Group items tagged

This article lists of some common security breaches that hoteliers need to be aware of and prepare the hotel system for.

This article talks about how cybersecurity can critically affect hospitality businesses if they are not careful about what ways could attack their business.

As the article states, "Protecting the identity and information of a customer is paramount to the success of any business and hotels are no exceptions." Quite unfortunately, cybersecurity issues are some of the biggest obstacles that hotels are experiencing nowadays. With hacking attacks such as phishing and ransomware, hotels need to invest in increasing their cybersecurity as any breach can lead to a downfall in business loyalty and brand.

To summarize, this article states that, it should not come as a surprise that the cost of a data breach has also increased to an all-time high in a year marked by significant increases in energy prices and worldwide inflation. According to IBM's Cost of Data Breaches Report 2022, the average overall cost is $4.5 million. Additionally, even if ransomware isn't garnering as much attention as it did a year ago, it still poses a serious danger to many businesses. Credential theft and phishing emails are still the major threat vectors, therefore it's critical to keep spreading awareness through public awareness campaigns and business training. Finally, the situation in Ukraine is demonstrating the potency of cyber weapons in sabotaging command and control in a fight.

Restaurants have always been an easy target for cyber security hackers, in particular, hackers who are looking for credit card and ID information. Restaurants provide hackers with a "wealth of client data" due to the high "volume of credit card transactions and CRM data available." Once given access, a hacker could simple install malware and duplicate all customer information. Already facing critical financial issues during Covid 19, restaurants large and small need to take a stronger presence in the protection of their data. If discovered to be the start of a breach, customers will tend to avoid that business. "Chipotle, for example...got devalued by about $400 million after they suffered a breach," and many small restaurants "go belly up six months after an attack." Below is a summary of the types of attachs restaurants face: 1. Unprotected Wifi 2. Social engineering and phishing attacks. This is actually the one that stood out to me the most because of how sophisticated these attacks can be. It is a reminder that we are all at risk, both the technologically challenged and gifted. 3. Malware 4. Covid 19 Scams 5. Grub hub scams 6. Supply chain scams *A particular issue for restaurants and commercial businesses right now as companies scramble to find new vendors who can supply them with the products they require. 7. Public Health scams 8. Government Stimulus scams 9. Technical support scams How can we fight against these? Here are the recommendations: 1. PCI compliance 2. Hire and IT security professional to conduct a risk analysis and if possible, keep on as a consultant or full time 3. Keep a secure network and change free passwords daily 4. Use the latest operating systems, force multi-factor authentication, strong passwords, and use encryption services for data storage and transfers 5. Install and use robust web-filters and security software programs 6. Maybe most important!!! Train your employees. 5.

This article discusses ways that the travel industry can combat cyberthreats. The main cyber concern for hotels' is phishing, which is a scam that collects credit card information by pretending to be apart of a hotel's front desk staff. The article mentions that IT departments should do routinely updates to operating systems and back up data and files. Employees should also be trained to help prevent data breaches. The author briefly touched on what to do when your hotel system is hacked and even dives into how the airline industry is still very unequipped to handle cyberattacks and threats. This is a great read to learn how to keep up with best security practices in the hospitality and tourism industry.

There is a new email phishing scam that is currently targeting military members, retirees and civilian employees.  The emails are asking the targeted audience to send copies of their IRS documents and various VA award letters so they can receive additional benefits.  However, this is a scam that identity thieves are using to seal the identity of these individuals and possibly clean out their financials and ruin their credit.  People are being warned and noted that the IRS will never ask for personal information in an email.   

This article talks about how there is a serious concern in the hotel industry when it comes to credit card and identity theft. They talk about how all the major brands in the hotel industry were all victims of highly publicized, major breaches in the last year alone. Also, including airline and banks, hotels maintain a wealthy amount of database of personal and financial data. For example, with new technology systems being created, POS systems are a weak security point for many networks because they are constantly in use and are not always updated or even protected from vulnerabilities. The article talks about personal details for hotel guests are frequently stored in a variety of locations including restaurants, facilities, and government buildings, so hackers have a greater possibility to access your personal information. The bigger hotels are in more danger because of the volume of guests that come in and out of the location. Smaller hotels should be concerned not just about their security but also by ransomware, an increasingly favorable tactic to extort hoteliers by hackers who encrypt the hotels data making it inaccessible until ransom is paid for. I believe hotels need a toolbelt of various securtiy technologies that can be used to prevent future malicious attacks. I think by managing and implementing a firewall is essential which helps get rid of dangerous traffic from coming onto the network and preventing sensitive data from being hacked.

MOD 10: This article discusses the main tactics of cyber hackers that target hotels. Point of sale (POS) systems are easy targets for hackers due to their constant use during operation hours and because of that their security measures aren't always up to date. Hotels have large data banks since they're storing consumer profile information such as home addresses, phone numbers and credit card numbers. There's a large risk when it comes to security breaches within franchises because they have access to their parent company's regional, national and global systems. If their systems are hacked and breached, then that puts the whole system of the brand at risk. Security breaches within a system can also damage a brands reputation with the public. According to the article, "Recent major breaches at Fortune 500 companies and household names across the retail, restaurant and hotel sectors demonstrate that anti-virus, anti-malware and firewalls alone are not enough to secure businesses from the ever-evolving threat landscape." Smaller properties are even at a greater risk because not only do they have to monitor their compliance with PCI but also monitoring their security systems for their database and PMS system. Some of the recommended software's that should be used by hotels looking to be proactive with their company's cyber security is File Integrity Monitoring(FIM), Unified Threat Management(UTM), and Security Information and Event Management(SIEM).

This article explores the different tactics hotels should use after a cyber attack. The article mentions several different type of attacks such as Phishing when hackers trick customers into giving up their login credentials. Ransomware, when hackers encrypt data making it unusable and inaccessible for the hotel. Not one solution but rather companies should be equipped with a series of technologies from firewalls to file monitoring programs. Some of these technologies, like SIEM requires an intelligent IT team to have the capabilities of analyzing and monitoring the reports produced. This may be more difficult for smaller businesses to implement and maintain.

This article discussed some of the biggest cyber security threats to the hotel industry. One of the biggest threats is that of the POS system, this is not new but we should still watch over it. Another threat that is old is a phishing scam the scams are getting more sophisticated now, hackers get into the email accounts of executives and order large transactions to be made. Internal protocols cannot wipe of the hack but can minimize the risk of employees falling for the fake emails. Ransomware and DDos are also hacks though not as common they still carry big risks.

This article stresses the importance of providing cybersecurity training to staff in the hospitality industry.

This article talks about the type of threats the hospitality industry can face, an explanation of cybersecurity, and how to protect your organization from cyber threats, especially phishing.

This article describes the vulnerabilities in the security systems of the hotel Industry. The POS system was recognized as one of the most vulnerable areas that are more targeted by hackers. This is due to the multiple stations where the POS systems are located on the premises of the hotel. Likewise having POS systems independent of the hotels security system left the system open to hackers. Two options to defending the cyber-defense, are digital walls and employee training. Digital walls works by keeping hackers from accessing the systems. Although even with a strong firewall it is recommended to implement point-to-point encryption (P2PE), this encrypts payment information of guest. the other is tokenization. This uses alphanumeric pseudonym to protect data stored for long periods of time. Another way to prevent cyberattacks is employee training, encourage the use of strong passwords an dhow to detect fraud and phishing attacks.

This article is about a new and advanced malware called Dexter that is targeting POS systems. The article reports that 30% of the infections are in the US (world wide). When the virus attacts the POS it steals credit card information that can be used to make duplicate credit cards to be used. There is software to help fight off the virus however people have never seen this kind of virus because of the power it was to attack the system, so this is something to be on the look out for.

computer security is definitely still a "hot topic." But why are we spending all this time and money and still having problems? . Systems based on "Default Permit" are the computer security equivalent of empty calories: tasty, yet fattening.The most recognizable form in which the "Default Permit" dumb idea manifests itself is in firewall rules.Another place where "Default Permit" crops up is in how we typically approach code execution on our systems. 2.Why is "Enumerating Badness" a dumb idea? It's a dumb idea because sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness. "Enumerating Badness" is the idea behind a huge number of security products and systems, from anti-virus to intrusion detection, intrusion prevention, application security, and "deep packet inspection" firewalls. 3."Penetrate and Patch" crops up all over the place, and is the primary dumb idea behind the current fad (which has been going on for about 10 years) of vulnerability disclosure and patch updates. 4.Hidden in Parker's observation is the awareness that hacking is a social problem. It's not a technology problem, at all. "Timid people could become criminals." The Internet has given a whole new form of elbow-room to the badly socialized borderline personality.If you're a security practitioner, teaching yourself how to hack is also part of the "Hacking is Cool" dumb idea. 5."Penetrate and Patch" can be applied to human beings, as well as software, in the form of user education.Dealing with things like attachments and phishing is another case of "Default Permit" 6.There's an important corollary to the "Action is Better Than Inaction" dumb idea, and it's that: "It is often easier to not do something dumb than it is to do something smart."

This article goes in to detail that attackers have targeted information that is acquired on websites such as credit card and other personal information. This writing does tell how PCI and Retail and Hospitality ISAC joined forces to help prevent such attacks from happening on these websites. Now PCI and ISAC are the standard when it comes to protecting information. These attacks are easily undetectable by these websites because they are only skimming for the information. this article does give tips for prevention and detection. PCI is the industry standard and by them teaming with ISAC it will make these websites and your information more safe.

Cybersecurity has changed both in nature and velocity during the COVID-10 pandemic. Hackers used COVID-19 to contact hotels under the guise of safety and security suggesting products to sell. There have also been an increase in phishing attacks at the outset of the COVID-19 pandemic. The threats targeted financial instruments such as loyalty points conduct fraud, to credit card information. The good news is both Hyatt and Choice hotels have executives that buy into the importance of cybersecurity.

This article goes into how secure is data that is stored in the cloud. There are three different types of cloud storage. one is public, two is private and three is hybrid. The article states that most companies go with hybrid because of its versatility. cloud storage does have built in security that includes intrusion detection, internal firewalls and file encryption. the article does list that there is security risk that come with cloud storage. week passwords are one of the main concerns when it comes to cloud security. Cloud companies do what's called breach drills to see if there are any weakness in the security and if there are how do they handle the situation if the system is compromised. this article does list the pros and cons of cloud services but in the end, it shows that the writer for this article is biased towards the use of cloud services.

Breach drills sound like a great idea! It would be helpful in continually maximizing security efforts and determining weak points in the system, especially with technology advances and computer viruses becoming stronger.

Cyber attacks open more and more often and varied since cybercriminals are becoming more cunning and their methods more challenging to detect. This article introduces some types of strategies implemented to protect companies' businesses from cyber threats and cybercriminals. Including using Anti-virus software, firewalls, password managers (very useful while some even free), VPN, patch management program which not only for operating program but also for other applications running on your system, consider the email SPAM/Malware filters and security awareness training for the employee since "humans are the weakest link." An employee who accidentally clicks on the wrong link can put in motion a chain of events that results in a cyber breach. Finally, plan a 24/7/365 network and endpoint monitoring.

this article is about a recent data breach. in essence this article provides an outline for how to possibly prevent something this devastating from happening. the general consensus is that training employees is of the utmost importance because there the weak link.

Hotels are at risk for cyber attack. It can cause a customer to lose trust in your brand and make public relations difficult to control. There are different types of attacks that are more prominent for hotels and that includes: Phishing attacks, ransomware, POS and credit card attacks, and DDoS. In order to protect your hotel you need a CISO to monitor the system and make updates. In addition you will need infrastructure updates and secure procedures to protect against attacks.

Inthe hospitality/tourism industry it's so easy for cyber threats to come up and this year it has been increasing in the industry. Cyber hackers find it easy to target places like hotels for instance where there are overnight shifts of people inputing valuable and sensitive information in the computers the hackers have felt like they hit the jackpot knowing this so it's important for businesses to have security with their techonology.