Where once there was a single PC tucked away in what looked like a converted broom closet, business travelers now often find what amounts to a business office away from home.
Where once there was a single PC tucked away in what looked like a converted broom closet, business travelers now often find what amounts to a business office away from home. Their individual services make them a nifty profit center with fee schedules not unlike a local Kinko's. Instead of one PC there are several, often in their own cubicles — sometimes free, sometimes rented by the hour. And that's just the beginning. The Mandarin Oriental in Miami, for instance, offers secretarial services (with different fees for typing double-spaced and single-spaced documents), laser printers, color copiers, facsimile machines and shipping supplies and service. Guests can also rent business equipment.
The point is, demand is skyrocketing for fully-equipped hotel business centers. "Internet browsing is by far the number one thing users do while using a public computer," says Shawn Thomas, CEO of Uniguest. "They check e-mail, check-in to their airline flights, print boarding passes, find local information ... they even remote into their work computer to perform work tasks."
The result: public workstations are becoming ubiquitous. The problem: network security isn't there yet.
Dataguards On Duty
The hotel industry is beginning to recognize the security concerns with regards to public computer workstations, says Thomas. His company's software protection and maintenance service for automated public PC workstations (business centers, lobby PCs and boarding pass printing stations) is now being used by 2,000 hotel properties.
Not that Uniguest has a corner on the market; it is in fact one of the smaller suppliers in this emerging industry. Your travelers are more likely to be familiar with iBAHN (which now claims to serve 14 million business travelers) or T-Mobile — its Hotspots may be fading away from Starbucks but there's plenty more installed in hotels carrying brands like Hyatt, Red Roof, Marriott and Novotel. There's also segment providers out there with names like Guest-Tek, Passym, TurboNet and Wayport, among others.
Too many travelers "assume the hotel property is protecting them," says Thomas. "Regrettably, many hotel operators are not aware of the liabilities involved with providing a public PC and it has lead to computer fraud in some cases.
"Imagine this," he goes on. "A criminal walks into your hotel, installs a device that captures every keystroke on your public PC, and then comes back a week later to retrieve it. Can you fathom the type of information they will retrieve from hotel guests? That is scary! Recently, a man plead guilty to a 16-count indictment involving an identity theft scheme from hotel business center computers and Internet lounges."
Stay In Your Room
In fact, Mary Landesman, a senior security researcher with ScanSafe, describes hotel business centers as a business traveler's "absolute last resort." What's preferable, she says, is an in-room ethernet connection or a T-Mobile Hotspot, both used with suitable precautions. Before logging in on their laptops from their hotel rooms, travelers should disable their file- and print-sharing capabilities. T-Mobile offers extra security measures, she concedes, but even then users should employ their own measures such as antivirus software and personal firewalls.
A study conducted in 2006 by Farpoint Group illustrates the extent of the problem and indicates the direction most liability-fearful hoteliers are going. The researchers tested public access systems at 24 hotels to evaluate the security threats their systems and their guests faced, and the efficacy of the security precautions being used.
The quality of the security at the various implementations varied widely, they reported. All the top-performing sites — were operated by iBAHN or T-Mobile (Uniguest was not represented in the test.) Of the 24 hotels tested, only six could prevent wireless eavesdropping. At three hotels, the only vulnerability encountered was NetBIOS browsing in an unaffiliated business center.
As Landesman suggests, the responsibility cannot be left to the hoteliers. It's not fair and it's probably not going to be entirely effective. The Farpoint researchers point out that "hotel broadband users often expose server applications and stored data to other devices connected to the same wired or wireless LAN ... where unseen peers could be colleagues, competitors, or outright attackers." Adding to the problem, they explain, is the fact that many notebooks automatically announce themselves to everyone on the network — "Hotels can thus be excellent venues for those interested in stealing confidential data from business travelers."
Beyond Data Security
There has been one other liability issue that has raised its head. Uniguest's Thomas sees it from the hospitality industry's point of view. In a blog written a year ago, he observes that hoteliers have become increasingly concerned about their liability if a guest accesses adult content on a hotel computer. "Imagine a graphic image saved to the desktop of a PC and a minor walking up to the PC," Thomas writes. "I have no doubt that is a problem."
It's a problem from the corporate standpoint as well. The Association of Corporate Travel Executives has pointed out that it may not come to light until your traveler approaches an international border checkpoint. It too has issued some suggested guidelines for avoiding trouble.
Bottom line: business centers, in-room connectivity and public area accessibility are all important to your business travelers. But mitigating risk from uneducated use of those amenities cannot be ignored. Prudent travel managers will find out where their top management places the responsibility for meeting that need.