fi if you’ve enabled file-sharing over the Wi-Fi network.

Others can trick you into downloading malware accidentally when you log onto public Wi-Fi. And, yes, this does mean that you are at risk when using public Wi-Fi, even if you don’t visit any banking or credit card sites or log into sites requiring passwords or usernames.

5 tips to help reduce your risks while using public Wi-Fi

Your travel itinerary shouldn’t include having your personal information stolen on public Wi-Fi, which could make you vulnerable to identity theft.

For instance, with Norton Secure VPN — a multi-device VPN service that helps make your public Wi-Fi connections private and secure by encrypting your information — you won’t have to worry about your private information being spied on.

If you don’t have access to a VPN, but still need to use public Wi-Fi during your travels, remember these tips to help protect your data and devices as much as possible.

1. Check your settings

Start by selecting the most secure settings on your PCs, Macs, smartphones and tablets. Turn off any features that will automatically connect your device to any available Wi-Fi network. While you’re at it, turn off your Bluetooth unless you need to use it.

2. Swap passwords

Change your passwords before you travel. If you think you’ll need to log in to accounts with sensitive information — like social media, banking, or email accounts — switch to new, complex passwords before you leave, and then change them again when you get home.

3. Hop on updates

Be sure to update your software and apps. We’ve all been guilty of ignoring updates. However, most software updates are released because they offer fixes for newly discovered vulnerabilities. You could also add security software to your devices, such as Norton Mobile Security, which warns you of suspicious Android apps before you download them. Norton Mobile Security for iOS is also available.

4. Avoid sensitive sites

Avoid logging in to any online accounts that store any of your sensitive information. That list could be long if you think about it: retail websites, health provider sites, banks or other financial institutions, email accounts, and social media profiles.

5. Check your URLs

If you do surf online, make sure the URL of the website you’re visiting starts with “HTTPS” because the “S” stands for secure, and data is encrypted.

Help take back control of your online privacy.

With the Norton Privacy Manager app, it’s easy to be smart and secure about what information you share online.


Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.