Group items tagged

These criminals infect point-of-sale systems with malware that scrapes card information. 20 out of the top 21 high-profile breaches that have occurred since 2010 have been a result of this strategy.

One of the more recent data breaches in 2019 - the Earl Enterprises data breach involved the theft of over 2 million credit card numbers. It is believed that the breach was the result of malware installed on POS systems at the popular restaurants run by the company.

Having well-trained staff is invaluable for ensuring the secure collection and storage of sensitive data. However, the hospitality industry has a very high turnover rate due to the fact that it largely involves seasonal work.

Just one untrained individual can give cybercriminals easy loopholes to gain access to sensitive customer data.

It involves employees selling customer data to third parties unknown to the management of their organization

High profile breaches such as the recent Marriott International data breach which resulted in the leakage of the personal data of over 500 million guests continue to drive up awareness levels.

Failure to provide adequate data protection can have catastrophic consequences for hospitality companies

Organizations in the hospitality sector can protect the data of their customers by implementing a number of best practices for mitigating the risks associated with data collection.

2. Before a crisis: Have a Risk Management Process in place

A Risk Management Process aims to reduce the uncertainties of actions taken during a crisis. It is important to have this is place in advance, so that your organisation is well prepared for unexpected events that may happen in future.

Establish the context

Identify the risks

Know who your stakeholders are

Analyse and evaluate risks

Analysing risks involves determining the likelihood of a crisis occurring and their possible consequences, from insignificant up to catastrophic. Understanding which possible crisis would have the most negative impact will enable you to decide on the priority course of action.

Treat risks

Communicate and Consult

Being visible and keeping in touch with your stakeholders is one of the most important factors of risk management, and it must be done on a continuous basis in all stages, before, during and after a crisis.

No two crises are the same, and some destinations will be more susceptible to particular crises than others. You should carry out a risk analysis, drawing up a list of crises that might happen based on those that have occurred in your region/country in the past and may happen again.

Draw up a list of your stakeholders to get a clear overview, so you can ensure they are included in all correspondence you issue.

Use your website and social media to keep in touch

ou should revisit your website regularly and publish the most recent information about the impact a crisis is having on your destination/region.

It is really important to date your website communications, so that users can be sure they are receiving the most up-to-date information.

Monitor and review

Crises are often fast-moving; situations tend to be highly changeable and can be volatile. This means that current processes, plans or procedures that you have in place to deal with a crisis should be regularly reviewed and updated. Your plan should be flexible and dynamic, so that you can adapt easily to the changing situation when a crisis happens.

Training and testing

Once you have formulated your Risk Management Plan, you must train your staff and test the plan.

3. During the crisis: Follow these four steps

Once a company is in the middle of a crisis, the first thing to do is to understand the situation as best you can and understand the impact it can have on your organisation. This is a continual process as one of the characteristics of a crisis is that it’s always changing, and the effects on your business will also constantly shift.

1. Mitigation

Mitigation refers to the initial actions that the company that is directly in the face of the crisis or emergency needs to carry out. These are the first steps that need to be taken to protect the ones in the immediate line of fire – teams, customers, suppliers, industry partners and finances.

2. Preparedness

he mitigation stage of the crisis management could be a very short process or a long, drawn-out process, depending on the immediate effect of the crisis on your business. At the same time, the process to start preparing the business for this particular crisis can be key to the next stages of Response and Recovery.

3. Response

The majority of crisis management lies in the response to the crisis. All the preparation you have already done to protect the company and its assets will help you in the response stage.

4. Recovery

It is difficult to know when the Response phase becomes the Recovery phase. However, it is clear that, while you are on the road to Recovery, you should to continue to follow the steps you established in the Emergency Response Plan. As in the previous steps, you should be continuously refining and updating the plan, based on the current situation. Flexibility during the Recovery phase continues to be important. Your organisation may look different following all the changes you may have made as a result of the crisis, and your markets may also have changed.

Network computing has enormous implications for marketing to customers on a global basis, as well as hotel operations. Consider the potential for the industry to connect with vendors worldwide for electronic purchasing, potentially achieving economies of scale and leveraging not yet possible. World purchasing functions will allow companies to customize their own catalogs. Virtual channels of distribution using computer networking capabilities will also allow hotel companies to market products and services - some traditional to our industry, others not - to customers whether they are in the hotel, at work, or at home. This will require a migration from today's central reservation systems to tomorrow's customer information systems using network-centric solutions. Development of customer profiles and guest recognition will make it possible for hotel organizations to interact in entirely new ways with customers, regardless of their physical location. Clearly, the large hotel companies will need to be the first to address questions raised by global networking capabilities and what this will mean in terms of technology investment. But for many hospitality companies presently struggling with the high cost of technology and the confusing state of our industry's technology affairs, this will not be an easy task. And the decisions will ultimately become further complicated by the opportunity to outsource certain functions into subscription-based networks. It is unlikely that the hospitality industry will be forced to bear the entire burden for networking infrastructure. Strategic alliances with major technology companies will be the catalysts in building this capability as they become strategic providers of networking capabilities to hospitality and other industries. And as network-centric computing comes of age and a company's proprietary information is stored in cyberspace, security will become an ever-more important issue requiring solutions. Whether it is an e-mail gateway through an internal network or customer access via the Internet, network fire walls and encryption systems will be required to mitigate the concern many will have with system security.

Network computing has enormous implications for marketing to customers on a global basis, as well as hotel operations. Consider the potential for the industry to connect with vendors worldwide for electronic purchasing, potentially achieving economies of scale and leveraging not yet possible. World purchasing functions will allow companies to customize their own catalogs. Virtual channels of distribution using computer networking capabilities will also allow hotel companies to market products and services - some traditional to our industry, others not - to customers whether they are in the hotel, at work, or at home. This will require a migration from today's central reservation systems to tomorrow's customer information systems using network-centric solutions. Development of customer profiles and guest recognition will make it possible for hotel organizations to interact in entirely new ways with customers, regardless of their physical location. Clearly, the large hotel companies will need to be the first to address questions raised by global networking capabilities and what this will mean in terms of technology investment. But for many hospitality companies presently struggling with the high cost of technology and the confusing state of our industry's technology affairs, this will not be an easy task. And the decisions will ultimately become further complicated by the opportunity to outsource certain functions into subscription-based networks. It is unlikely that the hospitality industry will be forced to bear the entire burden for networking infrastructure. Strategic alliances with major technology companies will be the catalysts in building this capability as they become strategic providers of networking capabilities to hospitality and other industries. And as network-centric computing comes of age and a company's proprietary information is stored in cyberspace, security will become an ever-more important issue requiring solutions. Whether it is an e-mail gateway through an internal network or customer access via the Internet, network fire walls and encryption systems will be required to mitigate the concern many will have with system security. In the final analysis, networking solutions will drive down the cost of technology investment "on-property" where hotel real estate and business interests merge. The solutions that hotel organizations will be able to choose from in terms of networking should also be less expensive than the current profile of technology spending. And we can expect that change to occur sooner rather than later, given the present rate of investment in Internet-based technologies.

CCS is taking off now in part because of the IPCC’s 2018 report on 1.5º of global warming.

some governments increased their ambition from a 40% or 50% reduction in emissions by mid-century to net-zero emissions.

“We’ve seen more governments embrace net-zero targets,”

Even without the new policies, three new CCS projects are in development in the U.S., all tied to power plants,

Ten are in development in Europe, equal to the total number now operating in the U.S.

“First, we'll see more carbon capture on natural gas power plants,”

“and in many places the license to operate for natural gas-fired power plants will be dependent on capturing their CO2.”

Second, many projects will capture methane to produce hydrogen, storing the CO2.

Threat actors use multiple channels, both on the surface and deep & dark web (DDW), to discuss and plan disruption and money-making schemes. It’s important to note, too, that the channels used by bad actors evolve all the time as they work to evade detection.

Security teams should certainly pay attention to previous incidents and successful tactics, but must build their strategy around the very latest intelligence.

Guests can use the AI-based devices to control the lighting and operate the television, while avoiding touching light switches and remote controls.

any recovery could depend on how safe guests feel.

“The reality is the pandemic has impacted all of our staffing levels and budgets and forecasts,” said John Edwards, chief information officer at the Denver-based company, which is also known as Red Lion Hotels Corp.

While guests enjoy the convenience of online booking and networking, meeting planners can track the progress of their events via their own set of online dashboards that provide automated email alerts and other tools helping to mitigate the difficulties of managing room blocks and bookings.

Furthermore, it is important to consider the proper dress for the security staff to be in line with the hospitality management philosophy.

Safety is a term which relates to protecting guests and staff within the hotel from the potential hazards, injury, and death by dealing with dangerous materials and different kinds of accidents. In contrast, security regards the protection of property from criminal accidents and terrorist activities.

Providing the highest levels of safety standards and security ensures good marketing for the hotels by preventing an accident before it becomes a major issue causing loss of life and property.

effective information system and being well prepared for emergencies could prevent or minimize loss for the hotels.

four-phase model to plan for the crisis and to deal with the emergencies; this model proposed reduction, readiness, response, and recovery phases to deal with the crisis.

Many practitioners imply that regarding the technology evolution in the last decade, Information Technology has become a fundamental part of the hospitality industry,

the importance of an updated emergency plan

The hospitality industry is one of the most vulnerable industries to crises.

is vulnerable to both internal and external emergencies.

updated regularly, and a direct communication system should be employed to respond to and overcome the crisis.

The importance of continuous emergency training for the employees is also emphasized.

ole of the media, information, and the social media should be reviewed and evaluated continuously

causing negative impacts not only for the hospitality players, but also for the tourists and the local community.

biometric technologies could ensure the hotel security and increase the effectiveness of hotel information systems. This will reduce the costs, improve management of the employee and guest activities, and improve the ability to recognize the criminal activities.

Preparedness and an updated emergency plan with managers' awareness will help the hospitality industry to provide the necessary resources, as well as effective training to avoid or minimize risks. Safety surveillance and security systems are very important to save guests' lives and hospitality properties. These factors can also be used as a marketing tool for guests and meeting planners. Finally, it's very important to understand the crisis emergency frameworks to mitigate effects and be well prepared before the crisis strike, and furthermore, to minimize losses during evacuation when the disaster happens.

susceptible to epidemics movements,

Hotels should issue a check-list concerning a hotel’s vulnerability to emergencies caused by natural disasters (hurricanes, earthquakes, tsunamis) or man-made crises (terrorist attacks, explosions, fires, spill, food poisoning).

This will transmit a positive image: hospitality may gain a lot by using its safety and security as a marketing tool to attract more tourists to the destination.

The hospitality industry has yet to recognize that vulnerability and change the way vehicles approach their properties.

o publicly available intelligence sources indicate that this soft target is on the list of any domestic or foreign terrorist organization.

pending capital on mitigating against this vulnerability (absent any indication it is a target) is a waste of money and only increases hotel and casino costs without any discernible benefit. Those costs will ultimately be borne by hotel and casino customers and I find no indication of a willingness to pay extra for those costs.

The family vacation just became more expensive with minimal, if any, increased security. But most importantly, why would anyone endure that type of intrusive screening at a hotel or casino based on one outlier event?

Before we continue down the route we’re on of an ever-increasing security state, both citizens and politicians need to become better at assessing risk and narrowly but effectively mitigating against that security risk.

Instead, let’s make rational decisions about security based upon legitimate, fact-based risk assessment. And let’s not allow one crazed individual further restrict freedom of movement of ordinary citizens.

With this in mind, your cybersecurity budget should be geared toward identifying the most critical material risks to your organization which could be caused through cyber means—and reducing, mitigating, or transferring those risks.

With the negative impacts that hotels exert on the environment, greater pressure is placed on governments and role players in tourism to reinforce eco-friendlier enterprises and green consumption in hotels (Moreo 2008:1). This compels hotels to demonstrate responsible behaviour to become 'eco-friendly hotels' or 'green hotels', which refers to accommodation establishments that have made a commitment to implementing or following various ecologically-sound practices, such as saving water and energy as well as reducing solid waste

Because hotels exert a negative environmental impact, it is imperative that the management of hotels take action to mitigate their impact on the environment

Within the hotel sector, the areas of concern for the environment include pollution through solid and liquid waste, high energy consumption and the increasing release of greenhouse gases that cause changes in the atmosphere.

Consequently, practices such as recycling of waste, waste management, supplying clean air, energy and water conservation, environmental health, adopting a purchasing policy and environmental education are being considered in various hotels in mitigation of the negative impacts on the environment

Demands from governments or regulators require hotels to implement green practices (Kim & Choi 2013:159). Green practices are ways to use products and methods that would not negatively impact on the environment through pollution or by the depletion of natural resources (Smith & Perks 2010:3). These green practices include sustainable management of water, energy conservation, solid waste management, ensuring air quality, environmental purchasing, community awareness and maintenance of permits (see Table 1).

It is recommended that hotels implement and monitor the progress of the green initiatives in their establishments. The initiatives to be implemented may include any or some of the following:

• Water - Water may be saved by flushing toilets using a flushing system fed from rainwater harvesting. In addition, hotels can use low-flow shower heads and taps to reduce waste.

Energy - Occupancy sensors can be used in hotels so as to use energy in occupied rooms only. Also, hotels can use renewable energies such as solar power and wind energy.

Reuse of linen - Reuse of linens and towels save water, detergent and energy which reduces the release of greenhouse gases. Water saving information cards should be placed in rooms for guests to read.

Solid waste - Recycling is one way by which hotels can begin to participate in waste management. Composting at the establishment is also encouraged. • Air quality - Air filtration can be installed in hotels. In addition, the creation of smoking sections for guests to avoid involuntary exposure to second-hand smoke can also be helpful. • Installation of green roofs improves air quality, which includes the use of recycled material in the growing medium. • Environmental purchasing - Hotels should avoid procuring plastic-based packaging, which contributes to high levels of pollution and should rather use paper bags made from recycled products.

This research study determined the environmentally friendly practices adopted in 3- to 5-star-graded hotels in Zimbabwe and South Africa.

Against this background, this study was conducted to examine issues relating to environmentally-friendly practices of hotels in these two developing countries

today as comparable to trench warfare in World War I.

First, no company has all of the resources to fix every cybersecurity issue, and not all fixes are equally important.

starting with a company’s most critical business activities and how cyber attacks could disrupt them that one can start to prioritize this whole process of risk mitigation.

skip the ste

focusing on individual technologies t

without ever addressing the fundamental issue, which is protecting the business activities for which the computers were procured.

hey translate in their minds being compliant with requirements as equivalent to being adequately protected.

nds up actually diminishing the security of these companies, as opposed to achieving its goal of increasing protection.

cybersecurity has been, it’s come out of the technology department.

versus one that’s related to any other complex business risk that a company might face.

eally large cybersecurity budgets, don’t nearly get the cyber protection benefit that they should, given the dollars that they spend.

with r

Another avenue that companies can take is, is there anything about the business that the company is in, the way in which it operates, that might attract some sort of attacker.

And that really starts with looking at cyber risks as a business risk that could come and occur as a result of a cyber attack.

to help quantify what those risks are, and bringing an IT department and your cybersecurity resources to understand what the threat environment might by that might affect those risks in some way or make them to come about.

this perception on the part of non-technical business leaders that the cybersecurity field is so complex, so impenetrable that they would never be able to understand

And so, the cybersecurity team decided to put the network used for the development of new automobiles inside their corporate network, because they thought, ah, at attacker would need to go through two networks in order to be able to then steal information.

cybersecurity people had no idea how the companies that they worked for actually design cars, and so they proposed security mechanisms that both interfered with work and ended up resulting in the company being more vulnerable because all of these outsiders now had complete access to the corporate intranet globally.

You know, we’ve found that cybersecurity writ large is full of platitudes that seem obvious and compelling at first read, but if you think about them more thoughtfully, they’re sometimes misinformed.

, informing employees about the cybersecurity implications of their own work

but also who your adversaries are. H

$3 million a year on cyber threat intelligence.

In all areas of risk, whether it be financial risk, physical risk, or cyberrisk, there are no guarantees that what you do will be sufficient to fend off the attack that you actually face.

, you need to have cybersecurity reviews as you change your business, just like you look at other risks when you’re making changes to your business.

Based on our experience, when a company is looking for a home for the cybersecurity organization, they should first look at where their most significant cyber risks reside.

A company needs to have the technical capabilities to respond to the most likely forms of cyber attack on their most critical business activities.

instead of telling me what vulnerabilities need to be fixed with whatever priority

One great example of an AI concierge is Hilton World wide’s Connie, the first true AI-powered concierge bot.

Connie is powered by IBM’s Watson AI and uses the Way Blazer travel database.

it can learn and adapt

Mezi,

It talks about bringing on a concept of bleisure (business+leisure) to address the needs of the workforce.

With AI and NLP, Mezi collects individual preferences and generates personalised suggestions

Lola.com provides on-demand travel services

instantly connect people to their team of travel agents

Chatbot technology

Skyscanner is just one example, creating an intelligent bot to help consumers find flights in Facebook Messenger.

Deutsche Lufthansa’s bot Mildred

connecting with consumers in their own time and in the social media spaces they most frequently visit.

Aero Mexico started using Facebook Messenger chatbot to answer very generic customer questions.

80 percent

KLM Royal Dutch Airlines uses AI to respond to the queries of customers on Twitter and Facebook.

Digital Genius,

Trivago acquired Hamburg, Germany machine learning startup Tripl as it ramps up its product with recommendation and personalisation technology,

voice-activated search,

customer-centric

trends in users’ social media activities

customised pictures and text

KePSLA’s travel recommendation platform is one of the first in the world to do this by using deep learning and NLP solutions.

Dorchester Collection is another hotel chain to make use of AI.

analyse customer behaviour deeply in the form of raw data.

Metis.

surveys and reviews

measure performance and instantly discover what really matters to guests.

intelligent algorithms that monitor and send out timely alerts with hot deals are currently in high demand in the travel industry.

The AltexSoft data science team has built such an innovative fare predictor tool for one of their clients, a global online travel agency, Fareboom.com.

elf-learning algorithm, capable of predicting future price movements

automated disruption management is somewhat different.

time-sensitive task, requiring instant response.

predict such disruptions and efficiently mitigate the loss

4site tool, built by Cornerstone Information Systems

Thus, Amadeus, one of the leading global distribution systems (GDS), has introduced a Schedule Recovery system,

AI could start to infiltrate business travel even more so than leisure in the next 12 months.

request travel recommendations and random suggestions.

Trends, outliers, and patterns are figured out using machine learning-based algorithms that help in guiding a travel or hospitality company to make informed decisions.

Due to the greater need for structure and less of a desire for discovery, it certainly makes sense that AI would be more suited to business travellers.

it could help to simplify the booking process for companies, and help eliminate discrepancies around employee expenses.

The travel and hospitality industry transformation will morph into experience-driven and asset-light business, and wide adoption of AI will usher a new-age customer experience and set a benchmark for other industries to emulate.

A hot site is the most expensive option but requires the least amount of time to get back to capacity following a disaster.

Its important to stay up to date on policy changes to ensure you are protecting both the business and business stakeholders.

Monitoring, reporting and testing your business's backup solution are all best practices to mitigate the risk of data loss for your business.

Then, ask yourself, “What does our company have in place to mitigate our exposures?”

Do we have an effective privacy policy?

Do we have an effective privacy-breach response plan?

Do we continuously test our disaster-response and business-continuity plans?

Franchise concerns

Franchise agreements should address several important data-security concerns, cyber-insurance, breach notification and PCI (payment card industry) compliance.

Franchise agreements should require franchisees to purchase a specified amount of cyber insurance coverage in the event of a data breach.

In addition, the franchisee should be required to promptly notify the franchisor of all breaches in security and immediately notify the franchisor of all breaches of sensitive information.

The franchisor may also want to consider being notified of any impermissible uses or disclosures

Cyber attack realities The ramifications of a cyber breach could be both financially and operationally catastrophic to any hospitality company. Losses could include costs associated with litigation expenses and fines as well as defense. The cost of business interruption and loss of income could be debilitating.

No matter how a hotel stores its data, operators will always be liable for securing it on some level. This is particularly true for PCI compliance, as hotels still physically handle credit cards properly and store guests’ card data well locally.

In general, hosted environments, whether multi tenanted or dedicated, reduce some of the operational load of your IT team in various ways, dependent on the level of interaction coming from your data partner. A fully managed implementation could absolve hoteliers from overseeing updates, watching alerts for threat monitoring, and more. These systems also give operators the benefit of accessing their systems from anywhere, often through and ideally via browser-based user interfaces.

While our team was aware that the potential for things to go wrong existed, they focused on delivering value and service to clients and end users, which was the driving force that motivated the team during and following the process.

SaaS benefits users across the board, including compliance, security, scalability, redundancy and cost efficiencies.

SaaS solutions offer tremendous savings, from both a cost and human labor perspective.

Companies can enjoy flexible pricing models and choose to pay as they go, use a subscription-based model or handpick the features they desire.

SaaS subscribers benefit from a more secure, constantly monitored environment and from on-demand rapid development and break-fix protocols.

added level of security SaaS models provide around an organization’s proprietary data as well as rapid development and innovation.

SaaS solutions create significant efficiencies by enabling self-service and personalization that is driven by the user.

Be resolute in the value proposition your customers and end users will experience after transitioning.

you must be regimented in communicating the value of making the transition while creating transparency to ensure that clients are informed, heard and happy.

• Make customers aware of potential risks. 

Be transparent about any drawbacks or material risks customers will experience by sticking with dated infrastructures and approaches.

• Don’t be bashful about a sense of urgency.

The fear of transition and change was far outweighed by the security and service risks that had previously been invisible to our client base.

In today’s complex world, providers must prioritize the needs of their customers as well as mitigate their risks.

SaaS solutions are the way of the future, maximizing a client’s benefits as well as their risk mitigation.