Breaking Down Hotel Cybersecurity

Uploaded on 2017-07-06 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Hotels need cyber-security: Although they don’t have the volume of transactions that big box retail stores do, their transactions are generally larger, and their guests have more at stake than just their groceries. But the personal information hotels store is only part of what’s at risk.

Hospitality organisations need to understand their vulnerabilities, as well as how to identify threats to their guests, property and data.

Below are four key areas hotel cyber-security teams need to focus on:

1. Instill Security as a Cultural Norm
Hotel security is a standard practice, but the focus has traditionally been around physical property. Guests rely on hotels to keep themselves and their possessions safe during their stays. When they have high-value items that need more protection than just the lock on their door, they turn to the room safe or, in some cases, safes managed by hotel security staff.
Guests may mistakenly assume the same level of protection extends to the digital assets that reside on their laptops and smart-phones when they use hotel Wi-Fi connections. But hotels need to be certain they are delivering a consistent level of security to guests and their possessions, whether they are physical or digital.
2. Think Beyond the Credit Card
It’s obvious that all billing systems need to be secure to protect guests’ personal and financial information. But with centrally connected reservation systems, the exposure extends far beyond a single hotel’s booking system.
Hotels need to think about multiple endpoints and the remote connections they rely on to run the property’s operations. Electronic door locks, HVAC controls, alarms and a full range of Internet of Things (IoT) devices can fall under the control of cyber-criminals aiming to disrupt normal operations.
3. Be Smart About Responses 
Cyber-crimes happen, and they need to be reported responsibly, but not all breaches need to be announced at the moment of discovery. Hotel managers should notify their security teams at the corporate level so that actions can be taken to protect related properties and their guests.
Take advantage of cyber-security professionals who can identify sources of intrusion, assess the extent of the breach and provide details of the compromised material. Announcements of the breach surely need to be made quickly, but they should come after all the relevant information has been gathered and verified. That way, customers and their data can be properly advised and further exposures limited.
4. Don’t Sleep on Insider Threats
While malware and other sophisticated cyber-criminal schemes certainly represent a formidable threat, the majority of data breaches are initiated by individuals within the organisation. For example, an employee might steal data to sell it on the black market, or destroy or corrupt it for personal reasons.

More often, information is passed to criminals through social engineering, a practice that involves gaining small amounts of information over a period of time, generally from a variety of people within the company. 
The criminals are then able to piece together the bits of information to communicate with someone who might mistakenly divulge sensitive or protected information. Hotel properties need to devote time and effort to educating their staffs about these advanced threat techniques to protect their guests and their own reputations.
Securing the Hospitality Industry

Hotels are vulnerable to cybercrimes through a variety of avenues that break with the traditional physical security measures deployed across the hospitality industry.

Keeping guests and their assets, both physical and digital, safe is paramount to preserving both the image and financial security of hotels.

Security Intelligence:

You Might Also Read:

Essential Cyber Security Tips to Stay Safe Travelling:

 

« FBI’s Cybercrime Report 2017
Snapchat Map Raises Child Safety Concern »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Black Duck Software

Black Duck Software

Black Duck Hub allows organizations to manage open source code security as well as license compliance risks.

ManTech International

ManTech International

ManTech provides comprehensive, integrated cyber security support, which includes computer and network design, implementation, and operations.

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

XPO IT Services

XPO IT Services

XPO IT Services are dedicated to providing secure, high quality IT recycling and asset disposal services.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Blue Lance

Blue Lance

Blue Lance is a global provider of cybersecurity governance solutions. Our software solutions automatically collect and store the information necessary for investigations, audit and compliance.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

Ridge Global

Ridge Global

Ridge Global works with C-suite executives and corporate directors to build more resilient organizations through innovative preparedness, protection, response and education capabilities.

Fastcomcorp

Fastcomcorp

Fastcomcorp offers a world-class proactive cyber security defense and risk management consulting. Including Darkweb monitoring and posture assessments.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

VIRTIS

VIRTIS

VIRTIS' mission is to provide today's leading organizations peace of mind that their entire digital network perimeter is safe from hackers and data breach.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

Swish Data Corp.

Swish Data Corp.

Swish delivers when the problems are complex, requirements are difficult, and the mission is absolutely critical.

TisOva

TisOva

TisOva is an innovative cybersecurity startup dedicated to addressing the growing issue of online scams targeting students.