Breaking Down Hotel Cybersecurity

Uploaded on 2017-07-06 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Hotels need cyber-security: Although they don’t have the volume of transactions that big box retail stores do, their transactions are generally larger, and their guests have more at stake than just their groceries. But the personal information hotels store is only part of what’s at risk.

Hospitality organisations need to understand their vulnerabilities, as well as how to identify threats to their guests, property and data.

Below are four key areas hotel cyber-security teams need to focus on:

1. Instill Security as a Cultural Norm
Hotel security is a standard practice, but the focus has traditionally been around physical property. Guests rely on hotels to keep themselves and their possessions safe during their stays. When they have high-value items that need more protection than just the lock on their door, they turn to the room safe or, in some cases, safes managed by hotel security staff.
Guests may mistakenly assume the same level of protection extends to the digital assets that reside on their laptops and smart-phones when they use hotel Wi-Fi connections. But hotels need to be certain they are delivering a consistent level of security to guests and their possessions, whether they are physical or digital.
2. Think Beyond the Credit Card
It’s obvious that all billing systems need to be secure to protect guests’ personal and financial information. But with centrally connected reservation systems, the exposure extends far beyond a single hotel’s booking system.
Hotels need to think about multiple endpoints and the remote connections they rely on to run the property’s operations. Electronic door locks, HVAC controls, alarms and a full range of Internet of Things (IoT) devices can fall under the control of cyber-criminals aiming to disrupt normal operations.
3. Be Smart About Responses 
Cyber-crimes happen, and they need to be reported responsibly, but not all breaches need to be announced at the moment of discovery. Hotel managers should notify their security teams at the corporate level so that actions can be taken to protect related properties and their guests.
Take advantage of cyber-security professionals who can identify sources of intrusion, assess the extent of the breach and provide details of the compromised material. Announcements of the breach surely need to be made quickly, but they should come after all the relevant information has been gathered and verified. That way, customers and their data can be properly advised and further exposures limited.
4. Don’t Sleep on Insider Threats
While malware and other sophisticated cyber-criminal schemes certainly represent a formidable threat, the majority of data breaches are initiated by individuals within the organisation. For example, an employee might steal data to sell it on the black market, or destroy or corrupt it for personal reasons.

More often, information is passed to criminals through social engineering, a practice that involves gaining small amounts of information over a period of time, generally from a variety of people within the company. 
The criminals are then able to piece together the bits of information to communicate with someone who might mistakenly divulge sensitive or protected information. Hotel properties need to devote time and effort to educating their staffs about these advanced threat techniques to protect their guests and their own reputations.
Securing the Hospitality Industry

Hotels are vulnerable to cybercrimes through a variety of avenues that break with the traditional physical security measures deployed across the hospitality industry.

Keeping guests and their assets, both physical and digital, safe is paramount to preserving both the image and financial security of hotels.

Security Intelligence:

You Might Also Read:

Essential Cyber Security Tips to Stay Safe Travelling:

 

« FBI’s Cybercrime Report 2017
Snapchat Map Raises Child Safety Concern »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

High Technology Crime Investigation Association (HTCIA)

High Technology Crime Investigation Association (HTCIA)

HTCIA was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes.

Paladion

Paladion

Paladion is a provider of managed IT security services.

Deltagon

Deltagon

Deltagon develops information security solutions to protect companies’ confidential information in e-communication and e-services.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

Garrison

Garrison

Garrison SAVI® is a unique technology for secure remote browsing that can dramatically change the risk profile for enterprise cyber security.

Dreamlab Technologies

Dreamlab Technologies

Dreamlab specialises in securing critical IT infrastructures. We offer qualitative support and advice for managing your infrastructure and cyber security needs.

Nextcloud

Nextcloud

Nextcloud offers offers solutions to the combined need of security and ubiquitous access to data and collaboration technology.

WhiteSource

WhiteSource

WhiteSource is the only all-in-one security, compliance, and reporting solution for managing open source components.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

Tapestry Technologies

Tapestry Technologies

Tapestry Technologies supports the Department of Defense in shaping its approach to cybersecurity.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.