Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/28/2016
01:20 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

How To Stay Secure At The Hotel On A Business Trip

As POS malware attacks on hotels increase and threat actors target executives, traveling for business puts company data at risk.

In 2014, cybercriminals in the DarkHotel campaign targeted business executives staying at hotels in Asia. The attackers used spearphishing as well as kernel-mode keystroke logger attacks and cracked weak digital-signing keys to steal data from the victims’ devices.

Then in 2015, the hospitality industry suffered a string of point of sale (POS) malware attacks that included the Hilton Hotel properties, Trump Hotel Collection, Starwood, Hyatt Hotels, and Mandarin Oriental Hotel Group.

When employees travel for business, corporate data is at risk as hotels increasingly become targets of and venues for cyberattacks. Here are seven ways to stay secure at the hotel on a business trip.

1.     Avoid using public-use terminals.

Many hotels provide computers and printers, or a public-use terminal, for guests to print plane tickets and check email. When you’re on your way in or out of the hotel and in a rush, it’s tempting to use these spaces in a pinch, but doing so could put your organization's data at risk. “Those things are not maintained as well as an organization that would maintain their systems,” says Andrew Hay, CISO for DataGravity and speaker at next week's 2016 Interop Las Vegas.

2.     Use a VPN client when connecting to WiFi.

When traveling for business, it’s a given that you’ll need to access the WiFi. That being said, whenever you do connect, it’s important to use a virtual private network (VPN) when accessing your information. You don’t know if the hotel is using an up-to-date firewall or if they’re separating the traffic between you and your neighbors, says Hay. “There’s really nothing stopping someone from sniffing the traffic.”

3.     Keep your devices in hand while at breakfast.

The hotel continental breakfast buffet is almost a ritualistic part of traveling on the company dime. Hay, who travels a lot for business, says he’s always surprised by the number of people he sees leave their laptops and devices open as they quickly grab food.

“Physical access trumps all security,” says Christopher Budd, global threat communications manager for Trend Micro. POS malware and sketchy WiFi networks may be making headlines, but it’s always important to keep the hardware out of reach.

“It’s so easy for someone just to walk by, pick up a laptop, and keep walking,” says Hay, adding that someone could also quickly install malware on a thumb drive in the time it takes you to come back from the buffet.

4.     Get loaner devices from IT.

An easy way to protect your company data and stress less about all of the files that could be lost if your device is stolen is to ask your IT department for a loaner computer and phone to use while traveling. It can be inconvenient to have all your devices on your person all of the time, especially if you’re having dinner with clients or attending a formal event. It’s handy to just leave your loaner (and secured) hardware in the hotel room and rest assured that nothing of major significance will be lost if the device is stolen or compromised while you’re away.

Device and hardware theft can happen on the way to the hotel, too. “I have heard horror stories of intelligence agencies using Customs to swap out hardware, USB drives, or laptops while special screenings were being conducted,” Hay says. Having loaner equipment can help eliminate the stress of information and hardware theft while making your way through the airport.

5.     Don’t swipe your card at sketchy ATMs, gift shops, or hotel restaurants.

Many of the 2015 hotel malware attacks targeted gift shop and restaurant POS systems. “We’re seeing attacks there because they’re older systems, on the periphery of a network security,” Trend Micro's Budd says.

Instead of having your card swiped at these systems, both Budd and Hay recommend asking to have your bill charged to the card on file or your room. “Every time your credit card gets swiped, it broadens the attack surface and possibility for information to get stolen,” warns Budd.

Paying in cash may seem like an obvious way to avoid credit card information theft, but DataGravity's Hay cautions against using ATM machines that are rented by the hotel and not owned by major banks. “They’re in heavily trafficked areas, but not high security areas,” says Hay, adding that he steers clear of them based on research and attacks that have happened, and instead gets cash from his bank before he leaves.

6.     Install remote wipe software

If you have to bring with you on the road the company devices you use on a day-to-day basis, Budd recommends installing remote-wipe software on those devices. “Assuming that what you’re bringing with you will get lost or stolen at some point, you want to make it as hard as possible for someone to get what’s on there,” Budd says. Of course, you’ll want to back up all of your files before you leave as well in case you have to remotely wipe your devices for some reason.

7.     Avoid using desk and lamp USB ports

A lot of hotel rooms today offer direct USB plugins on desks and lamps as a convenience to their patrons, but Hay and Budd see these as a potential threat. Hay says to completely avoid using these ports because there’s a chance that information could be copied from your device by some mechanism in the lamp. Stick with wall plugs.

“If I’m using a USB based charger, it’s mine,” says Budd, adding that we’re long past days where a phones power cable is just a power cable. 

Emily Johnson is the digital content editor for InformationWeek. Prior to this role, Emily worked within UBM America's technology group as an associate editor on their content marketing team. Emily started her career at UBM in 2011 and spent four and a half years in content ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
KPierson
50%
50%
KPierson,
User Rank: Apprentice
5/12/2017 | 6:44:37 AM
Thank you for sharing the blog
Your blog is really very helpful.We use to prefer some of the tips like close the windows, use of trackers for computer and mobile, use hotel room safe for valuable belongings, anti-theft bag. Your blog has some many nice tips for traveler security in hotels. Thank you for sharing.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/29/2016 | 10:52:15 AM
Re: Get loaner devices from IT.
The potential for VM's is paramount here. Assuming your loaner devices are generic you could use them as a portal to log into a more defined resource.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/29/2016 | 10:50:40 AM
Re: Avoid using public-use terminals
Exactly. To add on to this benefit your machine will still have its local security mechanisms iin place most likely to combat unwanted snooping such as a username and password to log in to your laptop and a timeout to ensure that the activity time is utilized by the owner.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
4/29/2016 | 10:09:13 AM
Secure VPN
VPN works well when it is site-to-site setup. Such as in corporate offices. You can setup VPN server on your corporate server and use a VPN client in your end device, the communication between the end-device and the server would be encrypted so nobody but your corporate can access the data. No privacy but secure. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/29/2016 | 10:07:52 AM
Re: Get loaner devices from IT.
 

"...  loaner device may be generic. ..."

This is also a good point, for a non-techy person another computer may simply mean he/she would not get his/her job done and additional stress.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/29/2016 | 10:06:23 AM
Re: Get loaner devices from IT.
"... I don't see this being a common occurrence ..."

Agree with you. This was the case in the past, there is less likely an option anymore since we do have our own devices anymore in most cases.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/29/2016 | 10:04:43 AM
Re: Avoid using public-use terminals
 

" ... Avoid using public-use terminals ..."

This is a really great tip. Your own laptop is always better, let's say if you are using Gmail on your own laptop it is already encrypted from your laptop to Gmail server. Better than using hotel PC.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
4/29/2016 | 9:52:25 AM
VPN client?
I like the list, quite informative. Just one comment, I love it when I see "use VPN client" option when it comes to secure communication and privacy. Does anybody really think that this is bringing any security or privacy? Every VPN client has a VPN Server which one most likely have no control over so it is not secure or private.
RyanSepe
0%
100%
RyanSepe,
User Rank: Ninja
4/29/2016 | 8:33:19 AM
Get loaner devices from IT.
This is a good idea if your organization has extra devices. I don't see this being a common occurence because in many cases a loner computer isn't completely comprehensive solution for travel. For example, if you have a different role within the organization you may require different access, policies, etc. A loaner device may be generic.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/29/2016 | 8:30:05 AM
Avoid using public-use terminals
This is definitely a good tip. Whenever I visit a hotel I always see someone on the public terminals and knowing the nature of human behavior there are going to be many times that you forget to log out of whatever you were doing...Email, bank, paypal. These sources can provide data that would make it very easier for a snooper to acquire the information they need.
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12551
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
CVE-2019-12552
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service.
CVE-2019-3414
PUBLISHED: 2019-07-22
All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front en...
CVE-2019-10102
PUBLISHED: 2019-07-22
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". Th...
CVE-2019-10102
PUBLISHED: 2019-07-22
aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash. The component is: filterbank. The attack vector is: pass invalid arguments to new_aubio_filterbank. The fixed version is: after commit eda95c9c22b4f0b466ae94c4708765eaae6e709e.