I’m writing this post from a hotel, which is not unusual since I’m a travel editor. I’m on an open signal that anyone in the 400+ rooms here can access without a log-in, as can any random person here for a conference, a meal, or a drink. If I opened up my travel itinerary here or tended to personal data chores like banking or investments on that open signal, I’d be asking for trouble. There are a lot of cyber threats in hotels.
Your data and transmissions are a little more secure now than they were in the early days of the internet thanks to https secure connections and other encryption developments, but it’s still a wild atmosphere out there. Hackers are constantly trying to separate you from your log-in info so they can separate you from your money. It seems like half the spam messages that sneak through these days are spoofing e-mails that have that objective.
Traveling to luxury hotels offers comfort, but don’t let your guard down and be lapsed into a false sense of security. Travelers handle booking confirmations, payment details, and personal information while using hotel networks. Without precautions, cybercriminals can access sensitive data, leading to privacy breaches or financial fraud.
Many high-end resorts have invested in extra layers of security and some have individual routers in rooms or villas. Still, taking a few simple steps helps keep your information secure while staying in hotels.
Cyber threats are common in places where guests frequently connect to the internet. Unsecured public Wi-Fi, which I mentioned I’m on right now as I write this, is convenient but not vey secure. Without encryption, hackers can intercept data as it is transmitted, gaining access to emails, logins, and personal files.
So the most obvious step is to make sure you’re protected from hackers with a program that guards you against viruses and malware. The main ones for Windows have been around forever, like Norton, McAfee, AVG, and the like. If you’re in the Apple ecosystem, you might want to install one that’s built for your laptop, like Moonlock for MacOS.
Here are a few risk areas that you might not have thought about, but we can promise you that criminals have.
Fake Hotel E-mails and Confirmations
Cybercriminals sometimes send emails pretending to be from hotels, asking guests to confirm reservations or enter payment details. These fraudulent messages often contain links that steal personal data. Phishing scams often mimic real emails, complete with the right logos and address information, making it difficult to tell the difference.
Pay close attention to where an e-mail is really coming from (look at the whole URL) and remember that real hotel companies will ask you to log into their website first before entering any personal data. They will also never ask for it on the phone unless you contacted them first. Always go to the website you booked through if there’s a problem.
Hotel Business Centers and Public Computers
Some travelers use hotel computers to print tickets or check itineraries. These shared devices may have malware installed, allowing keyloggers to track every typed word, including passwords and credit card numbers. Only use them when absolutely necessary and for limited non-financial functions.
You can add a layer of protection by using a password manager such as LastPass or OnePassword, but you still have to enter in your master password to access any site requiring a log-in. Have two-factor authentication turned on for important accounts so even someone getting log-in info can’t actually log in and when you’re finished, delete all the browsing history for any public computer you have used.
Smart Room Technology and Digital Room Keys
Many international hotel chains now use digital keycards and smart room controls. If these systems are not properly secured, hackers can exploit vulnerabilities to gain unauthorized access to personal accounts.
Opening up your phone data to a hacker just to save a few minutes at check-in is probably not worth it unless there’s a really long line at the front desk.
Public Wi-Fi is Vulnerable
In general, the cellular network your phone is using is more secure than Wi-Fi. If you are using hotel Wi-Fi to get some work done or answer e-mails, limit what you’re doing on there and try to avoid logging into banking accounts or handling personal data. Talented hackers can use open networks to intercept information.
Some travelers prefer to try using a VPN for accessing personal or financial accounts to add an extra layer of security. These programs are a very inexpensive insurance policy and your browsing is not tied to your location. There are lots of options out there like ExpressVPN, NordVPN, Surfshark, and Proton,
Keep Bluetooth and AirDrop Turned Off When Not in Use
Leaving Bluetooth and AirDrop settings open can expose devices to unwanted connections and present other cyber threats in hotels, airports and other public spaces. Hackers can use this method to send malicious files or gain access to personal data. Only turn these on when you’re sharing files or using Bluetooth to listen/watch.
The security experts who advise politicians and celebrities also say you should disable location tracking on your phone when you’re not directly using it (like for a map program) and regularly delete your browsing history. While Duck Duck Go and Firefox will allow you to delete your history each time you close your browser, Google’s whole business is built on tracking you, so they force you to delete your history manually for both searches and Chrome. Also, don’t forget to log out of Facebook when you’re finished with it because that company listens to your conversations as well to serve you targeted ads.
Don’t Forget About Physical Security
Travel theft is probably as old as travel itself and thieves don’t need the internet to separate you from your belongings. Keeping documents and payment cards in backed up in the cloud and on your phone helps reduce the risk of losing them and helps you get replacements faster. Many travelers use a high-quality travel wallet to store credit cards, ID, and hotel keycards securely, in conjunction with a clothing pocket that will zip or button closed.
Most quality passport holders have RFID signal blocking built in as well, so use one of those for storing your passport and any physical boarding passes while on the move abroad. Ideally you want to split up your cash and credit cards though for a “what if?” level of security. Keep some on you, then keep backups locked away in the room.
Sure, have a great time when kicking back at luxury beach resorts or high-end city hotels, but relaxing on vacation shouldn’t mean getting lax about security and cyber threats. Don’t let anyone else get to what’s yours in the real world or the electronic one.
