Threats to Public Wi-Fi
Owning and operating a public Wi-Fi service can be a liability. Two common worst-case scenarios are:
- While using your public Wi-Fi, your customer is compromised either by a hacker on that network or they get hacked remotely by clicking a malicious link. ultimately, a compromised customer is a lost customer.
- There’s strong evidence that the most sophisticated state-sponsored attackers and elite cybercriminals operate from various public Wi-Fi networks.
A protective DNS solution can be affordable and effective option for this scenario.
There are weaknesses in guest Wi-Fi networks that pose cybersecurity risk. Some of the most common and significant threats include:
- Advanced Persistent Threats (APTs): Criminals breach a network without detection and pull data out over time.
- Man-in-the-Middle (MitM) attacks: Attackers eavesdrop on digital communications and manipulate the data being sent or simply listen in.
- Malware: An increasing variety of malicious software aims to infiltrate or harm a network.
- Ransomware: This form of malware encrypts files and demands a ransom to decrypt them.
Keeping Wi-Fi More Secure
Resorts and hotels must make their guest Wi-Fi as safe as they can afford to, including implementing a system so that if a problem does occur, network administrators can detect and respond to it quickly. It includes prioritizing the encryption of all data and include secure web filtering to block access to malicious sites.
The following measures are recommended for creating a more secure public Wi-Fi network:
Proper set-up of the layer 2 network: The data link layer (layer 2) is where Wi-Fi and Ethernet live. Network admins must set up a separate network for public users to block them from getting access to the internal network.
Acceptable Use Policy (AUP): Make sure users agree to certain terms and conditions before they can access the network. Doing so reduces liability and clearly explains acceptable network usage.
Modern authentication: Enterprise-grade solutions like 802.1X or techniques like WPA3 (Wi-Fi Protected Access 3) offer strong security for users as they connect to the network. These help block unauthorized access. Network admins can also use Multi-Factor Authentication (MFA) for added security.
Logging and monitoring: Keep logs of network activity for both security and legal compliance. They record which users accessed the network, what resources they used and any questionable behavior. They are essential for law enforcement investigations after a cyber-attack or other illegal activity, and they help find and mitigate security threats as they happen.
All these measures undergird protective DNS filtering, which works by blocking access to malicious domains. By filtering out these threats at the DNS level, hotels can significantly reduce the risk of cyber-attacks and protect their users.
Another recommendation is to let guests use Virtual Private Networks (VPNs), which create encrypted tunnels for the private, safe passage of data between the user and the network.
Making Wi-Fi Secure
The hospitality industry has a mandate to provide guest Wi-Fi, but it also must abide by the mandate to secure it. The data shows that not providing high-performing Wi-Fi is a business killer – but so is not securing it properly. Know the threats to your network and compare your current cybersecurity strategy to the recommendations discussed above. Make whatever changes are necessary to keep your business and your guests secure.
About the Author
Carl Levine is the Sr. Product Manager at DNSFilter, with over 20 years of tech industry experience. Levine has held numerous roles in functions spanning support, product management, product and brand marketing, network operations, sales enablement and sales engineering throughout his interesting career.
