Group items matching

in title, tags, annotations or url

US. Cannabis dispensaries have to collect large quantities of sensitive information in order to comply with state laws,

the THSuite platform is designed to simplify this process for dispensary operators by automatically integrating with each state’s API traceability system.

The vpnMentor team says that the breach affected many more dispensaries, and that it’s possible that all THSuite clients and their customers were involved.

The researchers also found photographs of government-issued photo IDs and corresponding signatures of dispensary visitors and patients alike.

Under HIPAA regulations, it’s a federal crime in the U.S. for any health services provider to expose protected health information (PHI) that could be used to identify an individual.

the researchers say that THSuite could be subject to HIPAA violations, which can result in fines of up to $50,000 for every exposed record, or even in jail time.

hackers and scammers can take advantage of personal details exposed in the data breach about dispensary customers and employees to create highly effective personalized phishing attacks.

Documents such as copies of travel information, passport and identity documents, licenses, customer lists, etc. should be shredded daily.

Invest in cyber-security tools such as firewalls and tokenization and encryption to avoid online breaches through the business’ website or third-party sites.

Regularly update equipment and software with monitoring systems that can detect breaches at numerous terminals to avoid PoS breaches.

Ongoing training helps ensure employees understand and follow policies and best practices. They should also be trained on how to recognize potential risks such as phishing.

n addition to airlines and banks, hotels maintain a rich database of personally identifiable and financial data on file.

Hotels need a ‘toolbelt’ of various security technologies that can be used to prevent malicious attacks. A managed firewall is essential, blocking dangerous traffic from coming onto the network and preventing sensitive data from being exfiltrated, or sent, to the hackers.

One way to implement these advanced toolsets includes outsourcing to a managed security firm specializing in this type of service

If used correctly, hotels could see anomalies that could lead to breaches prior to any damage being done — allowing them to halt hackers in their tracks.

here were 4.83 million DDoS attacks attempted in the first half of 2020 alone and each hour of service disruption may have cost businesses as much as $100k on average.

Third party software. The top 30 ecommerce retailers in the US are connected to 1,131 third-party resources each and 23% of those assets have at least one critical vulnerability.

umber of the attempted breaches grew by 250% compared to 2019.

The global market for cloud computing is estimated to grow 17% this year, totaling $227.8 billion.

To strengthen the cloud computing defenses in the future, stakeholders should pay attention to proper cloud storage configuration,

In terms of technological developments in the travel industry, smartphones, smart speakers and AI assistants have all contributed to improve the importance of voice search

This market growth is attributed to factors including rapid economic growth, increasing spending of the middle-class population, increasing focus on creating new experiences, surging urban population, and others

It would make it much faster for travel agencies to accept transactions, even in cases where consumers do not have access to cash or a credit or debit card. Since it is a time-saver, it will also boost the client experience.

Phishing attacks, unauthorised access, financial fraud are some of the main challenges in this field, while modern dependence on data still puts enterprises at risk of human error caused by their own employees too.

Throughway of graphic overlays, personnel in the tourism industry can significantly improve consumer loyalty by supplying consumers with useful knowledge or even great entertainment.

The PCI Security Standards Council claims that since March, malicious virus-related reports are up 475%. The reason for the uptick is that cybercriminals are trying to take advantage of rapid changes to the payment-card data environment. In addition, 41% of small businesses have said they’ve suffered breaches costing more than $50,000 to fix.

Contactless payment is one of the big changes within the payment data environment. Several restaurant companies – from chains to independents – are offering it because it reduces customers' physical interaction with the restaurant's POS system. As part of this move, some businesses have eliminated credit-card PIN numbers.

Eliot says malicious email is usually the easiest way for cybercriminals to access your networks. The emails typically show up as urgent requests for sensitive information, often pretending to be from the Small Business Administration or the Centers for Disease Control and Prevention. When the intended victim types in his or her credentials and clicks on a specific link or downloads an attachment, criminals are in.

Anyone looking for easy-to-implement security tips can try these six to start. Reduce areas where payment-card data is stored. The best way to protect against a data breach is to avoid storing any card information at all. With many small operators offering curbside pickup and accepting payment over the phone instead of through face-to-face transactions, it’s important they train employees not to write down payment card details. Instead, have them enter numbers directly into a secure terminal. Use strong passwords. Using weak and default passwords is one of the leading causes of payment data breaches among businesses. Effective passwords must be strong and updated regularly. The most recent guidance is: the longer, the better. Think of it almost as a “passphrase” rather than a password. Use it in the form of a sentence, but mix in different characters within the phrase. It’s much harder to break a long passphrase than it is a short, complex password. Weak and vendor default passwords often result in small business data breaches. Also, don’t repeat your passwords. Update your software often. Criminals look for outdated software to exploit flaws in unpatched systems. Timely installations of security patches are crucial to minimizing the risk of a breach. Whenever updates are available, use them. They will improve performance and close out some of the vulnerabilities cybercriminals are searching for. Enable two-factor authentication. It's so important for restaurateurs, especially where their POS systems or any of their sensitive databases are concerned, to have two-factor or multi-factor authentication enabled. If an instance where credentials are stolen occurs, there will be a second layer of verification the operator can rely on to potentially reduce the chances that information will be breached. Segment your networks. If you are going to store payment data, make sure your POS system has its own separate, secure network. Do not store sensitive documents on public cloud services such as Google Docs or DropBox. If you’re going to store sensitive documents, house them in an encrypted, locked down location.   Be hyper-vigilant. Criminals are going to try to take advantage of this pandemic situation as much as possible. You can protect yourself by not giving out sensitive information, especially within unsolicited emails. Don’t click on links you’re not expecting and do everything in your power to protect all sensitive information.

i

we identified and eradicated unauthorised malware that targeted payment card information in some point-of-sale systems at our hotels

54 North American locations were compromised by point-of-sale malware

hospitality service providers face extraordinary challenges with customer data security at point of sale (POS)

often the weak link in the chain and the choice of malware,

Encrypting the data in the card reading terminal ahead of the POS eliminates the exposure of live information in vulnerable POS systems

1. Ransomware:

hey present further ransomware opportunities to hackers by using computers to automate functions.

distributed denial of service, or DDoS

One of the largest data breaches in history was conducted through a third-party vendor when hackers stole data from 70 million credit cards by gaining access to a mega-retailer’s network through credentials belonging to an HVAC contractor.

2. Remote hacking through third-party vendors:

4. DDoS attacks on the hotel network:

3. Phishing scam targeting customers and hotels:

Train employees. Hotels should train employees to not open suspicious emails or links inside them as they may contain malware.

Statistics indicate that such incidents will become more frequent, so it is not a matter of if but when the next cyber attack will occur.

Integrate a managed SIEM. Hotels should bring on a managed security information and event management (SIEM) platform for their remote locations to be warned right away of cyber attacks. They may also want it for inside the perimeter if they lack the expertise and resources to properly use SIEM internally.

Maintain PCI compliance. The Payment Card Industry Security Standards Council (PCI SSC) has put forth a set of stipulations, the Payment Card Industry Data Security Standard (PCI DSS), in response to rapid PCI expansion. Hotels should make sure they are compliant with these regulations, which require businesses to send credit-card information in a secure environment, to prevent paying heavy fines and losing data, revenue, and customer trust.

Install antivirus on all devices. Hotels should ensure they have reliable anti-virus and anti-malware software installe

5. Theft of personal information over public Wi-Fi.

According to the FBI, the number of cyber threat occurrences quadrupled to 4,000 per day last year from 1,000 per day in 2015

The number of cybersecurity incidents worldwide increased 38 percent in 2015 from 2014, according to the Global State of Information Security Survey 2016 by PwC, CIO, and CSO.

In addition, there are large volumes of payment card transactions between restaurants, on-site shops, spas, parking, and the front-desk, ensuring there is plenty of customer data for a hacker to compromise.

Hotels are especially vulnerable to this type of attack where a type of malware disrupts access to a system until a ransom is paid. This is because they often use integrated POS systems

Hackers can break into hotels’ payment systems through a remote access point belonging to one of its vendors, so they should closely monitor third-party access to their networks

Enter multifactor authentication (MFA). By adding extra layers of security to a user's login process and requiring they enter two or more pieces of evidence (e.g., factors) to prove they are who they say they are,

MFA is a great method for boosting protection against everyday threats like credential stuffing, phishing attacks and account takeovers.

1. Passwords alone are no longer enough to protect against security attacks.

it's critical every company apply effective security measures to protect their data.

to protect business and customer data, it begins and ends with preventing unauthorized account access.

MFA is the most direct and effective way to do that.

A familiar example of MFA at work is the two factors needed to withdraw money from an ATM.

Your ATM card is the something that you have, and your PIN is the something you know.

companies can require all employees to verify their identities with two or more pieces of evidence to prove they are who they say they are.

2. Companies around the world (from Fortune 500s to small businesses) are feeling the urgency to adopt MFA — but a knowledge gap persists.

It's imperative companies invest in training employees on how using MFA is essential to securing access to both work and personal accounts.

industries in our everyday lives — led by social media platforms and financial services — requiring consumers use MFA to secure their personal accounts, both businesses and employees are normalizing the everyday routine of MFA. 

make the connection between security at work and in their personal lives and understanding they're two sides of the same coin.

3. MFA adoption can seem overwhelming, but it doesn't have to be.

By recognizing any technical, change management and financial challenges to user adoption, committing to open communication, and providing the resources and training your employees need, any business can conquer that fear of the unknown. 

When adopting MFA, prioritize identifying the strongest and most user-friendly authentication method possible for your organization.

that means using an authenticator generator app, a hardware security key or a combination.

the reality is a large percentage of U.S.-based employees are also consumers with a smartphone in their pocket.

on that phone, the employee is already using multiple apps that require MFA.

4. Balance security with ease of use when identifying a preferred authentication method for your organization

With options like hardware keys, you often see employees run into issues losing, replacing or breaking them. But a (TOTP) mobile app can be continuously updated in ways that make the MFA process more seamless (e.g, an app that verifies automatically from trusted locations like an employee's home office).

authenticator apps on devices like iPhones have the added benefit of extra layers of security at the phone level like PINs and biometrics like Face ID.

cyberattacks such as phishing, ransomware and distributed denial-of-service (DDoS) attacks are on the rise.

Cloudflare

a major US cybersecurity firm that provides protection services for over 30% of Fortune 500 companies

"There's been an enormous amount of insecurity around the world,"

"I think 2023 is gonna be a busy year in terms of cyber attacks."

Experts warned that cyberattacks are increasing in sophistication and frequency.

“This is a global threat, and it calls for a global response,”

“This is a global threat, and it calls for a global response and enhanced and coordinated action,” Jürgen Stock, the Secretary-General of the International Criminal Police Organization (INTERPOL),

“The key to winning the battle against cybercrime is, of course, to work together to make it a priority across the geopolitical fault lines.”

This concern has been raised particularly around critical infrastructure sectors like energy, public transportation and manufacturing. SecurityScorecard, a US cybersecurity rating and analysis firm, reported recently that 48% of critical manufacturing companies surveyed were at significant risk of a cyber breach.

“Vulnerabilities within the critical manufacturing sector haven’t gone unnoticed by cybercriminals either,” said Aleksandr Yampolskiy, SecurityScorecard's CEO.

The Forum's report also notes that the potential targets for cyberattacks are increasing. Today, targets include not only government agencies or major corporations, but largely any organization that handles consumer data—no matter how small.

There is no such thing as a hundred percent security. It's about resilience in the face of insecurity.”

“

Consumers, too, need to increase their cybersecurity awareness in 2023, experts say.

As more things get connected to the internet there's just more risk. ”— Matthew Prince, Cloudflare CEO

Zero Trust approach to cybersecurity, which creates a framework that eliminates implicit trust and ensures that any user—even those who are supposed to be inside an organization's network—is authenticated and validated at every turn.