Hotel WiFi Security Risks: Are You Giving Your Guests The Keys To Your Network?
Updated on 24/05/24
Guest Wi-Fi is no longer nice-to-have, but as essential to guest experience as clean sheets and a bathroom. In providing this service, however, many hotels are exposing themselves to cyber attacks. In a recent engagement, Net Consulting’s team discovered a misconfiguration in a client’s guest Wi-Fi network that enabled us to access their main network and, consequently, control their access doors. With the hotel industry in the spotlight more than ever before, now’s the time to tackle hotel WiFi security risks to ensure you’re secure.
Personalised Guest Experiences: The New Standard
Data collection is of paramount importance in the hotel industry. The race is on to provide a fully personalised experience that keeps customers coming back, time and time again. More than name, credit card information and address, hotels now want to know which coffee shops their guests buy from, where they like to visit when they’re in town and what music they listen to.
Understanding a customer fully is only possible through analysing vast quantities of data, which is becoming easier to collect due to digital transformation and the emergence of hospitality-specific tech. Apps and chatbots gather data seamlessly through customer’s devices, quickly building a digital profile that can be used to deliver an improved experience.
Research from IHG Hotels & Resorts found that 78% of travellers were more likely to book with properties that offered personalized experiences, while 50% were willing to share personal data required to create an individualized stay.
Guests are driving this change, flocking towards online services that offer personalised recommendations and reviews, such as AirBnB and Booking.com. Hotels face no choice other than to modernise, exploiting new technology to ensure that their guests get the service they’re accustomed to elsewhere.
Old Dog, New Tricks
Digitalisation is certain, but the transition poses a unique set of problems. Digital keys, smart room sensors and guest Wi-Fi are all access points through which a cyber-breach could be launched. As the industry transitions towards full digitalisation, more and more of these access points are being added to legacy systems and being managed by under-trained staff that become weak points.
Each of these points of vulnerability could provide access to a global network holding rich information on vast numbers of hotel guests. With the rewards of exploitation so high, it’s no surprise that the news has been filled with recent headlines of hotel chains being breached. The Marriott International attack made headlines most recently, with financial costs estimated to be an eye-watering half a billion US dollars, before considering the damage to reputation which may never be recovered.
Wi-Fi-ght It?
Though it may be large hotel chains making the news, the risks of digitalisation are shared across the industry. Smaller and independent hotels might not yet have embraced smartphone-enabled room access or invested in bespoke apps, but the demand for access to the Internet is universal. Wi-Fi access, which underpins and enables digitalisation, is now a basic requirement, despite hotel Wifi network security risks.
During a recent Net Consulting engagement, we were able to gain control of a client’s electronically controlled access doors through a misconfigured guest Wi-Fi.
If misconfigured or outdated, guest Wi-Fi networks can leave the door open to attackers and the consequences can be severe. During a recent Net Consulting engagement, we were able to gain control of a client’s electronically controlled access doors through a misconfigured guest Wi-Fi. We were able to contain and repair the incident before any damage could be done, but the consequences of a malicious attacker gaining similar access could have been severe.
Digitalisation teething problems are affecting businesses in every field worldwide, and increased publicity only makes further attacks more likely. Hotel owners are already in the spotlight, so the time to act is now. Accept that a breach is likely and take the necessary precautions. Get a pen test. Update your infrastructure. Train your staff.
At Net Consulting, we can advise you on how to keep your digital assets safe, giving you peace of mind in our increasingly connected world. If you need an independent opinion, give us a call on +44(0)2920972020, or send us a message through our contact form.
Sign up for ‘NCL Insights’
Your trusted source for innovation, technology insights, and market trend analysis.