Group items tagged

However, with more countries migrating to chip cards and EMV-compliant POS systems, attackers have shifted their focus to card-not-present fraud and are targeting industries where consumers are making their payments and reservations over the phone—such as hotel contact centers.

If guests aren’t convinced that the hotel is keeping their personal and financial data secure, they will take their business elsewhere. In order to protect their brand reputation and their business, hotels need to create a culture of security throughout their entire organization that focuses on protecting guests’ digital property in addition to their physical property. One of the best places to start is their contact center.

In an era of increasing cyberattacks, hotels can make themselves less of a target by adopting technology to ensure that payment card data and other personally identifiable information is kept secure and segregated from the contact center.

With such an approach, customers calling to make a reservation or order additional services discreetly type their card numbers into the telephone keypad, rather than reading them out loud to the agent on the phone line. The data is securely routed to the payment gateway or a more secure server so it is never shared with the agent and is not held in the contact center infrastructure. This ensures that there is no possible spillover of the data to the unsecured or unmonitored areas of the business. It also reduces the number of individuals with access to the sensitive data, and makes the hotel contact center a less attractive target for cybercriminals. As an added benefit, this approach makes it easier for the hotel to comply with Payment Card Industry Data Security Standards by reducing the scope of compliance. By keeping payment card data out of the contact center, hotels can significantly reduce the high costs and extensive time associated with maintaining PCI DSS compliance.  

With stronger security practices for handling guests’ sensitive data, the hotel industry as a whole can transform itself from being one of the most likely targets for data breaches to becoming a model for data security, thereby ensuring that fewer customers ever have to go through the experience

Guests can sleep peacefully knowing that their data is secure, and the hotel can rest assured that its name won’t be making headlines as victim of a costly data breach.

Documents such as copies of travel information, passport and identity documents, licenses, customer lists, etc. should be shredded daily.

Invest in cyber-security tools such as firewalls and tokenization and encryption to avoid online breaches through the business’ website or third-party sites.

Regularly update equipment and software with monitoring systems that can detect breaches at numerous terminals to avoid PoS breaches.

Ongoing training helps ensure employees understand and follow policies and best practices. They should also be trained on how to recognize potential risks such as phishing.

These breaches can also be costly, with the UK’s Information Commissioner’s Office (ICO) fining Marriott $23.8 million for the Starwood breach.

Today, close to 50% of all bookings happen through online travel agencies or online channels, with the share of offline bookings dropping every year.

For hotels, the information is exchanged between the payment gateway, the OTA, the intermediary and its central reservations system (CRS

These multiple data exchanges among partners leave the data that much more susceptible to breaches

, as not all providers have the same security standards.

First, they should reduce the temptation to focus on standalone point solutions

Instead, they should look at technology providers that help in securing the entire data value chain by focusing on having a security framework that stops data from moving outside of the country (which is where it is typically misused

Second, hotels should know the storage practices and policies of all providers, insisting on a zero percent storage rate to reduce the chance of personal data getting expos

Similarly, hotels should make sure that partners do not store any credit card information locally, which will reduce the risk of exposure

lso, with most companies using some form of cloud infrastructure, hotels should know the structure used by any partner (private, hybrid, public) as well as what protections are in place

They will also be taking an important step in protecting their brand identity, as brand will be essential as the recovery from the COVID-19 fallout continues

Personal information incl

hich led to a week-long shutdown of all Ticketfly services, as well as a number of Ticketfly.com-based venue websites, and forced several promoter partners to push back onsales or migrate to parent company Eventbrite’s platfor

in the data breach, w

consumer fraud, deceptive practices, breach of contract and negligence for its supposedly poor web security

Ticketfly failed to notify her that her data had been compromised, instead limiting its immediate response to a “passive support page” on the Ticketfly website and a “single tweet on social media”. Consequently, she says, she did not learn about the hack until September, months after her personal data was accessed

The PCI Security Standards Council claims that since March, malicious virus-related reports are up 475%. The reason for the uptick is that cybercriminals are trying to take advantage of rapid changes to the payment-card data environment. In addition, 41% of small businesses have said they’ve suffered breaches costing more than $50,000 to fix.

Contactless payment is one of the big changes within the payment data environment. Several restaurant companies – from chains to independents – are offering it because it reduces customers' physical interaction with the restaurant's POS system. As part of this move, some businesses have eliminated credit-card PIN numbers.

Eliot says malicious email is usually the easiest way for cybercriminals to access your networks. The emails typically show up as urgent requests for sensitive information, often pretending to be from the Small Business Administration or the Centers for Disease Control and Prevention. When the intended victim types in his or her credentials and clicks on a specific link or downloads an attachment, criminals are in.

Anyone looking for easy-to-implement security tips can try these six to start. Reduce areas where payment-card data is stored. The best way to protect against a data breach is to avoid storing any card information at all. With many small operators offering curbside pickup and accepting payment over the phone instead of through face-to-face transactions, it’s important they train employees not to write down payment card details. Instead, have them enter numbers directly into a secure terminal. Use strong passwords. Using weak and default passwords is one of the leading causes of payment data breaches among businesses. Effective passwords must be strong and updated regularly. The most recent guidance is: the longer, the better. Think of it almost as a “passphrase” rather than a password. Use it in the form of a sentence, but mix in different characters within the phrase. It’s much harder to break a long passphrase than it is a short, complex password. Weak and vendor default passwords often result in small business data breaches. Also, don’t repeat your passwords. Update your software often. Criminals look for outdated software to exploit flaws in unpatched systems. Timely installations of security patches are crucial to minimizing the risk of a breach. Whenever updates are available, use them. They will improve performance and close out some of the vulnerabilities cybercriminals are searching for. Enable two-factor authentication. It's so important for restaurateurs, especially where their POS systems or any of their sensitive databases are concerned, to have two-factor or multi-factor authentication enabled. If an instance where credentials are stolen occurs, there will be a second layer of verification the operator can rely on to potentially reduce the chances that information will be breached. Segment your networks. If you are going to store payment data, make sure your POS system has its own separate, secure network. Do not store sensitive documents on public cloud services such as Google Docs or DropBox. If you’re going to store sensitive documents, house them in an encrypted, locked down location.   Be hyper-vigilant. Criminals are going to try to take advantage of this pandemic situation as much as possible. You can protect yourself by not giving out sensitive information, especially within unsolicited emails. Don’t click on links you’re not expecting and do everything in your power to protect all sensitive information.

Hotels use a variety of different systems for operations, ranging from off-the-shelf, commercial programs to specialty programs. Each of these programs presents the potential for breach and, as noted above, a single weakness can create a weak system. Moreover, the transfer of information from one system to another is, in itself, a source of weakness.

Take Control. Cybersecurity cannot be relegated to a single party; owners, operators and brands all need to take an active role in reducing cyber risks.

The hospitality industry is facing both continuing challenges protecting the personal data of guests, as well as grappling with a new legal landscape. Companies need to recognize that while the trials are great, success will create trust in the industry's most important commodity - its guests. A comprehensive approach can give companies the chance not only to confront these issues, but create brand value in doing so.

More Security Insights Webcasts Malware from B to Z: Inside the threat from Blackhole to ZeroAccess Remove Administrator Rights Without Disrupting End User Productivity More >>White Papers

Valentino said the company overhauled its information security practices in the wake of the attacks, and also dismissed claims that anyone had been harmed by the breaches. "At the time of these incidents, we made prompt efforts to notify the hotel customers whose information may have been compromised, and offered them credit monitoring services," he said. "To date, we have not received any indication that any hotel customer experienced a financial loss as a result of these attacks."

"unfair and deceptive

The FTC accused Wyndham of failing to address the security vulnerabilities highlighted by the first breach, as well as failing to implement technology that could have detected unauthorized access to its networks. As a result, the agency said, in March 2009 attackers--"using similar techniques as in the first breach"--again

gained access to the Wyndham Hotels and Resorts network.

93% of companies without a disaster recovery plan who suffer a major data disaster are out of business within one year.

SMBs simply don’t have the resources to survive breaches and are risking their entire business by not fully preparing against attacks.

Research suggests that 70% of consumers would stop doing business with a company if it experienced a data breach.

even for businesses who can survive a breach and save their data, long-term consequences can be dire.

Consider a true next-gen antivirus for everyone under your network to minimize the potential for attack.

By keeping all your data periodically backed up in secure data centers, you can rest a lot more easily knowing that should the worst happen, you can respond quickly and effectively.

One of the most effective ways of counteracting the dangers of cyberthreats is by training employees and establishing policies around a security strategy.

Encryption: Encryption keeps data safe from unauthorized users. If an attacker steals an encrypted file, access is denied without finding a secret key. The data is worthless to anyone who does not have the key.

Authentication: Weak passwords are the most common enterprise security vulnerability. Many employees write their passwords down on paper. This defeats the purpose. Multi-factor authentication can solve this problem.

Breach Drills: Simulating data breaches can help employees identify and prevent phishing attacks. Users can also improve response times when real breaches occur. This establishes protocols for handling suspicious activity and gives feedback to users.Measurement: The results of data breach drills must inform future performance. Practice only makes perfect if analysts measure the results and find ways to improve upon them. Quantify the results of simulation drills and employee training to maximize the security of cloud storage.

Is the Cloud Secure and Private?Professional cloud storage comes with state-of-the-art security. Users must follow the vendor’s security guidelines. Negligent use can compromise even the best protection.

Redundancy makes cloud storage security platforms failure-proof. On-site data storage is far riskier. Large cloud vendors use economies of scale to guarantee user data is intact. These vendors measure hard drive failure and compensate for them through redundancy.Even without redundant files, only a small percentage of cloud vendor hard drives fail. These companies rely on storage for their entire income. These vendors take every precaution to ensure users’ data remains safe.

or hoteliers, recognizing this as a true weakness and doing what they can to remediate this problem is a necessity

MAKE CYBER SECURITY TRAINING A PRIORITYOnce employees are aware of the role they play in protecting the company, they must then receive regular and high-quality training on a variety of phishing attacks

remember, an hour long security training session once a year is likely to be highly ineffective. Instead, consider multiple short training sessions regularly.

GO BEYOND TRAINING

Email systems are too intimate with business applications and are typically installed on the same workstations for convenience," Sackowitz says. "Perhaps, as a safer alternative, it's time to look at sandboxing or bifurcating critical systems over one’s that converge with public delivery. Perimeters are still necessary. Additionally, there are technologies that can block or proxy any outbound URL from email that will minimize risk."

Experiencing a data breach could cost your hotel an excess of $5 million dollars.

These are three simple reasons why payment security should be a top concern at your hotel. There are ways to minimize, or even eliminate, the risk of data breaches. First, make payment security a priority for every department of your hotel, not just the IT department. Ensure that all employees understand the risks involved with improper handling of credit cards through training and education.

3. Longer or no security audit cycles

APTS are considered the most dangerous type of cyber-attack as they simply bypass the defenses that are in place.

Cyber-crime shows up on the security radar as the second highest risk the hotel industry is exposed to.

The gap between the low number of qualified security auditors worldwide and new hotels built is getting bigger and bigger.

Nearly 1.26 million hotels worldwide are dealing with all sorts of safety & security issues.

4. Physical crime will remain an issue for hotels

Physical crime ranges from professional burglaries using nifty social engineering techniques to temporary drug laps in hotel rooms.

Holdups at night involving firearms have increased since hotels are easily accessible and less protected compared to other industries operating at night.

5. Loss of competitive advantage after a major security incident

The recovery costs after a security incident, including the attention of the media, are often much higher than the investment in security and risk management.

Reputation is a vital yet fragile advantage that requires its very own security plan in a strong competitive market where guests nowadays love to make their booking decisions with the help of online travel review sites such as Tripadvisor & Co.

This type of situation was brought to a head earlier this year when marketing services giant Epsilon experienced a massive breach to its email systems. According to a SecurityWeek report, among those impacted by the breach were several hotel operators, including Hilton, Ritz-Carlton and Marriott.

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

According to a 2010 Wall Street Journal report, the most common security vulnerability in hotels is point-of-sale software. Often, hotels do not require employees to change the default names and passwords of these programs, making it easier for hackers to break in and steal customer information

According to a 2010 Wall Street Journal report, the most common security vulnerability in hotels is point-of-sale software. Often, hotels do not require employees to change the default names and passwords of these programs, making it easier for hackers to break in and steal customer information.

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

According to a 2010 Wall Street Journal report, the most common security vulnerability in hotels is point-of-sale software. Often, hotels do not require employees to change the default names and passwords of these programs, making it easier for hackers to break in and steal customer information

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

Hotels

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

otels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

Hotels

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.

Before the system goes live, create a few fake employees and test the system to see what you can access. This way you can identify any weak points in the system and work out the bugs before giving everyone access to the system.

it is important to understand that breaches can still occur. Having a disaster recovery plan in place will minimize the amount of time that your system is down and help to re-secure your data faster. There should be clear procedures in place for responding to a data breach so that the right employees know what to do in the event of a breach.

Having a plan in place can make it quicker and easier to recover from a breach, helping to secure information before further damage can be done and resolving issues stemming from the breach.

US. Cannabis dispensaries have to collect large quantities of sensitive information in order to comply with state laws,

the THSuite platform is designed to simplify this process for dispensary operators by automatically integrating with each state’s API traceability system.

The vpnMentor team says that the breach affected many more dispensaries, and that it’s possible that all THSuite clients and their customers were involved.

The researchers also found photographs of government-issued photo IDs and corresponding signatures of dispensary visitors and patients alike.

Under HIPAA regulations, it’s a federal crime in the U.S. for any health services provider to expose protected health information (PHI) that could be used to identify an individual.

the researchers say that THSuite could be subject to HIPAA violations, which can result in fines of up to $50,000 for every exposed record, or even in jail time.

hackers and scammers can take advantage of personal details exposed in the data breach about dispensary customers and employees to create highly effective personalized phishing attacks.

"Data breaches and the implications associated continue to be an unfortunate reality for today's businesses," Ponemon Institute Chairman and Founder Dr. Larry Ponemon said in a statement. "Year-over-year we see the tremendous cost burden that organizations face following a data breach.”

Cybersecurity incidents stemming from insider threats will include private or sensitive information being unintentionally exposed, customer records being compromised or stolen, and employee records being compromised or stolen.