Skip to main content

Home/ Hospitality Technology/ Group items tagged passwords

Rss Feed Group items tagged

Qianlin Wang

Data Security Basics: Five Security Issues All Hotel Operators Need to Know | hospitali... - 0 views

  • This article looks at the top five issues facing hotel operators and what actionable steps can be taken to decrease the likelihood that your business will be stung by data thieves.
  • Franchise operators need to be aware, however, that an improperly configured RMA is vulnerable to data compromise attack by hackers. 
  • Transaction volume, brand recognition and the potential for sensitive data retention are all factors that make hotels (particularly franchise networks) juicy targets for hackers seeking to exploit insecure networks via the Internet. 
  • ...3 more annotations...
  • Hotel operators need to know that passwords, designed to keep criminals out, can also be a vulnerability in the absence of proper controls
  • Thanks to wireless networks, guests can speed though the check-in process, expedite valet parking and send room service orders directly to the kitchen.  At the same time, hotel operators should recognize that criminals can leverage improperly secured wireless networks to steal cardholder data and should implement strategies to thwart these efforts. 
  • Despite all best efforts, data compromise events can occur and every hotel operator should have a plan in place. Prompt action must be taken by hotels or restaurants that have experienced a suspected or confirmed security breach to help prevent additional exposure of cardholder data and ensure compliance with the data security requirements. 
  •  
    The article discusses five issues that hotel operations are facing, and how to decrease these issues in regards to data thieves. The first security issue discussed is "Remote Access", the article states "Many hotel operators and franchisors use remote management applications (RMAs)". This enable easy access to manage multiple locations downloads; conduct sales polls, and other systems within multiple companies. A advices to remote control issues are to change vendor default settings, in which you can create unique user IDs and complex passwords. Another advice is to "Configure the RMA", in which users are only allowed to connect to known MAC/IP. I personally don't think that creating a unique ID or account password may solve this issue, but allowing connection capability to a set IP/MAC is a wise intake. Although being able to just connect to a set MAC, will cause a limit on where and when you connect. The second security issue is "Network Security", many transaction volumes are being exposed, brand recognition as well; and that attract hackers. In order to reduce this problem, it is suggested that companies need to install and maintain a fire wall at all time. I agree with this other suggestion which is to Use outside resources to help identify new security vulnerabilities. This is great, because a company will be able to receive an outside outlook in regards to security. The last three issues that are on this list are: Password Management, Wireless Security, and Incident Response Plan. Overall it's evident that any system that has a password requirement is causing a major attraction towards security thieves. The suggestions within this article are great, but from my observation; many companies will have to put in time to track and monitor their systems. Systems can't allow to be left open without monitoring, and the internet is a lead way to all this, so any system that requires the internet must be monitored, and protected.
  •  
    Technology enables service. That's the idea, anyway. In the hotel industry, thousands of companies worldwide provide hundreds of software applications to help hotels and hotel companies manage operations to provide better guest service. However, the hospitality industry continues to find itself targeted for damaging data compromise events by hackers. There are some good ways to decrease the attack of hackers. For example, Remote Access, many hotel operators and franchisors use remote management applications (RMAs).  Their ease of use in managing multiple locations makes them ideally suited to disseminate business downloads, conduct sales polls or survey inventory. RMAs are often packaged from vendors with default or blank passwords. Creating unique user IDs and complex passwords can reduce the risk of data compromise and help facilitate compliance with the Payment Card Industry Data Security Standards (PCI DSS). Another example is about Network Security, transaction volume, brand recognition and the potential for sensitive data retention are all factors that make hotels (particularly franchise networks) juicy targets for hackers seeking to exploit insecure networks via the Internet. The hotel can install and maintain a firewall at all times.  Disabling a firewall can put a business at heightened risk of Internet attacks and potential system compromise.
guanhuahao

Top Cybersecurity Tools for Business - 0 views

  • All cyber threats are not equal. Some may hold your data for ransom, while others may destroy your information for good.
  • Digital tech analysis firm Juniper Research predict that the cost of data breaches will rise from $3 trillion annually to over $5 trillion in 2024.
  • organizations should look to Next Generation Anti-Virus solutions (NGAV) to protect their assets. NGAV takes traditional AV and then adds advanced analytics, behavioral analysis powered in real-time by large scale cloud back-ends to thwart known and unknown attacks. Leading NGAV solutions include Sentinel One, Carbon Black, and CrowdStrike.
  • ...16 more annotations...
  • The National Institute of Standards and Technology (NIST) offers cybersecurity guidelines for best practices to manage cyber risk. These include identify, protect, detect, respond and recover. Another resource is the NCSA’s national program, CyberSecure My Business.
  • Firewall Often referred to as a company's "first line of defense," a firewall is a security control that filters and screens network traffic entering and exiting your corporate network.
  • People can rely on the password manager to create and store dozens of passwords in an encrypted database without having to remember them.
  • Password managers are quite helpful, and some are even free.
  • store the first part of sensitive site passwords
  • but keep the last few digits memorized and fill them manually.
  • This way, if there is ever a compromise of the password database, hackers don't have those full passwords.
  • You should also consider implementing multi-factor authentication (MFA). MFA authentication uses more than one thing or "factor" to log you in
  • , biometrics is part of this last category
  • SPAM & Malware filters screen email for unwanted and dangerous elements, blocking them before they ever reach your users.
  • In the world of cybersecurity, there's a phrase, "humans are the weakest link." An employee who accidentally clicks on the wrong link or email attachment can put in motion a chain of events that results in a cyber breach. Security awareness training is an anti-phishing tactic all organizations should employ.
  • RDP access must be protected by a VPN connection.
  • reduce the risk of getting hacked is to ensure your systems and software are updated regularly, or "patched.
  • patching shouldn't end with the operating system. Your patch program should also look to patch all other applications running on your systems
  • regardless of the security tools implemented to prevent a data breach, you should plan for a compromise occurring.  
  • That's where 24/7/365 network and endpoint monitoring comes in
  •  
    Cyber attacks open more and more often and varied since cybercriminals are becoming more cunning and their methods more challenging to detect. This article introduces some types of strategies implemented to protect companies' businesses from cyber threats and cybercriminals. Including using Anti-virus software, firewalls, password managers (very useful while some even free), VPN, patch management program which not only for operating program but also for other applications running on your system, consider the email SPAM/Malware filters and security awareness training for the employee since "humans are the weakest link." An employee who accidentally clicks on the wrong link can put in motion a chain of events that results in a cyber breach. Finally, plan a 24/7/365 network and endpoint monitoring.
davidclark33

Coronavirus cybercrime can attack your restaurant system, too | National Restaurant Ass... - 0 views

  • Protecting your business from a data breach is a constant struggle, and it’s even more important during a disaster.
  • Eliot, director of education and strategic initiatives for the NCSA, says cyber incidents and attacks, such as coronavirus-themed email phishing scams, increased as much as 300% to 350% in the first quarter of 2020 and adds that cyber scammers are now trying to target restaurant companies in particular.
  • Cybercriminals have mostly directed malicious emails at telework employees or people donating time and money to those impacted by coronavirus. “We're seeing a huge increase of cyber-related scams promoting coronavirus information or relief efforts. “It’s a big issue.”
  • ...4 more annotations...
  • The PCI Security Standards Council claims that since March, malicious virus-related reports are up 475%. The reason for the uptick is that cybercriminals are trying to take advantage of rapid changes to the payment-card data environment. In addition, 41% of small businesses have said they’ve suffered breaches costing more than $50,000 to fix.
  • Contactless payment is one of the big changes within the payment data environment. Several restaurant companies – from chains to independents – are offering it because it reduces customers' physical interaction with the restaurant's POS system. As part of this move, some businesses have eliminated credit-card PIN numbers.
  • Eliot says malicious email is usually the easiest way for cybercriminals to access your networks. The emails typically show up as urgent requests for sensitive information, often pretending to be from the Small Business Administration or the Centers for Disease Control and Prevention. When the intended victim types in his or her credentials and clicks on a specific link or downloads an attachment, criminals are in.
  • Anyone looking for easy-to-implement security tips can try these six to start. Reduce areas where payment-card data is stored. The best way to protect against a data breach is to avoid storing any card information at all. With many small operators offering curbside pickup and accepting payment over the phone instead of through face-to-face transactions, it’s important they train employees not to write down payment card details. Instead, have them enter numbers directly into a secure terminal. Use strong passwords. Using weak and default passwords is one of the leading causes of payment data breaches among businesses. Effective passwords must be strong and updated regularly. The most recent guidance is: the longer, the better. Think of it almost as a “passphrase” rather than a password. Use it in the form of a sentence, but mix in different characters within the phrase. It’s much harder to break a long passphrase than it is a short, complex password. Weak and vendor default passwords often result in small business data breaches. Also, don’t repeat your passwords. Update your software often. Criminals look for outdated software to exploit flaws in unpatched systems. Timely installations of security patches are crucial to minimizing the risk of a breach. Whenever updates are available, use them. They will improve performance and close out some of the vulnerabilities cybercriminals are searching for. Enable two-factor authentication. It's so important for restaurateurs, especially where their POS systems or any of their sensitive databases are concerned, to have two-factor or multi-factor authentication enabled. If an instance where credentials are stolen occurs, there will be a second layer of verification the operator can rely on to potentially reduce the chances that information will be breached. Segment your networks. If you are going to store payment data, make sure your POS system has its own separate, secure network. Do not store sensitive documents on public cloud services such as Google Docs or DropBox. If you’re going to store sensitive documents, house them in an encrypted, locked down location.   Be hyper-vigilant. Criminals are going to try to take advantage of this pandemic situation as much as possible. You can protect yourself by not giving out sensitive information, especially within unsolicited emails. Don’t click on links you’re not expecting and do everything in your power to protect all sensitive information.
  •  
    This article is about data breaching and cyber crime in the restaurant business. The article specifically talks about the increase in cyber crime during a crisis, and in this case, a pandemic. It talks about contactless payment as a great form of protection for restaurants as well as customers. At the end of the article, it lists six easy to implement security tips.
mmoutsatsos

Nail The Basics Of Cybersecurity With Multifactor Authentication (MFA) - 0 views

  • When it comes to the basics of cybersecurity, nothing is so elemental as the password.
  • the simple password has endured as the first and last guardian of consumer and business data. 
  • But with the rise of sophisticated hacking techniques, passwords alone can no longer protect against unauthorized access and security attacks.
  • ...22 more annotations...
  • Enter multifactor authentication (MFA). By adding extra layers of security to a user's login process and requiring they enter two or more pieces of evidence (e.g., factors) to prove they are who they say they are,
  • MFA is a great method for boosting protection against everyday threats like credential stuffing, phishing attacks and account takeovers.
  • 1. Passwords alone are no longer enough to protect against security attacks.
  • it's critical every company apply effective security measures to protect their data.
  • to protect business and customer data, it begins and ends with preventing unauthorized account access.
  • MFA is the most direct and effective way to do that.
  • A familiar example of MFA at work is the two factors needed to withdraw money from an ATM.
  • Your ATM card is the something that you have, and your PIN is the something you know.
  • companies can require all employees to verify their identities with two or more pieces of evidence to prove they are who they say they are.
  • 2. Companies around the world (from Fortune 500s to small businesses) are feeling the urgency to adopt MFA — but a knowledge gap persists.
  • It's imperative companies invest in training employees on how using MFA is essential to securing access to both work and personal accounts.
  • industries in our everyday lives — led by social media platforms and financial services — requiring consumers use MFA to secure their personal accounts, both businesses and employees are normalizing the everyday routine of MFA. 
  • make the connection between security at work and in their personal lives and understanding they're two sides of the same coin.
  • 3. MFA adoption can seem overwhelming, but it doesn't have to be.
  • By recognizing any technical, change management and financial challenges to user adoption, committing to open communication, and providing the resources and training your employees need, any business can conquer that fear of the unknown. 
  • When adopting MFA, prioritize identifying the strongest and most user-friendly authentication method possible for your organization.
  • that means using an authenticator generator app, a hardware security key or a combination.
  • the reality is a large percentage of U.S.-based employees are also consumers with a smartphone in their pocket.
  • on that phone, the employee is already using multiple apps that require MFA.
  • 4. Balance security with ease of use when identifying a preferred authentication method for your organization
  • With options like hardware keys, you often see employees run into issues losing, replacing or breaking them. But a (TOTP) mobile app can be continuously updated in ways that make the MFA process more seamless (e.g, an app that verifies automatically from trusted locations like an employee's home office).
  • authenticator apps on devices like iPhones have the added benefit of extra layers of security at the phone level like PINs and biometrics like Face ID.
  •  
    This article talks about companies transitioning to multifactor authentication as an added layer of protection of cybersecurity.
anonymous

11 Tips to Improve Your Restaurant's Cyber Security in the COVID-19 Era | FSR magazine - 0 views

  • wealth of client data on tap from places with lax security
  • unknowingly serve credit card data to hackers. Due to the volume of credit card transactions and CRM data available, restaurants need to take cybersecurity seriously before a criminal gets wind of the vulnerability
  • A hacker only needs to gain access to a restaurant's POS system and install malware to steal customer credit card details.
  • ...20 more annotations...
  • Take Chipotle, for example. The company got devalued by about $400 million after they suffered a data breach.
    • anonymous
       
      Major consequences for restaurants if discovered as the link
  • because most go belly up six months after an attack.
  • Unprotected WiFi
  • Criminals pretend to be from the U.S. government and inform targets their COVID-19 stimulus check is ready, but they would need to verify the details of the recipient first before they can send it.
    • anonymous
       
      Low level scammer
  • CRM software data, which may include names, addresses, and even birthdays. One of the most common ways to achieve this sort of attack is via malware (malicious software). Hackers find a vulnerable backdoor to a restaurant's network to install malware on the POS system. Malicious code then records every transaction and every detail, sending it back to the criminal's server over the internet.
  • GrubHub drivers scam both the restaurants and the customers by marking the deliveries as complete and pocketing the tip money, without bothering even to pick up the order from the establishment.
    • anonymous
       
      AHHHH
  • Businesses are scrambling to find suppliers amidst the chaos, and criminals have been taking advantage of the confusion
  • Scammers are posing as representatives from the World Health Organization (WHO), the Center for Disease Control (CDC), and other public health agencies
  • social engineering on the restaurant staff to pull off phishing attacks.
  • PCI compliant.
  • conduct a risk analysis
  • hiring a security expert either full time or as a consultan
  • Secure your network and always change the free WiFi access point's password with a strong one every day.
  • latest operating system updates
  • Force multi-factor authentication
  • strong passwords
  • Ensure sensitive data encryption
  • web-filter to secure your WiFi network
  • Install a robust security software program on all computers and devices to block, detect, and clean malware.
  • Conduct regular cybersecurity training
  •  
    Restaurants have always been an easy target for cyber security hackers, in particular, hackers who are looking for credit card and ID information. Restaurants provide hackers with a "wealth of client data" due to the high "volume of credit card transactions and CRM data available." Once given access, a hacker could simple install malware and duplicate all customer information. Already facing critical financial issues during Covid 19, restaurants large and small need to take a stronger presence in the protection of their data. If discovered to be the start of a breach, customers will tend to avoid that business. "Chipotle, for example...got devalued by about $400 million after they suffered a breach," and many small restaurants "go belly up six months after an attack." Below is a summary of the types of attachs restaurants face: 1. Unprotected Wifi 2. Social engineering and phishing attacks. This is actually the one that stood out to me the most because of how sophisticated these attacks can be. It is a reminder that we are all at risk, both the technologically challenged and gifted. 3. Malware 4. Covid 19 Scams 5. Grub hub scams 6. Supply chain scams *A particular issue for restaurants and commercial businesses right now as companies scramble to find new vendors who can supply them with the products they require. 7. Public Health scams 8. Government Stimulus scams 9. Technical support scams How can we fight against these? Here are the recommendations: 1. PCI compliance 2. Hire and IT security professional to conduct a risk analysis and if possible, keep on as a consultant or full time 3. Keep a secure network and change free passwords daily 4. Use the latest operating systems, force multi-factor authentication, strong passwords, and use encryption services for data storage and transfers 5. Install and use robust web-filters and security software programs 6. Maybe most important!!! Train your employees. 5.
Gabriela Moreno

5 pressing hotel security concerns for 2012 - 2 views

  • areas of top concern for 2012, the usual suspects still top the list: information-technology breaches and terrorism, hoteliers said.
  • 1. IT
  • 2. Terrorism
  • ...9 more annotations...
  • 5. Security as taboo
  • 3. Skimmers
  • 4. Liability and insurance fraud
  • A related threat is that of “skimmers,” or devices that catch credit card numbers when consumers use them for payment. The problem primarily is contained to the restaurant industry, but Callaghan is concerned it could spread to hotels.
  • Ironically, one of the main reasons terrorism tops the list is because it has become less of an issue in recent years, sources said.
  • “The greatest business risk, as I see it … is insurance fraud. And it’s the most expensive,” he said.
  • The hot-button issue within the realm of hotel-information technology is mobile and cloud technology.
  • “Liability” as a general label refers to hoteliers being held liable for the acts, which are often criminal, of third parties, the AH&LA’s Callaghan said.
  • “Security” still is something of a taboo in the global hotel industry, said Paul Moxness VP for corporate safety and security at The Rezidor Hotel Group, a Brussels-based hotel management company, with more than 400 hotels and nearly 90,000 rooms in its portfolio.
  •  
    1. IT The hot-button issue within the realm of hotel-information technology is mobile and cloud technology.A company could have tens of thousands of smartphones or laptops in the field at any given point-each a potential gateway to hackers and other criminals. To the problem the core principle is to provide end-to-end data protection with looking at cost and benefit and how it's supports the business. 2. Terrorism Ironically, one of the main reasons terrorism tops the list is because it has become less of an issue in recent years.Hoteliers need to keep their staffs and travelers mindful of possible threats, but they don't want to scare them. 3. Skimmers A related threat is that of "skimmers," or devices that catch credit card numbers when consumers use them for payment.The best prevention measure is to have an investigative team or third party on hand and making that known to employees. 4. Liability and insurance fraud These two related issues can double, triple, quadruple and quintuple corporate insurance premiums in the blink of an eye. The advisement is hoteliers to educate themselves on the issue, consulting with an attorney, if necessary. 5. Security as taboo "Security" still is something of a taboo in the global hotel industry.Hoteliers need to do a better job of "turning on the light" by talking about security openly and regularly at staff and association meetings, and hotel executives should insist their GMs make security a priority
  • ...9 more comments...
  •  
    The first security matter that is brought up in this article is the cloud computing mobile devices on cell phones and laptops. With each device its own danger center of being hacked into a company's systems. The second point is "terrorists." Even though there has not been an issue with terrorists for about 10 years now it is still a big issue. According to the article companies are slacking on being vigilant because of the lack of activity.The third is what are know as skimmers, they are devices that gather information like credit card numbers.The last two issues are liability and security itself. Hotels claim to have security matters under control but when it comes to it, it is for show. Hotels need to buckle down on their security measures.
  •  
    "Terrorism and information technology breaches are familiar areas of concern on hotel security professionals' 2012 to-do lists."
  •  
    This article talked about five important hotel security concerns in 2012. As more and more new technology applied in the hospitality industry, IT professionals now face with challenges and risks associated with the new technology. When asked for the areas of top concern for 2012, hoteliers consider the usual suspects still top the list: information-technology breaches and terrorism. Hoteliers interviewed for this report recommended focusing on t five areas during 2012. The first concern is IT. The hot-button issue within the realm of hotel-information technology is mobile and cloud technology. Hotels have to protect data and information, especially the financial data. The second concern is Terrorism. Hoteliers need to keep their staffs and travelers mindful of possible threats, but they don't want to scare them. Thirdly, a related threat is that of "skimmers," or devices that catch credit card numbers when consumers use them for payment. The problem primarily is contained to the restaurant industry, but it could spread to hotels. The forth is Liability and insurance fraud. These two related issues can double, triple, quadruple and quintuple corporate insurance premiums in the blink of an eye. The fifth concern: Security as taboo. "Security" still is something of a taboo in the global hotel industry. Hoteliers need to do a better job of "turning on the light" by talking about security openly and regularly at staff and association meetings
  •  
    In the top 5 hotel security concerns, number 1 is IT Security. Many businesses now are working off of laptops and smartphones which is making it easier for hackers to get in to and steal information. The same goes for hotels which are becoming more hands-free, eco-friendly which is working off of computers. The hotel industries are spending more and more money on making sure that they are secure from any hackers logging in to their computers to get their guests information.
  •  
    When thinking about hotel security we do not necessarily jump to anything other than terrorism or things like that but in this article it talks about five different things that can be issues in hotel security. IT is a large issue due to mobile and cloud technology. There are so many devices used that it is easy for hackers to get in the system. Terrorism is of course an issue even though it is not so prominent as it has been in the past. Skimmers are becoming more popular in hotels and restaurants having someone working on the inside who swipes the credit card though a machine before processing the payment to take all of the information off of it. Liability and Insurance Fraud can be something as little as stubbing a toe to a large workers comp case. This is the most expensive security issue hotels face. Security is still taboo in hotels because it scares some guests but at the same time once one thing happens all of the bad things will happen. If nothing happens than it will stay like that.
  •  
    This article makes great points that we do not think about as normal people. Before taking this class I would never think of all of these issues that could be happening to me while at a hotel or restaurant but anything is possible.
  •  
    This article really made me think outside the box in order to enhance security, specially when in regards to IT, skimmers and liability/insurance fraud. All too common are people looking for ways to beat the system, we hear about it constantly but don't pay attention. From worker claiming worker's comp, foreign fingers and hazardous items in food, to Publix's ATM being the victims of attached skimmers and hackers attacking sensitive information transmitted by the world wide web. The best solution is to be proactive with training and technology and the benefits of being ahead of the curve.
  •  
    Great Article...hotel security is so important not only for the company but also for its stakeholders and consumers. It is the responsibility of the company to ensure that the correct steps are in placed to ensure guests and company information is secure. At my current job, it is my responsibility to ensure that employees are not utilizing credit card devices to catch customer's credit card information. We also address any possible theft concerns with the employees to ensure these issues are avoided.
  •  
    Great Article- There are so many security issues that we usually don't think about on a daily bases and this article highlights them well. Terrorism is something that has become rather laxed over the the last five years and usually the last security concern in the hospitality industry instead of the first that we process as a true risk. Concerns should also be focus on liability and insurance fraud from both guest as well as employees; a slip and fall and bed bugs can result in costly lawsuits.
  •  
    1. ITAccording to the article, most mobile devices that are used for business are unprotected. Meaning that the devices if the device even have a password and if it does the password is not very complex. There could be thousands of employees accessing company information via the cloud through unprotected smart phones or other mobile devices. This could organizations at risk to hackers and other criminals  2.  TerrorismAlthough terrorist threats are less of a concern nowadays, that does not mean hotel managers should discontinue stressing the importance of security within their establishments. Keeping employees aware and diligent can prove to be a delicate assignment but it is a necessary of part of maintaining a safe work environment in the twenty-first century. 3.  SkimmersSkimmers are devices that steal credit card numbers when consumers use them for payment. Unfortunately, it is most commonly an employee on the inside who is committing the crime.  A third party investigation team will be needed to prove who is stealing from the establishment.  4. Liability and Insurance FraudCombined, these two issues could sky rocket a company's insurance costs through the roof. It is crucial that hoteliers be aware of the legal system and educates themselves on issues concerning liability. Both patrons and employees alike could potentially file claims against an establishment and entitlements can quickly get out of hand.    5.  SecurityDespite the best security measures, there is always the possibility of unforeseen danger. This fear of the unknown is a concern for hotel workers. To confront this fear of the unknown managers must regularly and openly discuss security with employees.  Security should be held as a top priority. 
  •  
    This article discusses five main concerns brought on by the current state of hotel security. I must say that some of this information surprised me. Something that especially surprised me was learning that mobile devices that are used for business hardly use passwords. The article states, "Amplifying the problem is the sheer number of devices, he added. A company could have tens of thousands of smartphones or laptops in the field at any given point-each a potential gateway to hackers and other criminals." This piece of information is very unsettling to me. How could such valuable information not be protected? The article suggests the solution to this problem is PCI DSS. Terrorism as number two on this list also surprised me because that is not something that would first come to mind for me. The article states that it is ironically on the list for becoming less of an issue. I suppose this reminds hoteliers to never let their guard down when it comes to issues of safety and security within the hotel. However, "skimmers" and liability on this list does not really surprise me. The article suggests that hoteliers be educated about these issues to protect the hotel against them.
JIACHEN LI

Study: Hotel network security lacking - SC Magazine - 0 views

  • Most U.S hotels are vulnerable to malicious attacks and are "ill prepared" to protect their guests from internet security problems, claims a study published by Cornell University
  • hotels
  • having a robust set of firewalls that are managed and properly configured, splitting networks, and educating staff of the importance of security standards.
  • ...3 more annotations...
  • Ogle recommended that all hotels use Wi-Fi Protected Access (WPA) encryption,
  • For guests, Ogle recommended connecting to the internet using a Virtual Private Network (VPN)
  • ted anti-virus and firewall software and making sure each secured website starts with “https://” rather than “http://”. The danger of not securing a
  •  
    The Article attached to this link reports commun issues found in hotel internet networks. The author mentions a study conducted with 38 hotels. It resulted that 33 out of the 38 hotels had flaws in their network configuration and allowed the researcher to access unauthorized information via the internet. We all understand that reliable internet connectivity is a priority for guests and business travelers; however, security is a concern that can't be neglected. Another reason to be concerned is that so many softwares and applications are stored via internet. Adding a password is a simple measure that every business should consider. Network issues cold not only hinder guests but the hotel as well.
  • ...1 more comment...
  •  
    Nowadays, since many business travelers connect remotely to continue working while on the road, the potential for theft of corporate information exists. Some hotels still rely on relatively rudimentary hub technology for their networks, and these are particularly subject to hacking. Tested by Ogle, most hotels are lacking of security and responsibility for the safety when guest searching internet. Guests' information is easy for the hackers to steal, which means when we use the network in the hotel, we are almost peeped by other people we are unknown. Such a terrible thing! Hotel should increase its network's security, a hotel could potentially be considered at fault for not taking the necessary precautions to protect their guests from hackers. Based on this article, hotels can use Wi-Fi Protected Access (WPA) encryption, the password can provide kind of base wall to protect security. What is more, it is necessary that having a robust set of firewalls that are managed and properly configured, and educating staff of the importance of security standards.
  •  
    According to the research by Cornell University, most US hotels are vulnerable to hackers. There are two main reasons contribute to the issue. One is the flaws in many hotels' network topology, making it possible for customers to lose their privacy. The other is careless employees provide access information to help hackers' breach. Ogle thought that WPA encryption, VPN and training employees are good ways to solve the problems. I think that if the computer networks of hotel are weak, the guests' password, email message or other private information will not be protected, and they will even suffer loss. So it is important for a hotel to use different measures as Ogle recommended to ensure the safety of the computer network.
  •  
    this article is talking about the problem on the hotel network security. a author from the Cornell university said he tested wireless network at 38 hotels at the same time. he found that most hotels were easy to break into. moreover, as long as you use the Linux distribution BackTrack and a high-power wireless card and high-gain omnidirectional antenna, you can break into the hotel guest network and then get the password, email message and the website people are viewing. importantly, this procedure just cost 100$. this is full of loopholes. hotel manager should pay more attention on this problem. at the end of the article, the author recommend a security app called Wi-Fi Protected Access encryption. this app require the guest to enter the password if the guest wants to surf the internet.also, he recommend connecting to the internet using a Virtual Private Network (VPN), having updated anti-virus and firewall software and making sure each secured website starts with "https://" rather than "http://".
natalieemmanuel

Point-of-sale malware has now infected over 1,000 companies in US | Ars Technica - 0 views

  • According to the US-CERT advisory, the group behind the Backoff malware operation scanned the Internet to find potential victims by detecting installations of the remote-desktop software frequently used by service providers to manage the point-of-sale systems of their retail clients. The attackers look for remote desktop solutions like Microsoft’s Remote Desktop, Apple's Remote Desktop, Chrome Remote Desktop, Splashtop 2, Pulseway, and LogMeIn, according to the advisory. Once a potential target is identified, the group uses the equivalent of a digital sledgehammer, attempting to break into the system using a list of common passwords.
  • Such techniques are a common threat to small retail businesses, according to Trustwave, who helped the government agencies in their analysis of and response to the 'Backoff' program. A third of cybercrime attacks on businesses focused on the point-of-sales systems in 2013, according to the company's 2013 Global Security Report. In 31 percent of incidents, attackers exploited weak passwords to gain access to targeted systems
  •  
    It is hard to forget how thousands of Target customers financial information was compromised last year due to a breach in security of the company's POS. Target is not the only company that has been infected with this program that steals credit and debit card information. Actually, there have been more than a thousand businesses affected by this malware that has come to be called "Backoff." The malware targets POS systems and has stolen millions of credit card numbers as well as personal information on millions of customers. A large majority of cybercrime is focused on attacking business's POS systems. The malware attacks systems by going through a list of common passwords until it is able to hack the system. "Backoff" then disguises itself as a compatible Java component and collects credit card information. However, Apple has recently announced Apple Pay and many believe this can diminish a lot of cybercrime.
  •  
    It is hard to forget how thousands of Target customers financial information was compromised last year due to a breach in security of the company's POS. Target is not the only company that has been infected with this program that steals credit and debit card information. Actually, there have been more than a thousand businesses affected by this malware that has come to be called "Backoff." The malware targets POS systems and has stolen millions of credit card numbers as well as personal information on millions of customers. A large majority of cybercrime is focused on attacking business's POS systems. The malware attacks systems by going through a list of common passwords until it is able to hack the system. "Backoff" then disguises itself as a compatible Java component and collects credit card information. However, Apple has recently announced Apple Pay and many believe this can diminish a lot of cybercrime.
kabir joshi

Hotels taking steps to improve data protection - 2 views

  • This being the case, it is encouraging to see some hotels are making moves to lock down their data security practices. There is clearly a great deal of work that needs to be done, but if a hotel can demonstrate it is capable of protecting customer information, it may be more likely to inspire confidence in consumers, which, in turn, could afford the hotel a competitive edge.
  • According to a 2010 Wall Street Journal report, the most common security vulnerability in hotels is point-of-sale software. Often, hotels do not require employees to change the default names and passwords of these programs, making it easier for hackers to break in and steal customer information. To overcome some of these and other concerns, McBeth said hotel operators are applying the best practices detailed by the Payment Card Industry Data Security Standard (PCI DSS), which aims to address data security for businesses that handle payment cards. However, he admitted that the task of ensuring protection throughout an organization is difficult, given the number of channels where vulnerabilities could be uncovered.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • ...21 more annotations...
  • This type of situation was brought to a head earlier this year when marketing services giant Epsilon experienced a massive breach to its email systems. According to a SecurityWeek report, among those impacted by the breach were several hotel operators, including Hilton, Ritz-Carlton and Marriott.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • According to a 2010 Wall Street Journal report, the most common security vulnerability in hotels is point-of-sale software. Often, hotels do not require employees to change the default names and passwords of these programs, making it easier for hackers to break in and steal customer information
  • According to a 2010 Wall Street Journal report, the most common security vulnerability in hotels is point-of-sale software. Often, hotels do not require employees to change the default names and passwords of these programs, making it easier for hackers to break in and steal customer information.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • According to a 2010 Wall Street Journal report, the most common security vulnerability in hotels is point-of-sale software. Often, hotels do not require employees to change the default names and passwords of these programs, making it easier for hackers to break in and steal customer information
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • Hotels
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • otels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • Hotels
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  • According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
  •  
    This article is related to IT security in hotels. Around six months back a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators met at the LodgeNet's Customer Technology Symposium in Chicago to discuss on how protecting customer data is becoming their top priority. This type of situation was brought to a head earlier this year when marketing services giant Epsilon experienced a massive breach to its email systems. According to a SecurityWeek report, among those impacted by the breach were several hotel operators, including Hilton, Ritz-Carlton and Marriott. According to a 2010 Wall Street Journal report, the most common security vulnerability in hotels is point-of-sale software. Often, hotels do not require employees to change the default names and passwords of these programs, making it easier for hackers to break in and steal customer information. To overcome some of these and other concerns, McBeth said hotel operators are applying the best practices detailed by the Payment Card Industry Data Security Standard (PCI DSS), which aims to address data security for businesses that handle payment cards. However, he admitted that the task of ensuring protection throughout an organization is difficult, given the number of channels where vulnerabilities could be uncovered. This being the case, it is encouraging to see some hotels are making moves to lock down their data security practices. There is clearly a great deal of work that needs to be done, but if a hotel can demonstrate it is capable of protecting customer information, it may be more likely to inspire confidence in consumers, which, in turn, could afford the hotel a competitive edge.
  •  
    Its a tough task to monitor this, because at the end of the day, the responsibility is at the property level to ensure that data is secure across the board. So training employees on the importance of data security and what a breach means could go along way.
Katie Gallagher

POS System Pay Off - 0 views

  •  
    Point of sales systems have been increasing popular in all retail and service industries. POS systems help companies integrate their accounting systems, track inventory, cut operating costs and more, while keeping all their company information in one place. Having a dated system in place could potentially cause frustration with the stores customers. Having an older system or cash register in place could cause long lines and inaccurate register transactions like it did for Golden Spoon Frozen Yogurt. Before using a POS system it would take even the most experienced worker 2 minutes or more to process a credit card, now it take 20 seconds. This keeps the lines shorter and the customers happy. There are issues that still arise from POS systems, for example security. One retail store based out of New York City had issues with people hacking into their DSL routers and accessing 3 months of credit card information. This company didn't seem to have any real security in place as far as accessing the system, as all employees used the same password to log in. The company used password policies and tougher procedures with credit cards to beef up security. Another company, also based out of NYC, has seen a faster and easier way to control inventory through the use to POS systems. This system can tell the managers what needs to be repurchased if an item is popular, or what's still sitting on the shelves and not being sold. This helps controls losses at the end of the season with less merchandise needed to be sold at discounted prices. Whether it's a hotel, retail store, or restaurant, POS systems help organize a company's most important and valuable information.
Paige Wuensch

Hotel chain lawsuit MUST BE a security wake-up call for the travel industry | Tnooz - 0 views

  •  authorities in the US filed a lawsuit against Wyndham Worldwide, claiming the company and three subsidiaries failed to protect sensitive customer credit card data.
  • almost 600,000 credit card numbers including expiry and security codes, were stolen over a three year period in three separate data breaches, resulting in over $10 million in fraudulent losses to cardholders, banks, and credit card companies.
  • Weak passwords and a laissez faire attitude towards property management system usernames and passwords should never be an excuse for a compromise.
  •  
    Last year a law suit was filed against Wyndham Worldwide because the company did not protect their customer credit card data efficiently on their PMS. The company caused over $10 million in fraudulent losses. In this case, Wyndham had be allegedly using weak login credentials in their property management systems. This is the key vector for data breaches. "According to the FTC, Wyndham Worldwide had many points of weakness in their security chain including; storing credit card information in plain text, storing sensitive security codes (aka CVV/CVS/CVC data), not using firewalls, not enforcing strong passwords, not using updated operating systems, and not having adequate logging.'
agrie013

Cloud Storage Security: How Secure is Your Data in The Cloud? - 0 views

  • Hybrid Cloud: Many companies choose to keep high-volume files on the public cloud and sensitive data on a private cloud. This hybrid approach strikes a balance between affordability and customization.
  • Intrusion Detection: Online secure storage can serve many users at the same time. Successful cloud security systems rely on identifying when someone tries to break into the system. Multiple levels of detection ensure cloud vendors can even stop intruders who break past the network’s initial defenses.
  • Internal Firewalls: Not all accounts should have complete access to data stored in the cloud. Limiting secure cloud access through internal firewalls boosts security. This ensures that even a compromised account cannot gain full access.
  • ...5 more annotations...
  • Encryption: Encryption keeps data safe from unauthorized users. If an attacker steals an encrypted file, access is denied without finding a secret key. The data is worthless to anyone who does not have the key.
  • Authentication: Weak passwords are the most common enterprise security vulnerability. Many employees write their passwords down on paper. This defeats the purpose. Multi-factor authentication can solve this problem.
  • Breach Drills: Simulating data breaches can help employees identify and prevent phishing attacks. Users can also improve response times when real breaches occur. This establishes protocols for handling suspicious activity and gives feedback to users.Measurement: The results of data breach drills must inform future performance. Practice only makes perfect if analysts measure the results and find ways to improve upon them. Quantify the results of simulation drills and employee training to maximize the security of cloud storage.
  • Is the Cloud Secure and Private?Professional cloud storage comes with state-of-the-art security. Users must follow the vendor’s security guidelines. Negligent use can compromise even the best protection.
  • Redundancy makes cloud storage security platforms failure-proof. On-site data storage is far riskier. Large cloud vendors use economies of scale to guarantee user data is intact. These vendors measure hard drive failure and compensate for them through redundancy.Even without redundant files, only a small percentage of cloud vendor hard drives fail. These companies rely on storage for their entire income. These vendors take every precaution to ensure users’ data remains safe.
  •  
    This article goes into how secure is data that is stored in the cloud. There are three different types of cloud storage. one is public, two is private and three is hybrid. The article states that most companies go with hybrid because of its versatility. cloud storage does have built in security that includes intrusion detection, internal firewalls and file encryption. the article does list that there is security risk that come with cloud storage. week passwords are one of the main concerns when it comes to cloud security. Cloud companies do what's called breach drills to see if there are any weakness in the security and if there are how do they handle the situation if the system is compromised. this article does list the pros and cons of cloud services but in the end, it shows that the writer for this article is biased towards the use of cloud services.
  •  
    Breach drills sound like a great idea! It would be helpful in continually maximizing security efforts and determining weak points in the system, especially with technology advances and computer viruses becoming stronger.
Manali Rabari

POS Hackers Sentenced for Multi-Million Dollar Payment Card Data Theft | News | Hospita... - 0 views

  • “The Subway case is a clear indication that privileged and administrative accounts are increasingly targeted and used by criminals to steal sensitive information,”
  • “In this case, the attackers were able to simply do an Internet search for remote desktop applications that were used by the restaurants, and through simple password cracking techniques, they were able to gain administrative access to the systems.  This enabled them to easily steal sensitive financial information from unsuspecting customers.”
  • Two Romanian nationals have plead guilty for participating in an international, multimillion-dollar scheme to remotely hack into and steal payment card data from hundreds of U.S. merchants’ computers, including a great number of Subway restaurants. Federal prosecutors noted that the conspiracies involved more than 146,000 compromised cards and more than $10 million in losses.
  • ...1 more annotation...
  • Bosnian continues, “The reality is that anyone with an Internet connection can search for, identify and target  remote applications that businesses rely on – the problem facing the industry is that there is not sufficient security and protection around the entry points to these applications. Once inside, attackers have free reign on the network. If you examine the list of the recent, high-profile data breaches that have plagued organizations, including Global Payments, the U.S. Chamber of Commerce, the Utah healthcare breach, etc…, the common denominator is that the attackers focused on gaining access to the privileged or administrative accounts.” 
  •  
    According to the article, two Romanian nationals have plead guilty for participating in an international, multimillion-dollar scheme to remotely hack into and steal payment card data from hundreds of U.S. merchants' computers, including a great number of Subway restaurants. The reality is that anyone with an Internet connection can search for, identify and target remote applications that businesses rely on. This case is a warning to operators utilizing POS systems to shore up their security by taking steps to make their accounts more difficult to breach and therefore less attractive hackers.
  •  
    This article discusses the security issues with restaurants using remote desktop applications that are easily accessed by hackers trying to steal stored credit card information. The relative simplicity in which these hackers were able to steal the numbers should pose a real concern for restaurant owners in making sure their systems are properly secure from theft. They were able to crack simple password protected applications to gain access to private information. These remote applications used by restaurants are a not provided with enough security and therefore are easy targets for hackers.
frank rodriguez

Hospitality Industry Hit Hardest By Hacks - Dark Reading - 1 views

  • Trustwave report on data breach investigations shows hotels were breached more than financial institutions last year, and nearly all attacks were after payment-card data
  • not surprisingly, a whopping 98 percent of targeted data was payment card information
  • Nicholas Percoco, senior vice president of Trustwave's SpiderLabs, announced at Black Hat DC this week these and other findings the company compiled in 218 data breach investigations in organizations across 24 countries. Financial services companies accounted for about 19 percent of the breaches, but that was far fewer than in the hospitality industry, where 38 percent of all breaches took place
  • ...1 more annotation...
  • Percoco outlined the three main steps in a typical data breach and how attackers mostly operate at each level: initial entry, data harvesting, and exfiltration.
  •  
    The hotel is a perfect place for hackers to attack because they have easy access to retrieve thousands of guest information including credit card information, billing addresses, and much more personal information. Nicholas Percoco, senior vice president of Trustwave's SpiderLabs, mentioned that the credit card and debit card information is the most in demand by hackers because it is easiest to turn into cash quickly. There are three main steps in a typical data breach and how attackers mostly operate at each level: initial entry, data harvesting, and exfiltration. Close to half of these attacks occur via remote access applications, of which 90 percent exploit default or weak passwords. Around 42 percent of attacks occurred via third-party connections; 6 percent via SQL injection; 4 percent via exposed services; and 2 percent via remote file inclusion attacks. Interestingly, less than 1 percent began with an email Trojan. As an IT manager of the hotel, it is crucial to recognize how serious the consequences are for the hotel should the data not be protected well. 
  •  
    Hey all, here is an article I found that talks about hackers taking over the hospitality industry. It mentions how hackers main objective is to gain access to debit accounts and gain access to customer cash. Also, hackers are also able to infiltrate POS systems along with other valuable technology with in the hospitality industry. Nearly half of these attacks occur via remote access applications, of which 90 percent exploit default or weak passwords, according to the report. Around 42 percent of attacks occurred via third-party connections; 6 percent, SQL injection; 4 percent, exposed services; and 2 percent, remote file inclusion attacks. Interestingly, less than 1 percent began with an email Trojan.
  •  
    hackers are EVERYWHERE!
Yanique Coach

10 Tips for Computer Network Security - Life123 - 0 views

  •  
    Having a good network security eliminates viruses and you are less vulnerable to identity theft or malware that can ruin your data. It is good t run regular weekly scans to ensure that your machine is not infected. It is also good to update the anti-virus programs and the operating systems to ensure that you computer is protected against the latest threats. Using a firewall will help to protect against malicious software and prevent people from traveling through your network connection. With router security, by using a strong password protection people won't be able to get access to stealing your data and this will improve security. Using a computer network suite such as Norton or McAfee is a good option because they have a variety of software, including anti-virus, firewall, identity protection and back up features. They all work together to protect your computer from threats.
  •  
    Sometimes, virus comes from the misoperation of the staffs. A lot of times, when the anti-virus system warns the user of the computer, most people will not spend too much time reading and thinking about the warning. Then they pay make wrong choice so that virus are downloaded to the computer.
dstro007

Point-of-Sale Attacks Leverage Weak Remote Security and Passwords - Blog - Duo Security - 0 views

  • Weak remote security and passwords contribute to 94 percent of point-of-sale (PoS) breaches
  • The report found that much of the food and beverage and hospitality compromises were due to the dependence on remote access software to remotely manage locations and payment systems.
  • But many times, remote access software were deployed with weak or default credentials, making them a prime target for criminals.
  • ...4 more annotations...
  • In a breakdown of types of IT environments most frequently compromised, POS systems and assets were associated with 95 percent of breaches in the food and beverage industry
  • One example is the breach of Eataly,
  • The company reported that their Manhattan retail location was hacked and malware was installed to capture payment card transaction data.
  • The conclusion is, remote access credentials appear to be a common theme among most POS breach cases, which calls for a specific technical approach to eliminating this risk and the liability of weak authentication security for remote application logins.
  •  
    In a report generated by Trustwave Global Security shows that about 94% of POS hacks are contributed by weak remote access. The hospitality industry seems to have taken the hardest hit. We know of the grueling schedules that come with working in our industry and how we all can't be there seven days a week. So when management are in the comfort of their relaxation area and remotely access the POS systems, they seem to be leaving the doors open for hackers to enter, as well. "In a breakdown of types of IT environments most frequently compromised, POS systems and assets were associated with 95 percent of breaches in the food and beverage industry" (Pham). One popular hospitality establishment that has reported a breach is the New York location of Eataly. The thought process behind why these hacks are happening has not been figured out yet, but the idea has been tossed around that it is because of the credentials used to remote access. The temporary solution is to create a double layer security system, also known as two-factor authentication. By doing it this way, you can log in using your credentials, but then have a second login that needs to be verified by way of sending codes and authentications to technologies that you would have in your possession (cell phones, emails, etc.) so no one else can access that information.
msbode

Ensuring Software Integrity in IoT Devices - 3 views

  • oT is defined as the Internet of Things. The Internet of Things refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems
  • Gartner predicts that there will be 20.4 billion connected Internet of Things (IoT) devices by 2020, with 5.5 million new things getting connected every day
  • more than half of major new business processes and systems will include an IoT component by 2020
  • ...9 more annotations...
  • Manufacturers are rushing products to market with little or no thought to security, often including hardcoded passwords or known vulnerable software libraries. While this problem is most obvious in the consumer space (which gets the most news coverage), vulnerable IoT devices are present in every business sector as well
  • The TPM stores secret keys, passwords, and digital certificates in its secure internal storage protecting them from software and physical attacks. The TPM acts as a root of trust for checking platform integrity at boot time (i.e., check against any malicious change). A cryptographic hash value of the platform configuration is calculated and compared against the precomputed hash value of the platform. Access to the platform is denied if the integrity check fails [4]. This is the beginning of the “chain-of-trust” for software modules that are subsequently initiated. This transitive trust mechanism is one of the important security features in trust computing. It uses the trust root as a starting point to establish a chain of trust model, in the order of trust root, boot loader, OS, and Application.
  • Secure boot provides the foundation for Trusted Boot, which extends the trust boundary to the boot process and eventually the operating system.
  • software attestation attempts to achieve a dynamic root of trust without specific hardware support. This method has the advantage of not requiring any stored secrets (cryptographic keys or passwords) and allows applications or modules to be updated, which may not be possible if hash values are stored in immutable formats, such as a TPM chip
  • While Secure Boot validates the platform and firmware, Trusted Boot is generally defined as verifying each software module before execution and extending the chain-of-trust to the entire operating system. During the boot sequence, the digest of each executing program is recorded before it executes. A TPM (Trusted Platform Module) is used to store all these records and then report on them securely.
  • It is important to note that Trusted Boot requires a TPM chip so the operating system can see the chain of execution, thus it may not be an option for some IoT devices. Lack of trusted boot support would allow an attacker with physical access, or using a software vulnerability during run time, to potentially modify the stored code and compromise the device.
  • There are many other attack possibilities to consider with IoT devices. For example, existing TPM architectures do not support runtime integrity checking and this allows attackers to exploit vulnerabilities to modify the program after it has been verified (at time of check or TOC) but before the time of its use (at time of use or TOU) to trigger unintended program behavior, such as the execution of malicious code or the leaking of sensitive data
  • Physical attack is a viable method of compromising the integrity of a device. Modifying and replacing firmware by an attacker may be worth the effort, depending on the perceived value of the device or the data it may access (such as a video camera or ATM). Attackers can go as far as removing memory and reading its contents.
  • a device built today can become a major problem tomorrow
  •  
    The purpose of this article was to review the available literature on the subject of ensuring software integrity for IoT (Internet of Things) devices, focusing on detecting and preventing modification of the original software, so that the device cannot be used for unintended purposes. The literature reviewed; secure boot, trusted boot and runtime security. Concluding that no one single control is going to adequately protect a device the solution based upon 25 years of experience is to create a multi-layered approach to security that starts at the beginning when power is applied, establishes a trusted computing baseline, and anchors that trust in something immutable that cannot be tampered with. Additionally, because a device built today can become a major problem tomorrow, due to them having hardcore keys "set and forget", the internet will then have literally billions of obsolete hosts in the coming years. Therefore it is important for MIS Managers/ Consultants investigate how to change the game in order to mitigate the damage or economic value of new systems being breached and by asking questions such as 'Can we even in the presence of a malicious attacker offer some limited form of security for the most valuable transactions (such as e-banking) or assets?' and 'Can we make the 'business' of the attackers less attractive by applying security technologies that are particularly tailored towards destroying the business model of the attackers?'
kpony001

Cloud security: The reason hackers have it so easy will infuriate you - 0 views

  • hackers time and again have outwitted the cyberguardians.
  • HashiCorp offers an open-source tool called Vault that stores sensitive credentials, encrypted themselves, and strictly limits what people, servers and programs can access them
  • The mass movement of company and personal data to the cloud has only complicated things.
  • ...15 more annotations...
  • Companies have uploaded VPN and cloud access credentials to cloud storage systems that are easily accessible.
  • security breaches are routinely made worse when hackers who enter one system are then finding the keys to another lying around unencrypted.
  • developers are still regularly storing the digital keys to company assets and even user data in source code, configuration files, and other miscellaneous, unencrypted locations.
  • Unlike typical users who can memorize their passwords or store them with a secure password manager, developers and IT workers often need to keep security credentials in places where automated software can find them.
  • Cloud managers are playing catchup to close the door on the critical data left out in the open.
  • Sophisticated new cybersecurity tools designed to securely store these kinds of credentials in a way that legitimate, automated processes can access, and intruders can’t
  • hackers time and again have outwitted the cyberguardians.
  • cloud industry leader Amazon launched AWS Secrets Manager, its own credential management tool. And Microsoft offers what it calls Azure Key Vault to securely store and monitor and control access to this kind of data.
  • The main problem is that companies really don’t have policies for it or they don’t follow up and make sure those policies are followed
  • Until recent hacks made it clear that few organizations can hope to keep their networks entirely free from intrusion, many companies paid less attention to the security of data within their firewalls
  • UpGuard, known for its frequent role in detecting leaks tied to data stored on insecure cloud machines, has released BreachSight, which scours the internet for its clients’ exposed code, credentials, personally identifiable information, and other sensitive data.
  • Since last year, Amazon has also offered a service called Amazon Macie, which uses machine learning to detect unusual access patterns to cloud storage and uploads of potentially sensitive data like access keys.
  • Amazon also released open source software to help prevent accidentally storing passwords and keys to source code repositories
  • other developers have offered similar tools to scrub credentials from existing code.
  • it’s possible that those types of tools will automatically be provided as part of cloud computing contracts, as standard as seatbelts in new cars.
  •  
    Cloud computing has created a very hacking prone storage system because companies have not been paying as much attention to security as they should. Thus, by not taking the logical measures such as not uploading credentials to cloud storage systems, they are becoming prone to hacker raids. However, with the turning of the tide, new methods of security have presented themselves in the form of online tools such as HashiCorp's Vault Microsoft's Azure Key Vault, and Amazon's AWS Secrets Manager, which stores sensitive credentials in very limited access windows, as well as UpGaurd's BreachSight which detects online data leaks containing exposed and volatile client data, and Amazon's Amazon Macie, which learns the access patterns of your cloud storage,
anonymous

Three Basic Steps to Security | Hospitality Technology - 0 views

  • mind the three Ps: patches, people and passwords
  • A lot of breaches occur because software is not up to date
    • anonymous
       
      Patches It is always important to keep systems up to date that way you can keep tabs on everything and know exactly what is going accurately. It also makes it more efficient.
  • It is good policy to change a passcode every 30 days, but it gets confusing. People revert to things easily hacked and guessable
    • anonymous
       
      Pass-codes Although people want to keep their passwords easy and simple sometimes this isn't the best strategy. It works best if you think of something that most people wouldn't be able to guess so easily. Pass codes should definitely contain numbers and words, but most importantly they should be something that YOU will always remember that way you won't forget it.
  • ...4 more annotations...
  • using a pass phrase that is from something easy to remember, such as a line from a favorite song or nursery rhyme plus some numbers
  • More than half of users reuse the same password on different systems
  • How do you off board someone properly? You go through and change all things to make sure they’re locked out and to make sure they can’t do anything tricky” such as copy files or create a backdoor
    • anonymous
       
      People Making sure those who leave leave properly is equally as important as making sure those who enter enter the business the right way. You have to make sure that the people who leave are not gonna be planning anything against your business. Take the proper precautions and be aware of anything and everything.
  • These basics are a good starting point and can help deter hackers
  •  
    The article discusses three key points to keep in mind for a better security within a hotel according to Russ Schrader from NCSA.
rhoff019

Council Post: Cybersecurity As We Know It Is About To Change - 0 views

  • the global cybersecurity market is set to increase to $270 billion by 2026. This signals the priority boardrooms have placed on cyber risk management even as digital transformation takes place en masse.
  • COVID-19 has become the catalyst to trigger change in the ways we manage and operate technology.
  • Virtual desktops emulate a computer system so that IT can control access as such adding input/output devices as well as software and applications. This could become an important control point when remote workers are operating outside the safety of a corporate network.
  • ...15 more annotations...
  • Telecommuting Is The Only Way Of Working For Many
  • With swift digitalization, security controls will shift to data sources, similar to the trend witnessed in IoT.
  • With millions of employees working from home, hackers’ focus has shifted from enterprise to remote working individuals. To handle the menace that exists in cyberspace, decentralized cybersecurity will rise where greater emphasis will be placed on data sources such as actual remote employees themselves.
  • User access controls have largely revolved around single or two-factor authentication. These methods rely on “something you know (username)” and “something you have (password).”
  • This means identity protection will be a top priority, and the best defense should involve building authentication systems that focus on “who you are.” This would require advanced biometric solutions such as fingerprint/thumbprint/handprint, retina, iris, voice and other facial recognition technologies.
  • The current state of privacy regulations is designed around the enterprise network and building the proverbial wall to keep sensitive data out of prying eyes.
  • With the remote working concept taking center stage, re-evaluation of these policies is needed to address the new cyberthreats.
  • From a risk management perspective, global privacy policies will need to encapsulate standard operating procedures regarding BYOD, GDPR compliance and state privacy laws.
  • The shift to cloud services offers employees, customers, suppliers and everyone else across the ecosystem a seamless and frictionless way to access data and applications. Remote access by various users would compound security challenges and present many new potential attack vectors. In the post-pandemic world, IT resources could shift toward data, particularly keeping data secure across cloud platforms.
  • This will facilitate cybersecurity teams to apply varied access controls and demarcate data storage to minimize the risk of cyber intrusion and data breach.
  • Innovative technologies such as ML/AI and AR/VR will see greater adoption. As we have already witnessed, video conferencing applications will continue to rise as non-contact interactions surge.
  • Sectors such as retail, hospitality and manufacturing will layer their adoption of robotics with added AR/VR capabilities.
  • Cybersecurity teams that are saddled with an events-based approach will be overly burdened with triages when a cyber breach occurs. By embracing an intelligence-driven approach, businesses can digitalize confidently with external threat intelligence as the guiding beacon.
  • Social engineering techniques to trick untrained and unsuspecting employees, third parties and contractors into releasing confidential information or letting an intruder into a corporate network will also intensify accordingly.
  • Cybersecurity awareness training for people across the entire supply chain and ecosystem will prevail.
  •  
    By 2026, the investment in cybersecurity will increase to $270 billion globally. After the COVID-19 pandemic companies will need to reevaluate their cybersecurity systems to adapt to telecommuting as many companies will have some of their employees working from home. Biometric security such as a fingerprint or iris scan will become more common as the typical password will no longer be as secure as it once was.
1 - 20 of 91 Next › Last »
Showing 20 items per page