Within an industry that seems to be falling under attack from all different directions, it is time that hotels took cybersecurity seriously. The past few years have seen some well-known brands become victim to cybercrime. Even if you have one of the best hotels in Tasmania, there is always the risk that someone will attack your system. It is time to invest and investigate to ensure it is put to a stop. Today we are taking a closer look at the cybersecurity for hotels, and the common threats, to decide what to do about them.
Phishing refers to the sending and receiving emails that appear, in nature, to be from a genuine source. A criminal will use it to convince the recipient that they should share their information. This could be in the form of personal information, passwords and financial information. This is one of the oldest and longest-lasting scams on the internet. Over time, this threat has now become more sophisticated and there are attacks that are targeting authority. The goal of a phishing attack is to take over an email account and send bogus emails to everyone on their contact list. For example, if you offer oyster farm tours at your hotel in Tasmania, phising criminals might try to poach the payment details from customers booking the excursion. These are aimed at persuading recipients to authorise transactions which are ordered from above.
The most famous ransomware attack was a group of criminals called Wannacry, that were attacking businesses in countries all over the world. Wannacry posed a huge threat as it took information and systems hostage. The goal was to gain financially from those who paid to get back access to their systems/data. As a hotelier, you run the high risk of cybersecurity failing and allow attacks to occur. Past hotels who have fallen victim ended up paying more than $18,000 to let guests back into their rooms and then create electronic keys for all the rooms.
This is a common and nasty form of attack that is used against hotels. It is called a distributor denial of service attack; you might be familiar with it. It is the “hack of choice” for people who target an array of systems that hotels use. From everyday items like sprinkler systems to more sensitive issues like security cameras are at risk of hijacking. DDoS can make a whole computer system crash.
The cybersecurity for all hotels should include a process that will mitigate any compromised systems if they go down in an attack.
There is more to privacy and security than simply risk and compliance!
There is the economic interest that is gaining commercial advantages from using personal information. Gaining more insights from customers and giving them more personalised services are now known as a core business goal. In order to combine the interest of risk management, economic advantages and the compliance with legal obligations – you will need to develop a vision for the hotel security.
That vision will need to take into account the goals and objectives of stakeholders as well.
Here are a few basic cyber practises that hotels could implement:
Supply chain protection
Attackers are targeting the IT supply chain along with partner networks as they often have fewer security measures in place. Hotels work alongside different suppliers and that offer a third-party risk by shifting to a more proactive cyber risk mitigation and monitoring.
This is important to be able to prevent and detect malware that is on the PoS terminal. International hotel chains are also a soft target when it comes to stealing credit card information through the point of sale systems. The NGAV doesn’t rely on the reactive constant signature updates to allow the business to find and stop the hard attacks.