Group items tagged

(1 of 2) "The hospitality sector has always been a popular target for cyberattacks." This is the first line of this Recorded Future article published in January. The article discusses breaches that happened for both Marriott and British Airways and how this is a regular occurrence in the industry as it is such a big target with so many possible points that can be attacked. While the statistics for the hospitality industry have improved greatly in the last decade, in 2019, they were still accounting for 10% of all breaches. Not only does a breach affect the way an organization operates, but also it also severely effects their bottom-line and takes quite a but of time for them to recover. "According to Ponemon's 2019 Cost of a Data Breach Report, the average hospitality data breach costs $1.99 million to contain, at a cost per record of $123. These high costs are due in part to the time needed to adequately respond to a breach. On average, it takes 200 days to identify a hospitality data breach and a further 75 days to contain it." The article continues by stating that hackers are typically seeking payment card data when compromising the hospitality industry.

(2 of 2) The article then discusses the many reasons why it is so difficult for hospitality-oriented companies to secure their assets versus other organizations of similar stature. Some of these reasons include the large, complex networks which are typically publicly accessible and contain many customers in the databases, the fact that customers are always onsite and so are attackers, the high turnover leading to inconsistent training and sharing of credentials, franchisers owning the responsibility of security yet not knowing much about it, and the risk associated with all of the various third parties the hotels do business with. While intelligence has come a very long, "security professionals in the industry are tasked with defending highly complex networks with many endpoints against a constant barrage of attacks and a constantly churning workforce… [AND] they have limited security resources to work with." Comprehensive security intelligence systems are now capable of protecting many aspects of the organization. Some of these updated features include responding rapidly to security incidents, blocking online brand abuse and impersonation, managing third-party risk, reducing breach containment times, and better allocating security resources. Property data security is so important to the hospitality industry. If a business does not take the proper precautions to protect their systems and their customers, then it could lead to a devastating event for the business. While security intelligence has progressed within the last decade, a business needs to make sure that they have chosen a reliable agent to partner with who will produce consistent service. If the business keeps up with their system updates and protections, they should not have to worry about their security system failing.

The article discusses the relevance of cybersecurity for hotels in light of more and more people working from home after the pandemic. Common risks and their safeguards have been described along with a set of best practices that hotels should adopt to prevent breaches.

PCI compliance is a crucial and necessary set of guidelines that all hotels must follow. The Payment Card Industry Security Standard was created in 2006 and outlines rules regarding accepting, storing, and/or processing card information. These rules were put into place to protect consumers sensitive information. For example, in 2014 Marriott hotels was attacked and 300 million guests information was compromised. This attack led to new regulations being put into place, the Payment Services Directive 2 (PSD2). These regulations take into account international customers and enhanced guidelines for sensitive data.

Backup and recovery describes the process of creating and storing copies of data that can be used to protect organizations against data loss. This is sometimes referred to as operational recovery. The purpose of the backup is to create a copy of data that can be recovered in the event of a primary data failure. Primary data failures can be the result of hardware or software failure, data corruption, or a human-caused event. Storing the copy of the data on separate medium is critical to protect against primary data loss or corruption. This additional medium can be as simple as an external drive or USB stick. The possibility of weather-related events may justify having copies of data at remote locations. For best results, backup copies are made on a consistent, regular basis to minimize the amount data lost between backups.

This article was all about the hotel security concerns for 2012. The 5 things the article lists as issues are: IT, terrorism, skimmers, liability and insurance fraud, and finally security as taboo. IT in a concern for hotel security because mobile and cloud technology is becoming very popular. Companies that do not protect their information with passwords are even more at risk. Data protection needs to include end to end management so companies are not just patching the security. Terrorism is another issue that was a concern in 2012. Hotels need to keep staff and travelers knowledgeable about possible threats, but in a way that does not scare them. Campaigns were placed in airports to educate travelers about notifying security upon seeing something suspicious. Another thing that hotel security should be concerned about is skimming. Skimming is a device that catches credit card numbers. Usually there is a need for an inside man for this type of threat. These people usually aren't criminals, but opportunists. Prevention of this in your hotel could be to hire an investigative team man making that known to the employees. This will keep honest people honest. Insurance fraud is one of the greatest business risks and it's the most expensive. Claims could be as small as a guest seeking a free room for stubbing his toe to a drawn out worker's compensation case. Liability is the label that hoteliers are held liable for criminal acts of a third party. Hoteliers should properly educate themselves on these issues and consulting an attorney if necessary. The final issue is security as a taboo. Security should become a part of day to day operations and hoteliers will be better able to address it. Hotel executives should insist their GM's make security a priority. This article was written for the year 2012. I still think that all these issues are relevant in 2013.

This article discusses how banking and healthcare have been held to a historically high level of cyber security, but only recently has the hospitality industry. It highlights a cyber attack on Wyndham Hotels and their reluctant response to take corrective action. The article offers steps that a hospitality company should take to protect themselves as they launch and work to protect their guests, their information and their company.

1. IT The hot-button issue within the realm of hotel-information technology is mobile and cloud technology.A company could have tens of thousands of smartphones or laptops in the field at any given point-each a potential gateway to hackers and other criminals. To the problem the core principle is to provide end-to-end data protection with looking at cost and benefit and how it's supports the business. 2. Terrorism Ironically, one of the main reasons terrorism tops the list is because it has become less of an issue in recent years.Hoteliers need to keep their staffs and travelers mindful of possible threats, but they don't want to scare them. 3. Skimmers A related threat is that of "skimmers," or devices that catch credit card numbers when consumers use them for payment.The best prevention measure is to have an investigative team or third party on hand and making that known to employees. 4. Liability and insurance fraud These two related issues can double, triple, quadruple and quintuple corporate insurance premiums in the blink of an eye. The advisement is hoteliers to educate themselves on the issue, consulting with an attorney, if necessary. 5. Security as taboo "Security" still is something of a taboo in the global hotel industry.Hoteliers need to do a better job of "turning on the light" by talking about security openly and regularly at staff and association meetings, and hotel executives should insist their GMs make security a priority

1. ITAccording to the article, most mobile devices that are used for business are unprotected. Meaning that the devices if the device even have a password and if it does the password is not very complex. There could be thousands of employees accessing company information via the cloud through unprotected smart phones or other mobile devices. This could organizations at risk to hackers and other criminals  2.  TerrorismAlthough terrorist threats are less of a concern nowadays, that does not mean hotel managers should discontinue stressing the importance of security within their establishments. Keeping employees aware and diligent can prove to be a delicate assignment but it is a necessary of part of maintaining a safe work environment in the twenty-first century. 3.  SkimmersSkimmers are devices that steal credit card numbers when consumers use them for payment. Unfortunately, it is most commonly an employee on the inside who is committing the crime.  A third party investigation team will be needed to prove who is stealing from the establishment.  4. Liability and Insurance FraudCombined, these two issues could sky rocket a company's insurance costs through the roof. It is crucial that hoteliers be aware of the legal system and educates themselves on issues concerning liability. Both patrons and employees alike could potentially file claims against an establishment and entitlements can quickly get out of hand.    5.  SecurityDespite the best security measures, there is always the possibility of unforeseen danger. This fear of the unknown is a concern for hotel workers. To confront this fear of the unknown managers must regularly and openly discuss security with employees.  Security should be held as a top priority. 

This article discusses five main concerns brought on by the current state of hotel security. I must say that some of this information surprised me. Something that especially surprised me was learning that mobile devices that are used for business hardly use passwords. The article states, "Amplifying the problem is the sheer number of devices, he added. A company could have tens of thousands of smartphones or laptops in the field at any given point-each a potential gateway to hackers and other criminals." This piece of information is very unsettling to me. How could such valuable information not be protected? The article suggests the solution to this problem is PCI DSS. Terrorism as number two on this list also surprised me because that is not something that would first come to mind for me. The article states that it is ironically on the list for becoming less of an issue. I suppose this reminds hoteliers to never let their guard down when it comes to issues of safety and security within the hotel. However, "skimmers" and liability on this list does not really surprise me. The article suggests that hoteliers be educated about these issues to protect the hotel against them.

Saudi Arabias national oil company, Aramco, was attacked by a computer virus, Shamoon, and it is suspected that an insider or employee assisted the hackers. The virus spread through the network and infected about 30,000 PC business computers and wiped their hardrives. This is one of the worst attacks against a single business. The hackers who claimed responsibility, The Cutting Sword of Justice, were politically motived. The companies more important documents including plant operating networks were not affected by the virus because they were on a separate and higher security network. Recently, other Middle Eastern natural gas firms with relations to Saudi Arabia have been hit by cyber attacks. Because the Aramco hackers admitted their motives against the Saudi Arabian government income sources, I think that all the cyber attacks may be politically motivated. As a Middle Eastern oil company with relations to Saudi Arabia, this is a major indication to take precautionary measures and increase network security. This attack demonstrates that no matter how much security you have in place, if an insider is willing to assist hackers or provide hackers with necessary information, you are no longer protected. It would seem imperative that employees with this access are chosen carefully or network access is very limited.

A relatively unsophisticated group of hackers stole millions from Subway by hacking through their poorly secured POS systems. These franchise businesses possibly failed to adhere to the standard required by Subway Corporation and failed to establish two points of entry for remote access into the POS system, making it easy for hackers to steal credit card information. These types of crimes are likely to increase in the future as hackers from around the world take advantage of sub-par security systems. Businesses can no longer concern themselves only with the sale of an item, they also need to offer a sense of security to their customers and accept the reality that cyber theft is a rising problem.

It seems everybody should check their online accounts frequently=_=

Jeremy, I can appreciate the transparency of those restaurants. I wish more businesses would be open about their security. People are wound pretty tight about money right now and need to feel that the business world does care enough to protect their information.

After September 2011 alot of changes have occured in airline and airports throughout the world. TSA has purchased, trained, and introduced innovative machinery that can easily detect authorized items inside luggages. The US governement have spend alot of money also to simply protect the nation from terrorists and any form on violence especially in the hospitality and tourism industry. Alot of th airlines have changed the way they used to operate before the attacks; for instance food is no longer served on airplanes, and more fees are charged for luggages and definitely more screening in airport terminals. The introduction of air marshalls and new machinery have definitely changed the perspective of traveling nowadays, travelers have to wait longer to be screened and to even get out of the plane after the plane have landed at its destination. On a positive note, everything that have changed is for our own safety as citizen of the US and i personally believe moew things should be implemented if it can only improve the way we are being protected.

This article highlight what different hotel chains are doing in order to "go green" It looks at different sections of the hotel and explains what the hotel chosen is doing to go green in the different areas. The first are is the Guest Room. The article explains the the Kimton Hotels have recycling bins for bottles, cans and paper and this increase there recycling rate to 75% over 3 years. The second area the article touches on is the Kitchen. It explains how the Fairmont Hotels and Resorts are encouraging their kitchens all over the world to use organic foods. The third area the article explains in the Bathroom. Apparently, the Aloft group has installed refillable shampoo and body wash dispenser at its locations and plan to do it for the future locations they are opening. As it relates to the outdoors, Asia's Six Senses is protecting the seascapes with chlorine fee pool sanitation system in order to protect the coral and marine life. The article also explained that the RockResorts have changed chemical cleaners to cleaners that were more natural. The article also states that changes are being made in shops and boutiques. The Swedish Scandic hotels stopped selling bottle water at 147 of their hotels and Banyan Tree resorts has partnered with local vendors to sell in their boutiques. I feel that all of these hotels and resorts are going in the right direction in order to save the environment in which they operate.

This article described the goal of Marriott's environmental initiatives goals and what did they do in all over the world. Marriott plays a leading role in the environmental initiatives in the industry. It can reduce wastes and costs. What's more, it can improve the image of the firm. I think other hotel chains should learn form Marriott and set up their image. This can not only help protect our world and life but also make a great contribution to the development of the company.

This article is about the replacement of Halon 1301 as suppression agent in server rooms. Halon 1301 was an effective and popular clean agent alternative to traditional water-based fire suppression system in the 1980's and early 1990's. Yet, in 1994 the U.S. Environmental Protection Agency banned it because it was determined that Halon 1301 aided in the depletion of the Ozone layer. The articles indicates that two great alternatives were found to replace it. One of these choices is inert gases. Naturally present in the atmosphere, inert gases extinguish fire by reducing the level of oxygen between 15% (the minimum needed to burn fire) and 14% (minimum safety oxygen level required). The second alternative, according to this article, is synthetic gas, which extinguishes fire by removing heat rather than suppressing oxygen levels. The average cost of an unplanned data outage is about US$7,200 per minute, therefore, under-protecting an IT data room is unacceptable.

This article discusses the liability for a cyber breach at various branded hotels between the franchise owner or the corporation. The Trustwave 2016 Global Security Report stated that the hospitality industry had the second largest amount of data breaches. Additionally, more than half of the breaches are from a corporate/internal network breach. According to a Ponemon study, the average cost of a data breach is $4 million. While this is alarming, it is a surprise since hotels store numerous amounts of personal customer data including guest's credit card information. The article states that cyber hacks are largely due to the gap in not knowing who is responsible for the cyber security. There is an issue of control of data versus franchise network requirements. The hotel brand places individual franchisees in control of their own cyber security. However; they must rely on many centralized corporate owned reservation systems that could be possible access point for cyber attacks. The article suggests that the individual franchisee should make more effort in protecting their customers information as the hotel brand will take most of the blame. This does not help either side. Also, it mentions that in order to protect the hotel franchise it is important to have updated systems and should consider investing in cyber insurance.

Shred-it, a global information security service provided by Stericycle Inc., is providing services such as document destruction, hard-drive destruction, media destruction, etc. Shred-it hotel clients are helped to stay compliant with the latest laws around protecting consumer data and confidential information. Shred-it also offers hotels with implementing new policies and procedures that will better help their physical security as well as policies limiting employee access to certain areas.

The article reports that the great majority of hotel guests desire to have state of the art innovation for their convenience, such as casting and voice interface technology. The type of innovation stems largely from guests being able to use their laptops or phones on the TV, while also access hotel services such as restaurant hours and possibly food services from the same interface. They assert. however that it is important for hoteliers to know how guests may be able to keep their identity hidden from potential practices such as "integration with the platform that may use this data for remarketing", integrate a system that can understand an manage foreign accents. It also brings up concerns of how to measure return on investment, showing a increase in revenue and that it is possible to update the interactions with guests once the technology is deployed.

This article talks about the efforts computer companies are making to reduce the negative environmental results of traditional technology equipment. There are more than 60 electronic devices from companies like Dell and HP that are becoming apart of the U.S. Environmental Protection Agency. This is a funded project called EPEAT that has the goal of identifying environmentally friendly computer equipment that still outputs the same level of performance for the customer. This new "green" certification system even provides a list online of the products that meet the standards. EPEAT allows customers to rank computer electronics by their environmental. There are 23 required criteria and 28 optional criteria involved in the rankings. The optional criteria determines if the product is EPEAT Bronze, Silver, or Gold. These standards include having lower levels of lead, mercury and cadmium as well as being more energy efficient so they reduce emissions put into the atmosphere to help reduce the levels of greenhouse gases. These products are also more simple to upgrade and have recycled… businesses actually have to provide safe ways to recycle the products they sell when the customer can no longer use them. Manufacturers think having an even playing field for the customer to be able to view their products by environmental aspect is better and are proud to be apart of something so beneficial to the environment. The EPEAT program was expected to reduce 13 million pounds of hazardous waste and 3 million pounds of non hazardous waste.

This article tells us about the fact, that now days the global hospitality industry is one of the industries which is most frequently targeted by hackers. In order to avoid any attacks there must be tighter control across a hotel and its network of partners. So the main 3 aspects which will help to avoid attacks are: -assess risks everywhere -protect the POS system -find malware and keep data protected

In a way, fighting cybercrime is everybody's business. Think of it as an obligation to do your part in the fight against cybercrime. For most people, that means following a few simple, common-sense steps to keep yourself and your family safe. It also means reporting cybercrimes to relevant officials at the appropriate time.