How Airbnb hosts can make their property cyber secure
Published by on January 11, 2017 in Information Security

airbnb office
Being an Airbnb host is a rewarding experience, both socially and financially. But as you supplement your income and make new friends from around the world, it’s important to remember that running a secure Airbnb is paramount for both you and your guests.

Part of hosting a safe, secure, and efficient Airbnb means maintaining best cyber security practices. Failing to do so could put you and your guests at risk of being hacked, nearby freeloaders using up bandwidth, and running up costly overage charges.

Wifi routers and modems are the most vulnerable choke points for guests. We’ll start this guide by showing you a few simple steps to prevent abuse and give guests peace of mind.

How to secure your guest wifi

To set up a separate and secure wifi network for your guests, you’ll need to access your wifi routers’ configuraton dashboards. This is usually done by connecting to the wifi or via LAN cable and typing 192.168.0.1 or 192.168.1.1 in your web browser’s URL bar.

Change your router passwords

By default, most routers ship with easy-to-guess usernames and passwords, such as “admin”. This makes it easy for an attacker to gain access to your router and gain administrative privileges on it. Go to your router’s configuration dashboards and change the password to access the dashboard to something stronger.

Be wary of recycling old wifi passwords used by guests to connect to the network. These should be changed fairly regularly to avoid access by wifi cracking apps and freeloaders. Be sure to use WPA2 encryption and not WEP.

Don’t share a wifi network.

It’s best not to share a wifi network with your guests. If you don’t want to pay for a separate internet subscription, check to see if your router has a guest access feature. If not, you can buy a second router to set up a secondary sub network. Follow these steps to connect the secondary router using a LAN-to-WAN configuration, which creates a sub network inside of the main network. This process is called “cascading”. The location of these settings in the configuration dashboard will vary depending on your router model and firmware.

  1. Connect your computer to the primary router with a LAN cable and set its DHCP service to assign addresses between 192.168.1.2 and 192.168.1.50.
  2. Connect your computer to the secondary router with a LAN cable and change the local IP address so that it matches the first router, except increase the second-to-last digit by one (e.g. from 192.168.1.1 to 192.168.2.1). Make sure the subnet mask is identical to the primary router (usually 255.255.255.0).
  3. Disable UPnP on the secondary router.
  4. Set the DHCP server on the secondary router to assign addresses between 192.168.2.2 and 192.168.2.50.
  5. Manually set the wireless channel on the primary router to 1 through 6, and the secondary router to 11.
  6. Connect your routers with a LAN cable running from a LAN port on your main router to the main internet WAN port of the secondary router.

You should now have a second sub network for guests to connect to independent of your own. Set the password and SSID network name to whatever you like (be sure to use WPA2).

Don’t let guests access your router

Most routers can be factory reset by holding down a button on the back with a pen or paper clip. This gives guests access to the admin dashboard, where they can control everything from which devices get bandwidth priority to intercepting web traffic. An unscrupulous guest could change DNS settings or install malware to spy on subsequent guests’ activity.

As guests, we should all use VPNs when staying at an Airbnb, but obviously it’s not realistic to enforce such a rule. For this reason, we recommend keeping routers out of guests’ reach, even cascaded routers as described above. You can keep them in a locked cabinet or some other secure location.

On the reverse side of the coin, preventing guests from accessing their accommodation’s router can come across as not transparent and even shifty. If concerns arise, be honest. Explain the setup used and why.

Know your ISP plan

Make sure to read the fine print on your internet service provider’s user agreement. ISPs often cap downloads at a certain number of gigabytes per month. If exceeded, ISPs can charge fees for overages, bump you up to the next tier plan, and/or throttle bandwidth for the remainder of the month.

Furthermore, check to see how many devices may be connected to your internet in a given period of time. If you change guests frequently and each brings their own phones, laptops, and tablets, the number of unique devices can rack up quickly. Some ISPs limit the maximum number of unique devices (simultaneous or total) on normal home accounts. If you exceed the limit, the ISP can force you to switch to a business account.

An easy way to avoid this is to connect devices to your own wireless router instead of one provided by your ISP. Make sure to enable DHCP and disable bridged mode so your router can freely dole out local IP addresses. You can connect over 200 devices to a router, and that router only counts as one device to the ISP and a single public-facing IP address.

Smart TVs and streaming devices

Many modern Airbnb hosts are opting to cut cable and instead provide guests with internet-enabled smart TVs and set-top boxes like Roku, Apple TV, Chromecast, and Amazon Fire TV. If you’ve already ensured that no harm will come from guests binge-watching their favorite shows according to your ISP plan outlined above, these offer a great way to provide entertainment.

You can allow guests to sign in with their own accounts or have your own accounts logged in and ready to use. Both are viable options but require a couple precautions.

If guests use their own Netflix and Hulu accounts, be sure to sign out of them between visits. Otherwise subsequent guests will continue to use the previous visitors’ subscriptions.

If you offer up your own accounts, make sure to disable any pay-per-view or one-click ordering capabilities on each app. A password should be required for any one-off rentals and purchases. This will prevent guests from racking up charges on your credit card.

Use smart appliances

To avoid large electrical bills, Airbnb hosts might want to consider investing in smart appliances. In particular, air conditioners, heaters, and lights are often left on for hours when no one is home. Smart appliances and electrical outlet timers can help reign in this behavior.

Smart locks armed with magnetic swipe cards or key codes can prevent guests from making copies of keys and breaking in at a later time. Just make sure to change key codes regularly and keep track of fobs and key cards you hand out.

Before booking, only communicate using Airbnb

The Airbnb app only allows communication between prospective guests and hosts through the company’s built-in messaging system. The main reason for this is so that guests can’t just arrange a stay outside of the Airbnb system and avoid paying the company’s fees. But it also serves as a shield against phishing attempts.

Be wary of both hosts and guests that attempt to make contact outside of the Airbnb system before a booking has been confirmed. They could be phishing for information, such as an exact address and which days the Airbnb is free. This information could be used by a burglar to find an opportune time to break in and steal things, for example.

Airbnb Office” by Open Grid Scheduler licensed under the public domain

Leave a Reply

Your email address will not be published. Required fields are marked *