A few weeks ago, during a hotel elevator ride, I began to panic. Not from the elevator hurtling up to my room at an ear-popping speed, but because I was suddenly afraid that the email program I had just been using in the business center might remember my username and password.
I don't know what brought on this moment of clarity, especially at 1:30 in the morning, but fortunately the wee hour meant that no one else had visited the business center since I had been there. I saw as soon as I started the email program again that I was still logged in.
This close call made me wonder how often travelers must walk away from shared computers without realizing that they're not actually logged off, leaving themselves vulnerable to the next person who bellies up to that computer and decides that he may as well have a look around the last user's mailbox for log-in credentials and other sensitive information.
The business center scare also got me thinking about other ways travelers may unwittingly put their online security at risk while using shared hotel computers, which in turn led me to Robert Siciliano. A personal security and identity theft expert, Siciliano likens hotel business center PCs to public toilets.
"Use them only if you are desperate," Siciliano says, adding that, "There are just too many things that can go wrong, and getting a virus in more ways than one is just the beginning."
A business center computer that "you have no administrative rights over," Siciliano says, "can easily have spyware that records your information as you surf the web and type. That means malware can easily snap screen-shots and record [your] usernames and passwords."
Beyond spyware and malware, Siciliano says, "There's nothing from stopping a criminal from plugging an external keycatcher into the [shared] machine that will later be retrieved with all of your and every other business traveler's information on it."
The biggest online security risk, he suggests, is "our own stupidity because we are in a hurry, [leaving] boxes checked to 'remember me' on this computer, which results in a cookie installed that keeps your log-in information going for two weeks or more," which of course is how I left myself vulnerable in that business center.
What's the smartest alternative to this "public toilet" scenario?
"Use your own mobile device for whatever research you need to do or [for that] boarding pass that needs to be retrieved," Siciliano says. "Other than that turning a flash-drive into a portable browser is your best bet."