Breaking Down Hotel Cybersecurity

Uploaded on 2017-07-06 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Hotels need cyber-security: Although they don’t have the volume of transactions that big box retail stores do, their transactions are generally larger, and their guests have more at stake than just their groceries. But the personal information hotels store is only part of what’s at risk.

Hospitality organisations need to understand their vulnerabilities, as well as how to identify threats to their guests, property and data.

Below are four key areas hotel cyber-security teams need to focus on:

1. Instill Security as a Cultural Norm
Hotel security is a standard practice, but the focus has traditionally been around physical property. Guests rely on hotels to keep themselves and their possessions safe during their stays. When they have high-value items that need more protection than just the lock on their door, they turn to the room safe or, in some cases, safes managed by hotel security staff.
Guests may mistakenly assume the same level of protection extends to the digital assets that reside on their laptops and smart-phones when they use hotel Wi-Fi connections. But hotels need to be certain they are delivering a consistent level of security to guests and their possessions, whether they are physical or digital.
2. Think Beyond the Credit Card
It’s obvious that all billing systems need to be secure to protect guests’ personal and financial information. But with centrally connected reservation systems, the exposure extends far beyond a single hotel’s booking system.
Hotels need to think about multiple endpoints and the remote connections they rely on to run the property’s operations. Electronic door locks, HVAC controls, alarms and a full range of Internet of Things (IoT) devices can fall under the control of cyber-criminals aiming to disrupt normal operations.
3. Be Smart About Responses 
Cyber-crimes happen, and they need to be reported responsibly, but not all breaches need to be announced at the moment of discovery. Hotel managers should notify their security teams at the corporate level so that actions can be taken to protect related properties and their guests.
Take advantage of cyber-security professionals who can identify sources of intrusion, assess the extent of the breach and provide details of the compromised material. Announcements of the breach surely need to be made quickly, but they should come after all the relevant information has been gathered and verified. That way, customers and their data can be properly advised and further exposures limited.
4. Don’t Sleep on Insider Threats
While malware and other sophisticated cyber-criminal schemes certainly represent a formidable threat, the majority of data breaches are initiated by individuals within the organisation. For example, an employee might steal data to sell it on the black market, or destroy or corrupt it for personal reasons.

More often, information is passed to criminals through social engineering, a practice that involves gaining small amounts of information over a period of time, generally from a variety of people within the company. 
The criminals are then able to piece together the bits of information to communicate with someone who might mistakenly divulge sensitive or protected information. Hotel properties need to devote time and effort to educating their staffs about these advanced threat techniques to protect their guests and their own reputations.
Securing the Hospitality Industry

Hotels are vulnerable to cybercrimes through a variety of avenues that break with the traditional physical security measures deployed across the hospitality industry.

Keeping guests and their assets, both physical and digital, safe is paramount to preserving both the image and financial security of hotels.

Security Intelligence:

You Might Also Read:

Essential Cyber Security Tips to Stay Safe Travelling:

 

« FBI’s Cybercrime Report 2017
Snapchat Map Raises Child Safety Concern »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cambray Solutions

Cambray Solutions

Cambray Solutions LLC., is a leading technology consulting and software solutions company.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Allianz

Allianz

Allianz Cyber Protect is a comprehensive cyber insurance provided internationally and tailored to your company´s risk profile.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

Halcyon Knights

Halcyon Knights

Halcyon Knights is a specialist executive search and IT recruitment agency in the APAC region. Areas of specialisation include cybersecurity.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Cufflink

Cufflink

Cufflink makes your business more secure, compliant and trusted. We limit the likelihood and impact of a data breach by controlling exactly what can and can't be done with personal data.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.