Epstein summed up the threat, "This is at least as much social engineering as technical in nature. One can imagine that even a seasoned traveler, under stress and lacking in sleep, might click once on a well-disguised attack... and it only takes once."
Chris Messer, vice president of technology at Coretelligent, offers this advice for business travelers: "Individuals should avoid hotel wired and wireless Internet services all together, and instead rely on a company provided mobile hotspot device, or tether via their mobile device. When individuals are required to leverage a hotel's wired or wireless Internet, they should avoid performing any system administrative tasks or updates (Windows Updates, Browser or plugin updates, etc.)."
Connecting to your own separate network removes the opportunity for attackers to dupe you with fake login pages, and it prevents your network traffic from being exposed to everyone else connected to the hotel network.
Sign up for Computerworld eNewsletters.