Breaking Down Hotel Cybersecurity

Uploaded on 2017-07-06 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Hotels need cyber-security: Although they don’t have the volume of transactions that big box retail stores do, their transactions are generally larger, and their guests have more at stake than just their groceries. But the personal information hotels store is only part of what’s at risk.

Hospitality organisations need to understand their vulnerabilities, as well as how to identify threats to their guests, property and data.

Below are four key areas hotel cyber-security teams need to focus on:

1. Instill Security as a Cultural Norm
Hotel security is a standard practice, but the focus has traditionally been around physical property. Guests rely on hotels to keep themselves and their possessions safe during their stays. When they have high-value items that need more protection than just the lock on their door, they turn to the room safe or, in some cases, safes managed by hotel security staff.
Guests may mistakenly assume the same level of protection extends to the digital assets that reside on their laptops and smart-phones when they use hotel Wi-Fi connections. But hotels need to be certain they are delivering a consistent level of security to guests and their possessions, whether they are physical or digital.
2. Think Beyond the Credit Card
It’s obvious that all billing systems need to be secure to protect guests’ personal and financial information. But with centrally connected reservation systems, the exposure extends far beyond a single hotel’s booking system.
Hotels need to think about multiple endpoints and the remote connections they rely on to run the property’s operations. Electronic door locks, HVAC controls, alarms and a full range of Internet of Things (IoT) devices can fall under the control of cyber-criminals aiming to disrupt normal operations.
3. Be Smart About Responses 
Cyber-crimes happen, and they need to be reported responsibly, but not all breaches need to be announced at the moment of discovery. Hotel managers should notify their security teams at the corporate level so that actions can be taken to protect related properties and their guests.
Take advantage of cyber-security professionals who can identify sources of intrusion, assess the extent of the breach and provide details of the compromised material. Announcements of the breach surely need to be made quickly, but they should come after all the relevant information has been gathered and verified. That way, customers and their data can be properly advised and further exposures limited.
4. Don’t Sleep on Insider Threats
While malware and other sophisticated cyber-criminal schemes certainly represent a formidable threat, the majority of data breaches are initiated by individuals within the organisation. For example, an employee might steal data to sell it on the black market, or destroy or corrupt it for personal reasons.

More often, information is passed to criminals through social engineering, a practice that involves gaining small amounts of information over a period of time, generally from a variety of people within the company. 
The criminals are then able to piece together the bits of information to communicate with someone who might mistakenly divulge sensitive or protected information. Hotel properties need to devote time and effort to educating their staffs about these advanced threat techniques to protect their guests and their own reputations.
Securing the Hospitality Industry

Hotels are vulnerable to cybercrimes through a variety of avenues that break with the traditional physical security measures deployed across the hospitality industry.

Keeping guests and their assets, both physical and digital, safe is paramount to preserving both the image and financial security of hotels.

Security Intelligence:

You Might Also Read:

Essential Cyber Security Tips to Stay Safe Travelling:

 

« FBI’s Cybercrime Report 2017
Snapchat Map Raises Child Safety Concern »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

Rapid7

Rapid7

Rapid7 unites cloud risk management and threat detection to deliver results that secure your business and ensure you’re always ready for what comes next.

Huntsman Security

Huntsman Security

Huntsman Security provides technology to enable real-time security monitoring and immediate visibility of advanced threats and compliance issues.

Garrison Technology

Garrison Technology

Garrison SAVI® is a unique technology for secure remote browsing that can dramatically change the risk profile for enterprise cyber security.

Windscribe

Windscribe

Windscribe is a Virtual Private Network services provider offering secure encrypted access to the internet.

Cyber Academy

Cyber Academy

Cyber Academy is one of the first institutions in the SE Europe region that provides a hands-on program in cyber security, blockchain and AI.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

ACROS Security

ACROS Security

ACROS Security is a leading provider of security research, real penetration testing and code review for customers with the highest security requirements.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

Innefu Labs

Innefu Labs

Innefu is an Information Security R&D startup, providing cutting edge Information Security & Data Analytics solutions.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

TerraEagle

TerraEagle

Terraeagle is a boutique cyber security services company providing tailor-made solutions. Our core competency is in SOCaaS, MDRaaS & and Incident Response Retainer Services.

NetAlly

NetAlly

NetAlly network test solutions help engineers and technicians better deploy, manage, maintain, and secure today’s complex wired and wireless networks.

Trofi Security

Trofi Security

Trofi Security provides Information Technology and Information Security services to organizations in both the public and private sectors.