Business travel can expose individuals to serious cyber threats when connecting to hotel or airport Wi-Fi, so here we explain how to stay secure using practical precautions such as VPNs and mobile tethering.
Why Public Wi-Fi Is a Hidden Risk for Travellers
Public Wi-Fi is one of the most widely used digital conveniences among UK business travellers. Whether in airports, hotels, cafés or train stations, free internet access is often seen as a quick and easy way to stay productive while on the move. But security experts are warning that many of these networks are poorly protected or actively targeted by cyber criminals looking to intercept data or install malware.
A Norton survey found that 60 per cent of travellers were already connecting to public Wi-Fi at least once a week in 2023, with nearly half admitting they’d used unsecured networks to check work emails or log in to sensitive accounts. More recently, a 2024 analysis by cybersecurity firm Inflection Point confirmed that around 70 per cent of business travellers had encountered some form of cyber threat while away from their usual workplace.
For UK businesses in 2025, the operational risk is even greater. Remote access to corporate tools is now standard, while business travel has rebounded strongly across Europe and beyond. Insecure public networks can easily be exploited to steal credentials, compromise cloud accounts or gain backdoor access to business systems. The threat is no longer limited to high-risk environments, it’s embedded in everyday travel routines.
How Criminals Target Public Wi-Fi Users
The main security risk with public Wi-Fi is that it often lacks encryption. This means that the data sent between your device and the router can be intercepted by third parties using basic equipment. One of the most common tactics is known as a man-in-the-middle attack, where a hacker places themselves between you and the network to eavesdrop on your activity or harvest personal and company data.
Rogue Wi-Fi Hotspots
Another growing tactic is the use of so-called “evil twin” networks. These are rogue Wi-Fi hotspots set up to mimic a legitimate service, often with names like “Hotel_WiFi_Guest” or “Free_Airport_WiFi”. Once connected, users may be redirected to phishing pages or silently monitored. According to a recent report from US-based WatchGuard Technologies, it takes as little as £400 worth of off-the-shelf kit to create one of these fake hotspots.
Even genuine Wi-Fi networks can be a risk. For example, hotel systems are often shared across hundreds of users and rarely updated or segmented, making them soft targets. Airports are also ideal hunting grounds for criminals, thanks to the large volume of fast-moving, distracted users and international visitors unfamiliar with local security risks.
What Experts Recommend for Safer Connections
Security experts agree that the safest approach is to avoid public Wi-Fi altogether where possible. However, when access is essential, there are some practical steps that can significantly reduce the risk.
VPNs
The most important measure is to use a virtual private network (VPN). A VPN encrypts your internet traffic, so even if someone intercepts the connection, they won’t be able to read or tamper with your data. As Paul Bischoff, consumer privacy advocate at Comparitech, explains: “A VPN creates a secure tunnel that protects your traffic from snoopers on unsecured networks. For travellers, it’s an essential layer of defence.”
There are dozens of business-grade VPN providers on the market, with options like NordVPN, Surfshark and ExpressVPN all offering apps compatible with laptops and mobile devices. However, not all VPNs are equally secure. Free versions, in particular, may collect data or lack proper encryption protocols.
Tethering
Another option is mobile tethering, which involves connecting a laptop or tablet to the internet via your phone’s 4G or 5G data rather than using Wi-Fi. This method uses your mobile provider’s encrypted network and is generally far safer than connecting to unknown hotspots. Most smartphones have built-in hotspot functionality, though business travellers should check their data limits before relying on this approach abroad.
In situations where public Wi-Fi must be used, it’s also wise to:
– Avoid online banking, file sharing and sensitive logins.
– Stick to websites using HTTPS (look for the padlock symbol in your browser).
– Turn off auto-connect and file sharing features.
– Set the connection type to ‘Public’ in your device settings.
– Keep all apps, browsers and antivirus software up to date.
How Mobile Habits Can Create Unintended Exposure
A recent study by the UK’s National Cyber Security Centre (NCSC) highlighted how user behaviour plays a key role in exposure to cyber threats. In their analysis of business travel patterns, they found that users often relax security habits when on the move, especially during summer holidays or while rushing through airports.
For example, many travellers leave their phones or laptops unlocked, or stay logged in to work systems and cloud services. Others fail to check the legitimacy of a network before connecting, relying on familiar-sounding names. These small lapses, while understandable, can make it much easier for attackers to gain access.
The NCSC advises that staff travelling for work should be briefed on digital hygiene protocols and given the tools needed to work safely while mobile. This might include rolling out managed VPN solutions or providing mobile data allowances specifically for tethering.
The Cloud
One other important aspect to consider is that businesses are now increasingly reliant on cloud-based tools and remote access platforms, from Microsoft 365 and Slack to enterprise CRM systems. This has brought major flexibility gains, but it has also raised the stakes when it comes to endpoint security. For example, a compromised login from a hotel room abroad could open the door to serious breaches back home.
The UK’s Information Commissioner’s Office (ICO) warns that data breaches involving personal or client information (even if caused by insecure Wi-Fi use) can lead to investigations and fines under the UK GDPR regime. For regulated sectors such as legal, healthcare and finance, this risk is even more acute.
Reputational Damage Risk
There’s also reputational damage to consider. In one documented incident investigated by FireEye, a consultant’s credentials were stolen via a compromised hotel Wi-Fi network linked to the Russian espionage group APT28 (also known as Fancy Bear). The attackers exploited hotel routers to harvest guest login details, and those credentials were later used to access corporate systems remotely. Although no malware was installed on the consultant’s device, the breach led to serious trust issues for the consultancy firm involved, who were forced to issue apologies to clients and implement stricter travel security protocols.
Simple Precautions That Reduce the Risk for Everyone
Despite the risks, public Wi-Fi use isn’t going away anytime soon, but business travellers can take control with a combination of awareness and simple protective tools. In addition to using a VPN or mobile tethering, businesses should ensure that staff understand how to recognise suspicious networks and what to do if they think a device has been compromised.
MFA
The NCSC also recommends that all business devices use multi-factor authentication (MFA) and endpoint security tools to minimise exposure. Organisations should also maintain clear reporting lines in the event of a suspected breach so that action can be taken quickly.
Whether on a short-haul trip to Brussels or checking emails from a hotel bar in Singapore, a few small changes in behaviour can significantly reduce the likelihood of an attack. With cyber criminals becoming more sophisticated each year, secure connectivity is now essential travel kit.
What Does This Mean For Your Business?
Cyber security on the move is no longer a niche concern for IT teams. As this summer’s travel season gathers pace, the reality is that every employee logging on from a hotel, airport or conference centre is a potential entry point for a wider breach. Public Wi-Fi remains widely used but poorly understood, and attackers continue to exploit that gap with tactics that are cheap to deploy but costly to recover from.
For UK businesses, the stakes are clear. A single compromised login can lead to regulatory consequences, reputational damage and financial loss. This is especially true in sectors where client confidentiality, personal data or financial systems are involved. Relying on convenience over security, particularly during travel, risks undermining all the investment made in other parts of the company’s digital infrastructure. However, as this article has shown, the tools to mitigate that risk already exist. VPNs, mobile tethering, MFA, and well-informed staff are not just best practice, they are now baseline requirements for secure hybrid working.
What matters next is awareness and consistency. Companies must ensure that secure connection policies are more than a tick-box exercise, especially as international travel becomes routine again.
