Hotels: Are Your Cyber Defenses Ready for 2021? | Hospitality Technology - 0 views
-
Two of the top five biggest data breaches made public in 2020 were at hotel chains. Attackers stole personal information including names, emails and addresses from 5.2 million guests at Marriott and 10.6 million guests of MGM Resorts.
-
To ensure a swift recovery from COVID-19, the hospitality industry must shore up its cybersecurity protections — or risk more headline-making breaches in the future.
- ...14 more annotations...
-
Breaches undermine hospitality brands’ reputations and erode customer trust. Eighty-one percent of consumers will stop engaging with a brand after a breach, according to a 2019 study.
-
When it comes to cybersecurity, companies today have two options: Defend the fort or devalue the data. The former is the more traditional approach. By strengthening the digital “walls” around your data — via firewalls, intrusion detection, 24/7 monitoring and other security protections — the defend-the-fort approach works to keep attackers from accessing your systems at all.
-
hotels have multiple point of sale (POS) terminals across different locations, from the front desk to restaurants, all of which are connected to each other. If a POS device is not properly secured, attackers can use malware or other attack vectors to steal clear-text credit card numbers and other data.
-
POS attacks remain one of the most common causes of data breaches in accommodations and food services.
-
Guests may share their credit card numbers with the hotel in advance via a booking app or website, opening up the possibility of web-based attacks. Loyalty programs are another source of online vulnerability, with an estimated $1 billion a year lost to account fraud and related crimes.
-
Make sure your employees use strong passwords and know how to spot fraud and spear phishing attacks. You may also want to limit employee access to confidential data, so if an account gets hacked, private guest information doesn’t go with it
-
You should also make sure your software is up to date with all security patches, as attackers often exploit known weaknesses in programs. Isolating POS devices from the rest of the network can also limit the damage from malware infections at that entry point.
-
it’s unlikely that even the strongest digital “walls'' will prevent all incursions. Defenses are important, but the ever-changing nature of technology means that new, hard-to-catch vulnerabilities will pop up all the time.
-
important to devalue your data, rendering it unusable to attackers who gain access to your systems. One way to do this is to implement point-to-point encryption (P2PE) by encrypting payment information from the moment it enters your network at the POS
-
Encrypted data is unintelligible to anyone who doesn’t have the right digital key. Implementing P2PE is the only way to ensure that clear-text payment data doesn’t fall into the hands of attackers targeting POS systems with malware.
-
Data that’s stored for the long term, like passport information or credit card numbers saved to a loyalty program, can also be devalued through tokenization. Data that’s tokenized gets replaced with an alphanumeric pseudonym, so the actual sensitive information isn’t stored on your servers. This method helps secure guest information beyond the initial transaction at the POS.
-
Hotels that reckon with their security vulnerabilities now will protect themselves from fines and other fallout from data breaches as business rebounds. They’ll also build deeper, more trusting relationships with customers by keeping their personal information secure. By strengthening security protections and devaluing their data, hotels can set themselves up for a brighter future.
-
This article describes the vulnerabilities in the security systems of the hotel Industry. The POS system was recognized as one of the most vulnerable areas that are more targeted by hackers. This is due to the multiple stations where the POS systems are located on the premises of the hotel. Likewise having POS systems independent of the hotels security system left the system open to hackers. Two options to defending the cyber-defense, are digital walls and employee training. Digital walls works by keeping hackers from accessing the systems. Although even with a strong firewall it is recommended to implement point-to-point encryption (P2PE), this encrypts payment information of guest. the other is tokenization. This uses alphanumeric pseudonym to protect data stored for long periods of time. Another way to prevent cyberattacks is employee training, encourage the use of strong passwords an dhow to detect fraud and phishing attacks.