Group items tagged

This article is related to IT security in hotels. Around six months back a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators met at the LodgeNet's Customer Technology Symposium in Chicago to discuss on how protecting customer data is becoming their top priority. This type of situation was brought to a head earlier this year when marketing services giant Epsilon experienced a massive breach to its email systems. According to a SecurityWeek report, among those impacted by the breach were several hotel operators, including Hilton, Ritz-Carlton and Marriott. According to a 2010 Wall Street Journal report, the most common security vulnerability in hotels is point-of-sale software. Often, hotels do not require employees to change the default names and passwords of these programs, making it easier for hackers to break in and steal customer information. To overcome some of these and other concerns, McBeth said hotel operators are applying the best practices detailed by the Payment Card Industry Data Security Standard (PCI DSS), which aims to address data security for businesses that handle payment cards. However, he admitted that the task of ensuring protection throughout an organization is difficult, given the number of channels where vulnerabilities could be uncovered. This being the case, it is encouraging to see some hotels are making moves to lock down their data security practices. There is clearly a great deal of work that needs to be done, but if a hotel can demonstrate it is capable of protecting customer information, it may be more likely to inspire confidence in consumers, which, in turn, could afford the hotel a competitive edge.

Its a tough task to monitor this, because at the end of the day, the responsibility is at the property level to ensure that data is secure across the board. So training employees on the importance of data security and what a breach means could go along way.

This article covers the research behind and design of software implemented in the Czech Republic to monitor visitor activity in protected areas. The software is designed to act as a "tour guide" and keeps track of visitors through satellite positioning. The article discusses the process by which this software would be developed, rationale for its implementation, and consumer data that may be collected through this process that would benefit National Parks and other protected areas. Theoretical questions in regard to human interaction, privacy concerns, and effectiveness of the application in low-service areas are discussed. Though the application requires more research and strict attention to variables, its implementation worldwide could change how sustainable tourism is managed and would provide important information on consumer habits in protected areas.

This article deals with the theft that happens on a daily basis in the hospitality field. It happens when credit cards are used to pay for something, like a reservation, and thieves want the information, so they can use your credit card number for whatever intentions they may have. As the article states, "our data is under attack". I can relate to those people that have had credit card numbers stolen, because it has happened to my husband and me, and it is a horrible feeling trying to get your life back on track and recover your money.  I think it would be a great idea, with some research, to get the point to point encryption technology in a field where credit cards are used so often, not only to cover the business (hotel), but also to protect the guest, so they feel at easy when they travel on vacation or business.  The overall point of this technology is to encrypt the information as close to the point of entry, i.e. the swiping of the credit card, as possible. This would in turn "significantly reduce a merchant's card data environment", as the program would encrypt the information so that hackers cannot access the customer's information. As I mentioned earlier, questions should be asked before buying this technology, as there is always something new on the market that may be better. Credit cards are not always swiped, but can also be manually placed in the system, so you want to make sure, that both transactions are protected. Overall, the establishment should always be concerned about the customer and their safety, whether physical or mental and always be prepared for the worse.

Great article! Personally after being a victim of credit card fraud, I'm very apprehensive of where I shop, who handles my card and how long it takes them to return it. I recently cancelled a large purchased after the cashier insisted on rubbing my card number on the reciept after the transactions had be approved. In my mind, I was thinking "If I let you do that, then I've open the door for anyone to charge thousand of dollars. I don't think so." As a manager, who hands credit card numbers for manual input, I'm very cautious of them and want to insure that they don't get into the wrong hand. Aftern each transactions is approved, that number is shredded and the credit card machine is batched out. Companies don't realize how important it is to PCI compliant. The risk in exposing sensitive information of our clients and customers can cost thousand of dolllars in fines and fee, in addition to the lost of that customer/client.

Marilyn, Great Article...as a Front Desk Manager, it is my responsibility to randomly check our computers to ensure employees are not placing USB driver to collect data from our system. Our company has taking this a step further by putting metal locked case around the PC to avoid possible fraudulent activity. If we have to open a PC, we must log it to show proof why a PC became unlock. Companies should adopt similar procedures to protect the consumers/guests. Nelson

Having a good network security eliminates viruses and you are less vulnerable to identity theft or malware that can ruin your data. It is good t run regular weekly scans to ensure that your machine is not infected. It is also good to update the anti-virus programs and the operating systems to ensure that you computer is protected against the latest threats. Using a firewall will help to protect against malicious software and prevent people from traveling through your network connection. With router security, by using a strong password protection people won't be able to get access to stealing your data and this will improve security. Using a computer network suite such as Norton or McAfee is a good option because they have a variety of software, including anti-virus, firewall, identity protection and back up features. They all work together to protect your computer from threats.

Sometimes, virus comes from the misoperation of the staffs. A lot of times, when the anti-virus system warns the user of the computer, most people will not spend too much time reading and thinking about the warning. Then they pay make wrong choice so that virus are downloaded to the computer.

The problem of the security in the internet is always risky for companies. Even though the customer trust the companies, but acctually, the companies sell your information without ask you if you want to share your information. For me, the organization for keeping the customers' information secured is useful and make sense, but I don't believe any companies want to pay for such service. They want to get income through selling the customers' information to other for comercial using. However, if the government make policy and establish law for protecting the customers information, it will be different. I think it will become a trend to promote. 

This article discusses the importance of restaurants protecting their systems and data from a security breach. This is a major issue for the food and beverage industry. According to a data security research and investigation firm, "the food and beverage industry accounted for 57% of all data breaches it investigated last year." This finding was a 44% increase from the previous year. Author Barbara King notes important risk management measures for owners and managers. Using strong passwords and non-identifying network web names are simple preventative measures. A few more include firewalls and installation of antivirus software. These must be kept updated to be effective, though.  Another preventative measure she discusses is logging all remote access and utilizing two forms of user verification for access points which are considered higher risk. Still other measures include segmenting the network cardholder data environment so it will not be a target. Finally, one of the most important security measures is complying with PCI DSS. This is essential for protecting payment data from customers and securing networks. This standard also gives important guidelines for proper handling of such data. In the end, these are all things we must do to keep and protect a loyal customer base.

This article divulges into the world of internet security. It explains how with even the most secure connections there is always a possibility to spoof an identity, provide forged documents and/or allow cyber-criminals to be someone they're not.  The Online Trust Alliance or OLA, is an organization deeply involved in several areas that are highly business-relevant and in how companies should safety interact with customers, clients, and/or anyone who uses the internet while at the same time protecting their personal information.  In conclusion,  no organization is immune to a loss of personal information. Consumer information, employee records, etc are all available for the taking if not properly protected and/or a contingency plans developed in the event of. However, with the help and knowledge of the OLA,  preventing such instances from occurring can be drastically reduced .

Memorial Day weekend will soon be upon everyone and with summer officially kicks off. This article talks about how hotels can clean up and do better to protect their guest personal information. A few years ago, all major corporation were required to adopt General Data Protection Regulation (GDPR) regulations which helped some hospitality companies. In my current capacity with Marriott International as a Workforce Administrator we were required to schedule all customer facing associates for training on GDPR. Prior to Marriott acquiring Starwood hotel company they had their own data hacking which caused an increased expense for Marriott to let customer know they were doing all they can to stop the data breach and protect their personal information. They also created a dedicated call center for this effort to let guest know that they will continue to put protecting their personal information as a high priority. This article outlines how hotels can prepare for increased guest traffic and protect their guest personal identical information. One of my responsibilities as a Workforce admin is to handle staffing for all of Marriott International Customer Engagement Centers. Employee training on GDPR is required every year for Marriott associates. Training employees on how to better protect guest personal information is more cost effective than dealing with a data breach due to negligence of an absent-minded employee. Guest expect to know their personal information is going to be protected. This allows them to have piece of mind. Leaving a clear and clean area allows for guest to feel that their information is being protected. Imagine walking up to the front desk and finding the previous guest personal information cluttered in view. This will make the current feel their personal information will left unattended and viewable to the guest to walk up causing nothing but anxiety attacks. Unable to enjoy their summer vacation. Guest expect that the overall security of the hotel

Another point as for the "clean desk" policy goes, it also needs to include stricter policies on securing credit card information. It should not be written down or repeated on the telephone. In an open environment sound can carry and unwanted parties can hear. Cell phones should be stored away from the desk, because cell phones are in itself a potential security breach.

Our hotel as well has reinforced the clean desk policy. I remembered the data breach for Marriott it was in most major news channel and at work for several months we had the same questions from our guest requesting more information. As you stated a hotline was created and of of course the most surprising for me was the acceptance from our guest. Main responses were, with the new technology advance world we've coming and going into that is something we all have to face.

This article highlights several important security issues in the hospitality industry, followed by the practice of protecting data from loss. The data structure of the hotel industry is complex, customers mainly use bank cards to pay, and the staff turnover rate is high. There are certain internal threats. In order to solve these problems and avoid data loss, it is not enough to strengthen network security. It is also important that employees are trained and familiar with and comply with relevant regulations.

Hospitality offers an ideal target vector for conducting Cyber crimes such as identity theft and credit card fraud due to the existence of multiple databases and devices containing both Payment Card Information (PCI) and Personally Identifiable Information (PII). Restaurants, hotels, and other companies in the hospitality sector often have complex ownership structures with an individual owner or group of owners, and a management company that acts as the operator. Each of these groups may use different computer systems to store information, and the information can also frequently move across those systems.

In this article, we learn about the top five data security risks as well as best practices to help prevent data breaches. According to the article, the hospitality industry is a prime target since it stores a vast amount of sensitive guest information like names, phone numbers, addresses, and credit card numbers. Some of the five risks included complex ownership structures, reliance on paying by card, and insider threats to name a few. In order to avoid these threats, the article suggest that companies become PCI compliant, use cybersecurity measures like firewalls, and know where exactly their data is stored.

The Article attached to this link reports commun issues found in hotel internet networks. The author mentions a study conducted with 38 hotels. It resulted that 33 out of the 38 hotels had flaws in their network configuration and allowed the researcher to access unauthorized information via the internet. We all understand that reliable internet connectivity is a priority for guests and business travelers; however, security is a concern that can't be neglected. Another reason to be concerned is that so many softwares and applications are stored via internet. Adding a password is a simple measure that every business should consider. Network issues cold not only hinder guests but the hotel as well.

According to the research by Cornell University, most US hotels are vulnerable to hackers. There are two main reasons contribute to the issue. One is the flaws in many hotels' network topology, making it possible for customers to lose their privacy. The other is careless employees provide access information to help hackers' breach. Ogle thought that WPA encryption, VPN and training employees are good ways to solve the problems. I think that if the computer networks of hotel are weak, the guests' password, email message or other private information will not be protected, and they will even suffer loss. So it is important for a hotel to use different measures as Ogle recommended to ensure the safety of the computer network.

this article is talking about the problem on the hotel network security. a author from the Cornell university said he tested wireless network at 38 hotels at the same time. he found that most hotels were easy to break into. moreover, as long as you use the Linux distribution BackTrack and a high-power wireless card and high-gain omnidirectional antenna, you can break into the hotel guest network and then get the password, email message and the website people are viewing. importantly, this procedure just cost 100$. this is full of loopholes. hotel manager should pay more attention on this problem. at the end of the article, the author recommend a security app called Wi-Fi Protected Access encryption. this app require the guest to enter the password if the guest wants to surf the internet.also, he recommend connecting to the internet using a Virtual Private Network (VPN), having updated anti-virus and firewall software and making sure each secured website starts with "https://" rather than "http://".

A large volume of customer data is handled on a daily basis, including card details, names and addresses. With the number of security breaches worldwide each year, it is no surprise that more and more people are aware of their data being given to anyone, and knowing it is sufficiently protected. All companies are legally required to meet certain expectations of data protection regulations, and as an IT provider, it is our responsibility to ensure that all IT infrastructure provided to your clients contributes to data protection. As the potential IT and Cyber attack, the customers are truly sensitive with their personal information privacy, especially when they stay in hotel, with all of their ID and financial information. The hotel should be more sensitive with our customer private information than they do, give our customer a relatively guarantee scenario in IT security in order to set them down without worries while they stay in the hotel or select the hotel when they booked. The more security in IT you give to them in both realistic life and promise, the more consumer will be glad to choose your hotel with an significant customer loyalty.

This article introduces five ways about how small hospitality businesses improve information security. Compared to big hospitality companies, small business owner(SBOs) are not fully aware of the importance of security and in turn, they are vulnerable to damage their brand and potentially sink the business. Especially, small business highly depends on word-of-mouth to advertise their brand. If they face the security issue, they might have no resource to recover when we consider their business size and budget. In order to help SBOs strengthen their information security protocols, first, disposal protocol should be kept when they dump or change the computer. In other words, they should remove and safely destroy the hard drive to ensure information is not recovered. Second, training is necessary. Training is one of the easiest ways to protect confidential data and employees should be knowledgeable of handling the information. Third, organizations must understand the responsibilities for data protection and ensure their protocol comply with new laws. Thus, they should keep up with any changes in legislation. Fourth, paper shredding is necessary. Though we pursue paperless office, still paper is being used, so paper shredding is required to avoid the risk of data breach. Lastly, SBOs should use locked storage consoles to protect sensitive data.

This article describes the destructive effects of cyber attacks on enterprises, especially small and medium-sized enterprises. Because it does not have sufficient prevention and sufficient resources for disaster recovery. The most direct cause of current cyber attacks is that people open some risky websites or emails in the wrong place. For the hospitality industry, there is a large amount of customer privacy and sensitive information. Once attacked, its destructiveness is unimaginable. And to protect consumer data, most service industries just comply with local state laws, but most state laws have not made greater progress in information protection. Therefore, enterprises should protect themselves and their customers from cyber threats from the three aspects of their own network endpoints, disaster recovery and education.

IT security is a set of cybersecurity strategies that prevents unauthorized access to organizational assets such as computers, networks, and data. It maintains the integrity and confidentiality of sensitive information, blocking the access of sophisticated hackers. IT security includes Network security, Internet security, Endpoint security, Cloud security, and Application security.

This article covers a study performed on various hotels to determine management's level of IT knowledge and security implementations in relation to the hotel's IT security budget. The article discusses four types of technology impacting the hotel industry and how management responses to trending technology can affect a business, particularly in terms of a data breach and overall security. The study finds that an alarming percentage of hotel managers are not adequately informed on the risks and procedures of IT management and security, and many do not have proper IT security measures in place despite having an appropriate budget.

POS breach at White Lodging, huge important personal information was stolen and was able to access for over 7 months. White Lodging hire third party security firm to protect customers.The key to managing the risks are keeping monitoring systems and updating software. Besides, insurance is available to protect against costs for data breaches.

This article talks about companies transitioning to multifactor authentication as an added layer of protection of cybersecurity.

This article by Michael Toedt on "Data privacy matters in the hotel industry" speaks on the approaches that can be taken to protect guests' data and their privacy since these practices increase guests' trust and loyalty to companies. Accordingly, it is vital for hotels to securely store guests' information. Thankfully, CDM systems make it much simpler for hotel staff to manage data-related requests from clients, such as updating personal details. They also enable one-click deletions, preventing data disputes.

Like the tittle said, this article introduced some basic methods to keep data safe when connecting to public wireless hotspots. The author pointed out that whenever we connect to public Wi-Fi hotspots, most single piece of data can be picked up by anyone within range of the same network. It is very important to keep our data safety especially in the public place. The author introduced ten methods to protect data safety. It included turn off "auto connect", don't share files on computer, get a 3G or 4G adapter, create your own secure connection with a VPN, connect securely to your home PC, then connect to sites you need, firewall your computer and so on. During introducing the methods to protect the data, the author also told basic knowledge about how the data will be picked up by others.  In the part of don't share files on computer, the author pointed out that many people choose home network when they are connecting into public Wi-Fi which can let other people stole the sharing files. Also the firewall for the computer is really necessary to protect the data in the computer. Finally, the author told an easiest implementation which is restrict what you do on Wi-Fi. People should not do anything on Wi-Fi that you wouldn't want to share with anyone else like bill payments. It can let other people know your account and password when you make payments through public Wi-Fi.