Group items tagged

Take Chipotle, for example. The company got devalued by about $400 million after they suffered a data breach.

because most go belly up six months after an attack.

Unprotected WiFi

Criminals pretend to be from the U.S. government and inform targets their COVID-19 stimulus check is ready, but they would need to verify the details of the recipient first before they can send it.

CRM software data, which may include names, addresses, and even birthdays. One of the most common ways to achieve this sort of attack is via malware (malicious software). Hackers find a vulnerable backdoor to a restaurant's network to install malware on the POS system. Malicious code then records every transaction and every detail, sending it back to the criminal's server over the internet.

GrubHub drivers scam both the restaurants and the customers by marking the deliveries as complete and pocketing the tip money, without bothering even to pick up the order from the establishment.

Businesses are scrambling to find suppliers amidst the chaos, and criminals have been taking advantage of the confusion

Scammers are posing as representatives from the World Health Organization (WHO), the Center for Disease Control (CDC), and other public health agencies

social engineering on the restaurant staff to pull off phishing attacks.

PCI compliant.

conduct a risk analysis

hiring a security expert either full time or as a consultan

Secure your network and always change the free WiFi access point's password with a strong one every day.

latest operating system updates

Force multi-factor authentication

strong passwords

Ensure sensitive data encryption

web-filter to secure your WiFi network

Install a robust security software program on all computers and devices to block, detect, and clean malware.

Conduct regular cybersecurity training

It was all a scam, of course, the result of one of the most brazen online attacks in memory.

But soon after, the list of victims broadened to include a Who’s Who of Americans in politics, entertainment and tech, in a major show of force by the hackers.

Twitter’s investigation into the breach revealed that several employees who had access to internal systems had their accounts compromised in a “coordinated social engineering attack,” a spokesman said, referring to attacks that trick people into giving up their credentials

the attack was concerning to security experts because it suggested that the hackers could have easily caused much more havoc

Security experts said that the wide-ranging attacks hinted that the problem was caused by a security flaw in Twitter’s service

Cybersecurity experts said the attack showed how vulnerable social media remains to attacks

The hotel industry attracts cybercriminals because it handles so many financial transactions in so many countries.

The top threat to hotels is phishing, a scam in which hotel guests may receive fake phone calls claiming to be from the front desk. The caller could claim that there is an issue with the credit card on file and that they need to re-verify the payment method. 

DarkHotel hacks are another significant threat. These target travelers via hotel Wi-Fi. Digital certificates are sent to guests, like a familiar adobe update, which will retrieve sensitive information. Hotel chains are combating these hacks by suggesting that guests use a virtual private network.

Malware (malicious software) is something criminals email employees, under the guise of the attachment or link looking innocent or legitimate. But when the user opens the file or clicks on the link, their system (and more) can be hacked into by the criminal.

IT department should routinely update operating systems and back up data and files, and every employee should double-check sources when asked for software administrative permissions. Also, strong firewalls can limit bad traffic and provide security. 

Software and hardware can help prevent breaches, but employee training is also an essential part of any hotel’s cybersecurity.

In 2018, a Marriott reservation system was hacked. More than 500 million customer records, including credit card information and passport numbers, were stolen. The company said the hack went back four years prior to the discovery and, when it was noticed, the company started using computer and mobile device monitoring software.

“Guests can enroll in a service called WebWatcher, which monitors the sites where personal information may be shared and alerts guests if evidence of their personal data is found,”

Hotels are not alone in being targeted by cybercriminals: The airline industry has faced serious cyberattacks as well, and many airlines still aren’t equipped to handle them.

only around 35% of airlines and 30% of airports are prepared for cyberattacks.

"The proliferated effect of the attack on SITA is yet another example of how vulnerable organizations can be solely on the basis of their connections to third-party vendors,"

The aviation industry faces dangers such as ransomware and distributed-denial-of-service attacks. Following the SITA attack, HackerOne solutions architect Shlomie Liberow stressed that airlines need to prepare for the worst. 

traditional enterprises like airlines have always been an attractive target since few are digital-first businesses, and therefore have relied on legacy software, which is more likely to be out-of-date or have existing vulnerabilities that can be exploited."

The airline industry needs to keep third-party vendors in check when it comes to protecting information. Given the high stakes involved, experts suggest that blind trust is not an option. 

“You simply cannot know whether your third parties meet your company’s security controls and risk appetite until you’ve completed a full vendor security assessment on them,

It’s important to note that the best practice is not a ‘one-and-done’ activity, but through real-time, continuous monitoring.”

In 2015, hackers targeted Polish airline LOT’s ground operations system, affecting 1,400 passengers. The hackers made it impossible to create flight plans and flights. It was the first attack of its kind, and it caused concern about cyberattacks one day remotely taking control of planes.

To address the threat, the standard advice is to back up and store data in multiple places, including off your physical premises, and have one copy of it be offline

Multifactor authentication and long, complicated passwords will take longer to crack. Updating and patching systems regularly helps companies avoid being victimized when a new exploit is discovered.

Treating cybersecurity as a companywide concern, not an IT concern, encourages each employee to take ownership of their actions and knowledge and to seek help proactively instead of making an “innocent” mistake that costs the company millions of dollars.

Finally, companies should avoid simply throwing money at the problem: Not all cybersecurity solutions work together, which wastes money and increases the risk of a breach.

Taking a few extra seconds to book directly with a hotel or a trusted travel agent can save time and money in the long run, and lead to a better travel experience overall.”

constant flow of new companies entering the online travel market—suggests we need to do more to protect consumers.

AHLA encourages consumers to book directly through the hotel website or mobile app

Auto-grat scams

Automatic tip calculation is a genuine convenience for large parties and those who have difficulty determining appropriate gratuities.

Your POS has the ability to determine which tables qualify for an automatic gratuity, so management can easily see which large parties in your dining room will be targeted. If you see cash left after a table has already paid a bill, you may want to intervene and remind the guest that gratuity was already covered, and additional cash should only be left if they intended to do so.

Coupon scams

Discounts are a fantastic marketing tool. But they’re only good if the customer is aware of the deal.

Thankfully, your POS system can ensure all active coupons loaded into the system, and that they’re applied directly to an order, rather than after a cash transaction is complete.

Voided transactions

Except there are no guests behind those transactions – just wads of unaccounted cash. In a slow restaurant bar, this would never fly. But in a thumping nightclub with high ticket table service bills throughout the facility, a “mere” $500 discrepancy is a drop in the bucket for management, and an easy target for scammers looking to pad their own pockets. Even worse? Serving up complimentary drinks for cash transactions and pocketing the money but adding a tip to the jar as a cover-up.

The “Wagon Wheel”

In this scenario, a waiter transfers an item like a soda from one check to another prior to closing the tab when a guest pays in cash

Then, the next time a guest orders that soda, the server starts the ticket on that tab and continue to transfer the soda while they pockets the cash. Sometimes known as the “revolving soda,” this frequently happens with items like beverages where the server or bartender is preparing their own.

To avoid this, restaurant owner’s can monitor activity and behaviors such as low sales of server-controlled items like drinks, compare bartender performance over the same shift, or set restrictions requiring a manager to authorize any transfers.

The list goes on. But, thanks to loss prevention features built into modern POS systems, hospitality managers now have the ability to get ahead of scams being run.

By leveraging algorithms to identify patterns and suspicious transactions, such as increases in coupon redemption or notably low cash totals, and help you bore down to the source of the problems, before they get out of hand.

But the practice is growing more and more sophisticated, panelists said, and phishing attacks are increasingly targeting high-ranking executives, including those in the hotel industry.

without checking with multiple sources and having face-to-face conversations.

In such phishing emails, the scammers will order subordinates to authorize large wire transactions under the guise of the transfer being for some sort of acquisition or other major transaction.

projects (they’ll do), along with the methods and styles of communication

take over the email accounts

Ransomware is the practice of finding some vulnerability in a company’s systems to abduct their information or the functions of those systems and then keep it hostage until someone gets a payoff.

breach of your point-of-sale systems and loss of customer payment card information.

extent of your insurance coverage in the case of such an attack

Braun called point-of-sale attacks the single biggest cyber security threat to the hotel industry.

denial of service, or DDoS attacks

hijacked and then used to send little pulses to bring down systems.”

By Friday morning, the festival, founded by the rapper Ja Rule and the tech entrepreneur Billy McFarland, was in damage-control mode. “Fyre Festival set out to provide a once-in-a-lifetime musical experience,” the organizers said in a statement. “Due to circumstances out of our control, the physical infrastructure was not in place on time and we are unable to fulfill on that vision safely and enjoyably for our guests.” (A second weekend, planned to start May 5, was also scrapped.)

internet programming, the ocean and rap music.

But the pair soon discovered logistical hurdles, including a lack of proper water systems and transportation. “There wasn’t the infrastructure we needed. We attempted to build a city out of nothing,” Mr. McFarland said. “Neither of us had developed an island or a festival before.”

Still, after a few months of planning — including adding sewage piping and buying an ambulance in New Jersey and shipping it to the island — the organizers thought they were ready for the crowds until the storm on Thursday morning washed away some of what they had built.“Our mistake was trying to own all of it in-house,” said Mr. McFarland, who is also the founder of Magnises, an exclusive members-only benefits card for upwardly mobile millennials. “We were in over our heads.”

The Bahamas Ministry of Tourism expressed its dismay in a statement on Friday, citing the festival’s “disorganization and chaos.” It continued: “ We offer a heartfelt apology to all who traveled to our country for this event.”

The PCI Security Standards Council claims that since March, malicious virus-related reports are up 475%. The reason for the uptick is that cybercriminals are trying to take advantage of rapid changes to the payment-card data environment. In addition, 41% of small businesses have said they’ve suffered breaches costing more than $50,000 to fix.

Contactless payment is one of the big changes within the payment data environment. Several restaurant companies – from chains to independents – are offering it because it reduces customers' physical interaction with the restaurant's POS system. As part of this move, some businesses have eliminated credit-card PIN numbers.

Eliot says malicious email is usually the easiest way for cybercriminals to access your networks. The emails typically show up as urgent requests for sensitive information, often pretending to be from the Small Business Administration or the Centers for Disease Control and Prevention. When the intended victim types in his or her credentials and clicks on a specific link or downloads an attachment, criminals are in.

Anyone looking for easy-to-implement security tips can try these six to start. Reduce areas where payment-card data is stored. The best way to protect against a data breach is to avoid storing any card information at all. With many small operators offering curbside pickup and accepting payment over the phone instead of through face-to-face transactions, it’s important they train employees not to write down payment card details. Instead, have them enter numbers directly into a secure terminal. Use strong passwords. Using weak and default passwords is one of the leading causes of payment data breaches among businesses. Effective passwords must be strong and updated regularly. The most recent guidance is: the longer, the better. Think of it almost as a “passphrase” rather than a password. Use it in the form of a sentence, but mix in different characters within the phrase. It’s much harder to break a long passphrase than it is a short, complex password. Weak and vendor default passwords often result in small business data breaches. Also, don’t repeat your passwords. Update your software often. Criminals look for outdated software to exploit flaws in unpatched systems. Timely installations of security patches are crucial to minimizing the risk of a breach. Whenever updates are available, use them. They will improve performance and close out some of the vulnerabilities cybercriminals are searching for. Enable two-factor authentication. It's so important for restaurateurs, especially where their POS systems or any of their sensitive databases are concerned, to have two-factor or multi-factor authentication enabled. If an instance where credentials are stolen occurs, there will be a second layer of verification the operator can rely on to potentially reduce the chances that information will be breached. Segment your networks. If you are going to store payment data, make sure your POS system has its own separate, secure network. Do not store sensitive documents on public cloud services such as Google Docs or DropBox. If you’re going to store sensitive documents, house them in an encrypted, locked down location.   Be hyper-vigilant. Criminals are going to try to take advantage of this pandemic situation as much as possible. You can protect yourself by not giving out sensitive information, especially within unsolicited emails. Don’t click on links you’re not expecting and do everything in your power to protect all sensitive information.