Group items tagged

MGM Resorts falls victim to data breach last summer, more than 10 million customers' information were leaked out. It was took place through "unauthorized access to a cloud server." However, specialist said this breach can be avoided by regularly checking and monitoring. Also, specialist advised that MGM also need to take same security levels for data on premise in their could.

It was reported that MGM Resorts fell victim to a data breach on a cloud server but not much critical guest information was leaked out. Experts said that this kind of breach can be avoided by checking who was able to access the server regularly. Also, the company needs to monitor data to find out the leakage earlier than anyone else. Monitoring the data stored on the cloud should also be as important as those stored on-site.

the article gives details about a data security breach that the company was a victim of and how information of 10 million customers were shared .

Cybercriminals are constantly coming up with novel schemes to kidnap their victims. A recent cyberattack on a five-star resort should act as a cautionary tale for your company. In Oregon, the Allison Inn & Spa recently became the target of a ransomware assault that revealed the personal data of its staff and visitors. The stolen data was published in easily accessible form on the public internet and includes details from 1,500 employees and more than 2,500 guests, including dates of the guests' hotel stays as well as employee birthdays, phone numbers, and Social Security numbers. The "dark web" is typically the only place where stolen private information like this is released, making it harder to find through regular online searches. The goal of the cybercriminals was to coerce the company into paying a ransom. The public disclosure of the private visitor and staff information seems to have been an "experiment" to see if it would increase pressure on the company to pay the ransom. Cybercriminals may use this new strategy frequently in the future to demand ransom from their victims. The implementation of thorough cybersecurity risk management procedures should be considered by resorts. In the event of a cybersecurity attack, determine which systems were affected by the attack and immediately isolate them. Then, prioritize those systems for restoration and recovery. After which, involve internal and external stakeholders and retain legal counsel for advice. It is crucial that you hire a third-party incident response provider and notify law enforcement. Multifactor authentication should be used by businesses to protect network access, and they should also annually train all staff in cybersecurity best practices and keep offline encrypted backups of all internal data.

This article discuss the idea that cybersecurity has been neglected according to consumers and more emphasis should be placed on protecting their private information. It has been found that point-of-sale systems are the most common victims of these breaches, and most often at restaurants. Attackers are targeting systems with weak points and outdated software, making them at a considerably higher risk for breaches and cybercrime. Companies must start investing more in heightened security measures in order to retain consumer loyalty.

This article lists of some common security breaches that hoteliers need to be aware of and prepare the hotel system for.

This article talks about how cybersecurity can critically affect hospitality businesses if they are not careful about what ways could attack their business.

As the article states, "Protecting the identity and information of a customer is paramount to the success of any business and hotels are no exceptions." Quite unfortunately, cybersecurity issues are some of the biggest obstacles that hotels are experiencing nowadays. With hacking attacks such as phishing and ransomware, hotels need to invest in increasing their cybersecurity as any breach can lead to a downfall in business loyalty and brand.

The importance of delivering safety, security, sustainability, and service in the hospitality industry is becoming an important aspect of our society. This article discusses each principle and addresses essential information that can help deliver legendary experiences to guests. As social media and review sites become a way to engage costumers in expressing their overall experiences it is important that you ensure the up most excellent experience in every aspect to create consumer loyalty. * Safety - must be the number one priority in any hospitality business. Any issue that violates the duty of care of any guest should be addressed and taken very seriously to avoid negative affects to the brand. * Service - Excellent and hospitable accommodations is the reason why frequent travelers return to the same establishments. Training your staff to be diligent and welcoming will help promote the brand values. * Sustainability - one of the latest trends is environmental sustainability within the industry. Guests are conscious of the importance of sustainability and want to feel like they are part of the movement by booking hotels that are "Green". * Security - due to the large risks of security breaches any business is susceptible to be a victim of cyber attacks. It is important to promote security by having a proactive and preventive plan in case of a security breach.

This article talks about how there is a serious concern in the hotel industry when it comes to credit card and identity theft. They talk about how all the major brands in the hotel industry were all victims of highly publicized, major breaches in the last year alone. Also, including airline and banks, hotels maintain a wealthy amount of database of personal and financial data. For example, with new technology systems being created, POS systems are a weak security point for many networks because they are constantly in use and are not always updated or even protected from vulnerabilities. The article talks about personal details for hotel guests are frequently stored in a variety of locations including restaurants, facilities, and government buildings, so hackers have a greater possibility to access your personal information. The bigger hotels are in more danger because of the volume of guests that come in and out of the location. Smaller hotels should be concerned not just about their security but also by ransomware, an increasingly favorable tactic to extort hoteliers by hackers who encrypt the hotels data making it inaccessible until ransom is paid for. I believe hotels need a toolbelt of various securtiy technologies that can be used to prevent future malicious attacks. I think by managing and implementing a firewall is essential which helps get rid of dangerous traffic from coming onto the network and preventing sensitive data from being hacked.

MOD 10: This article discusses the main tactics of cyber hackers that target hotels. Point of sale (POS) systems are easy targets for hackers due to their constant use during operation hours and because of that their security measures aren't always up to date. Hotels have large data banks since they're storing consumer profile information such as home addresses, phone numbers and credit card numbers. There's a large risk when it comes to security breaches within franchises because they have access to their parent company's regional, national and global systems. If their systems are hacked and breached, then that puts the whole system of the brand at risk. Security breaches within a system can also damage a brands reputation with the public. According to the article, "Recent major breaches at Fortune 500 companies and household names across the retail, restaurant and hotel sectors demonstrate that anti-virus, anti-malware and firewalls alone are not enough to secure businesses from the ever-evolving threat landscape." Smaller properties are even at a greater risk because not only do they have to monitor their compliance with PCI but also monitoring their security systems for their database and PMS system. Some of the recommended software's that should be used by hotels looking to be proactive with their company's cyber security is File Integrity Monitoring(FIM), Unified Threat Management(UTM), and Security Information and Event Management(SIEM).

This article explores the different tactics hotels should use after a cyber attack. The article mentions several different type of attacks such as Phishing when hackers trick customers into giving up their login credentials. Ransomware, when hackers encrypt data making it unusable and inaccessible for the hotel. Not one solution but rather companies should be equipped with a series of technologies from firewalls to file monitoring programs. Some of these technologies, like SIEM requires an intelligent IT team to have the capabilities of analyzing and monitoring the reports produced. This may be more difficult for smaller businesses to implement and maintain.

This article notes that many hotels have been the victims of cyber attacks. For example, in July of this year, the Four Seasons, Trump Hotels, and the Loews Hotels all had customer information hacked because of security failures. Furthermore, many of these resulted from vulnerability from the vendors. To address this issue, the article suggests that hotels should incorporate the following four actions: (1) Review data security policies; (2) Require vendors to take responsibility for their mistakes; (3) Analyze cybersecurity policies; and (4) Require brands and managers to test backup systems.

Marriott's data breach in 2018 exposed the information of over 500,000 guests including names, addresses, and passport numbers - leading to a class-action lawsuit and falling share values. The California Consumer Privacy Act, taking effect in 2020, gives Californians the right to know what information is collected about them and where this information goes. Amazon, Facebook, Google, Microsoft, Twitter, Uber, AT&T and Verizon are lobbying against the CCPA, but data-security regulations are being enacted regardless to protect customers against these breaches.

Several different hotel chains have fallen victim to hackers who have stolen the personal information of their guests therefore Hyatt is taking matters into their own hands. The hotel chain is offering a bug bounty program via HackerOne which will reward ethical hackers with monetary compensation for reporting flaws in their network and programs. They will then take the information that these hackers provide them with & work to strengthen the weaknesses in their cyber security.

The articles goes over why Hospitality should start making pre-payment the norm in the industry. The examples given are because of high cancellation rates, fraudulent bookings, and cash flow impact.

The article discusses how hotels are one of the E-Commerce industries where payment is predominately received after the service is provided and not at the time of booking/purchase like most e-commerce businesses. This practice has hindered revenue growth over the years due to fraudulent bookings, long lead times affecting cash flow, and high cancellation rate for reservations. Which is why hotels should aim to further encourage payment at the time of booking, which according to D-EDGE (a cloud-based e-commerce company & booking engine) can be done by increasing the number of payment options, exemplified by their partnership with PayPal, that enables hotels to accept payments fast and securely by integrating the widely used PayPal platform to the hotel's website.

This article is about the importance of changing the way payment is done in the hospitality industry. There are negatives to paying after you have completed your stay. It includes people canceling before stays and people booking without any intentions of staying at the hotel.

Statistics on credit card fraud to support why PCI compliance is important to protect consumers

High profile hotels near large events have had to respond to events such as mass shootings since the 2017 Las Vegas attack where a guest used as hotel room to carry out the shooting. Concert venues and large hotels are now using surveillance drones and predictive threat analysis to enable their staff to recognize patterns that could indicate signs of trouble. Security costs at large venues are expensive, and they are being passed on via ticket prices. Hotels need to evaluate their need for an active shooter plan and evaluate their "do not disturb" policies and train their staff to alert management when they are unable to enter a guest room, or when they recognize something out of the ordinary.

This article by Jaikumar Vijayan from CIO.com is very interesting because it provides a challenging question between personal privacy and public security. The government program code-named PRISM is the motive in which the government is using to gather statistical information. In my opinion, extreme privacy without scrutiny is not more valuable than the safety of Americans or other would-be victims. I don't think it is completely accurate that the stated companies such as Google, Skype, Facebook, Microsoft, etc. don't provide the "back door" for government agencies because they have loyalty to both consumers and the government. Completely free reign and unfettered access to government agencies is a stretch, but to say security agencies have absolutely no right to look for evidence or track suspicious activity for relevant threats and possible attacks is completely unfounded and uneducated. It would be a much larger folly for governments to not track terrorist activities and let their networks run free then to not study behaviors and contacts. Otherwise, people of bad intentions would communicate easily and freely without consequences and proper agencies have no leg-up on potentially dangerous situations. The American people have their right to privacy, but the founding fathers never could have imagined a world where it is so easy to exchange information, tactics or events so quickly. Even contemporary technical analysts and engineers couldn't fathom the technology we have now just 30 years before the internet became publicly accessible. And if they did it is safe to assume they're security measures would have been the priority of American lives than somebody scared of having their facebook messages or Google e-mail snooped on. After all, if you're not a terrorist, and surely you aren't if you're reading this, what is there to hide?

The article I read was called, "Restaurants, Beware: Hackers Want Your Customer Data." In the article it talked about how cyber criminals want credit card information from people so that they can make money off of them. Criminals find new ways everyday to breach systems and steal information from guests staying at hotels or eating in restaurants. It states that many restaurants and franchise businesses use unsecure and public WiFi networks are connected to the point of sale system. "Franchise businesses are particularly at risk primarily because franchises tend to have the same POS system duplicated at all locations." A lot of times businesses don't have trained security on staff, they just assume that their IT person will be talking care of the security. According to the article the best detection systems are neither the technology nor the security but it's the employees who work there. The employees can tell when something has changed in the system and as soon as they realize that, they need to report it to their manager. I never even considered people breaking into the systems and stealing credit card information but it does happen and it's important to know what to do in these kinds of situations.

1. IT The hot-button issue within the realm of hotel-information technology is mobile and cloud technology.A company could have tens of thousands of smartphones or laptops in the field at any given point-each a potential gateway to hackers and other criminals. To the problem the core principle is to provide end-to-end data protection with looking at cost and benefit and how it's supports the business. 2. Terrorism Ironically, one of the main reasons terrorism tops the list is because it has become less of an issue in recent years.Hoteliers need to keep their staffs and travelers mindful of possible threats, but they don't want to scare them. 3. Skimmers A related threat is that of "skimmers," or devices that catch credit card numbers when consumers use them for payment.The best prevention measure is to have an investigative team or third party on hand and making that known to employees. 4. Liability and insurance fraud These two related issues can double, triple, quadruple and quintuple corporate insurance premiums in the blink of an eye. The advisement is hoteliers to educate themselves on the issue, consulting with an attorney, if necessary. 5. Security as taboo "Security" still is something of a taboo in the global hotel industry.Hoteliers need to do a better job of "turning on the light" by talking about security openly and regularly at staff and association meetings, and hotel executives should insist their GMs make security a priority

1. ITAccording to the article, most mobile devices that are used for business are unprotected. Meaning that the devices if the device even have a password and if it does the password is not very complex. There could be thousands of employees accessing company information via the cloud through unprotected smart phones or other mobile devices. This could organizations at risk to hackers and other criminals  2.  TerrorismAlthough terrorist threats are less of a concern nowadays, that does not mean hotel managers should discontinue stressing the importance of security within their establishments. Keeping employees aware and diligent can prove to be a delicate assignment but it is a necessary of part of maintaining a safe work environment in the twenty-first century. 3.  SkimmersSkimmers are devices that steal credit card numbers when consumers use them for payment. Unfortunately, it is most commonly an employee on the inside who is committing the crime.  A third party investigation team will be needed to prove who is stealing from the establishment.  4. Liability and Insurance FraudCombined, these two issues could sky rocket a company's insurance costs through the roof. It is crucial that hoteliers be aware of the legal system and educates themselves on issues concerning liability. Both patrons and employees alike could potentially file claims against an establishment and entitlements can quickly get out of hand.    5.  SecurityDespite the best security measures, there is always the possibility of unforeseen danger. This fear of the unknown is a concern for hotel workers. To confront this fear of the unknown managers must regularly and openly discuss security with employees.  Security should be held as a top priority. 

This article discusses five main concerns brought on by the current state of hotel security. I must say that some of this information surprised me. Something that especially surprised me was learning that mobile devices that are used for business hardly use passwords. The article states, "Amplifying the problem is the sheer number of devices, he added. A company could have tens of thousands of smartphones or laptops in the field at any given point-each a potential gateway to hackers and other criminals." This piece of information is very unsettling to me. How could such valuable information not be protected? The article suggests the solution to this problem is PCI DSS. Terrorism as number two on this list also surprised me because that is not something that would first come to mind for me. The article states that it is ironically on the list for becoming less of an issue. I suppose this reminds hoteliers to never let their guard down when it comes to issues of safety and security within the hotel. However, "skimmers" and liability on this list does not really surprise me. The article suggests that hoteliers be educated about these issues to protect the hotel against them.

From what I research from the article, VLAN as a local area network itself actually is quite secure cause the fake IP address means a private one.  And it is already encrypted. But the hackers had imitate the hotel's main server. As for the technology developing, it seems like the more secure the system make, the smarter the hacker would be. 

This article introduced how hotels improve their network to enhance security. To reduce the potential for stealing by theft and hacker, the W Dallas Hotel set up virtual local area networks. Compared with relatively rundimentary hub technology and encryption for Wi-Fi, the biggest advantage of this VLANs is to inhibit attackers from using computer to imitate the hotel'smain server. I think increaing a hotel network's security is very necessary, still, people should pay more attention to this and improve the techonology to make sure the security of all aspects.

This article lists pros and cons of Cloud Computing for Hotels. What is surprising is that Cloud Computing can be costly as opposed to the common belief that Cloud Computing is a great cost saver. According to this article, if your IT resource pool is too big, it is less likely that you'll see any enormous financial advantage in outsourcing to the cloud. In addition, there is a method being used by hackers to increase your Cloud usage significantly and make you end up paying a lot for it. The method is called DDoS(Distributed Denial of Service). Even a low-level of this can keep your server busy and give you an enormous bill. Sure, these problems can be prevented and benefits of Cloud Computing can outweigh them. However, this technology is quite new, you need to think strategically before you pounce on  it.

This article introduced the result of a survey for the adaptation of cloud computing global wise. 68% of the global organizations want to adapt this new tech but 51% have concerns that their old system may not be enough for the adaptation.  Then the article describes the pros and cons with cloud computing and solutions for hoteliers.  The pros are : no need to buy many expensive hardware, lower maintenance expense and software installing and updating fee, Cons: security, which is the biggest concern, redundancy, and other things. 

This article deals with the theft that happens on a daily basis in the hospitality field. It happens when credit cards are used to pay for something, like a reservation, and thieves want the information, so they can use your credit card number for whatever intentions they may have. As the article states, "our data is under attack". I can relate to those people that have had credit card numbers stolen, because it has happened to my husband and me, and it is a horrible feeling trying to get your life back on track and recover your money.  I think it would be a great idea, with some research, to get the point to point encryption technology in a field where credit cards are used so often, not only to cover the business (hotel), but also to protect the guest, so they feel at easy when they travel on vacation or business.  The overall point of this technology is to encrypt the information as close to the point of entry, i.e. the swiping of the credit card, as possible. This would in turn "significantly reduce a merchant's card data environment", as the program would encrypt the information so that hackers cannot access the customer's information. As I mentioned earlier, questions should be asked before buying this technology, as there is always something new on the market that may be better. Credit cards are not always swiped, but can also be manually placed in the system, so you want to make sure, that both transactions are protected. Overall, the establishment should always be concerned about the customer and their safety, whether physical or mental and always be prepared for the worse.

Great article! Personally after being a victim of credit card fraud, I'm very apprehensive of where I shop, who handles my card and how long it takes them to return it. I recently cancelled a large purchased after the cashier insisted on rubbing my card number on the reciept after the transactions had be approved. In my mind, I was thinking "If I let you do that, then I've open the door for anyone to charge thousand of dollars. I don't think so." As a manager, who hands credit card numbers for manual input, I'm very cautious of them and want to insure that they don't get into the wrong hand. Aftern each transactions is approved, that number is shredded and the credit card machine is batched out. Companies don't realize how important it is to PCI compliant. The risk in exposing sensitive information of our clients and customers can cost thousand of dolllars in fines and fee, in addition to the lost of that customer/client.

Marilyn, Great Article...as a Front Desk Manager, it is my responsibility to randomly check our computers to ensure employees are not placing USB driver to collect data from our system. Our company has taking this a step further by putting metal locked case around the PC to avoid possible fraudulent activity. If we have to open a PC, we must log it to show proof why a PC became unlock. Companies should adopt similar procedures to protect the consumers/guests. Nelson

Nowadays, cloud computing is widely applied in the hotel industry. Cloud(s) are made up from computers, always linked or networked together as computer farms. There are many pros and cons associated with cloud computing and solutions. The Pros: Cloud computing has lower start-up costs and not much equipment to purchase. Hotels do not need to hire many IT staffs to maintain the equipment, and not need to pay for future hardware upgrades. The Cons and solutions: Security and cost are the major concern for hotel management. Paying attention to your usage and manage usage routinely can keep your bill in a reasonable price. Cloud computing service companies provide different levels of quality and services. Thus, finding a reliable service provider is a tiring and time-consuming job.