POV: IHG's Recent Data Breach Wasn't Due to a Weak Password | Hospitality Technology - 0 views
-
come to light regarding the recent IHG data breach, one thing becomes clear: employee training to detect suspicious phishing emails must become a priority. Many news outlets have made it seem that a weak password was the cause for the company’s recent security breach, but if the hackers -- TeaPea -- who are claiming responsibility for the breach are to be believed, this really isn’t the case. TeaPea told the BBC that they were only able to gain access to the company’s internal IT network after an employee was tricked into downloading a malicious piece of software via a booby-trapped email attachment.
-
Unfortunately, in an industry where hospitality and customer service is the primary directive, employees are predisposed for being kind and willing to give to much information," says Andy Rogers, Senior Assessor of Schellman, a global cybersecurity assessor.
- ...5 more annotations...
-
or hoteliers, recognizing this as a true weakness and doing what they can to remediate this problem is a necessity
-
MAKE CYBER SECURITY TRAINING A PRIORITYOnce employees are aware of the role they play in protecting the company, they must then receive regular and high-quality training on a variety of phishing attacks
-
remember, an hour long security training session once a year is likely to be highly ineffective. Instead, consider multiple short training sessions regularly.
-
Email systems are too intimate with business applications and are typically installed on the same workstations for convenience," Sackowitz says. "Perhaps, as a safer alternative, it's time to look at sandboxing or bifurcating critical systems over one’s that converge with public delivery. Perimeters are still necessary. Additionally, there are technologies that can block or proxy any outbound URL from email that will minimize risk."