Creating a plan to tackle hospitality’s leading cybersecurity risks
Cybersecurity is a vital concern for any business in today’s digitalized and IoT (internet of things)-driven world. However, for hotels handling sensitive business data and personal guest information the risks can seem especially great. With up to 31% of hospitality organizations stating they’ve previously experienced an attack, hotels undoubtedly are a favorite target of hackers who often aim to steal data and disrupt operations either for financial gain or to simply be malicious.
Regardless of the hacker’s intent, the effect of these cyberattacks is the same for all hoteliers, resulting in loss of revenue, damage to the property’s reputation, and exposure to legal liability. With the threat of data breaches on the rise, the good news is hotels have effective means at their disposal to fight back and minimize the risks. The first and most important step for hotel properties and their employees is to familiarize themselves with the most prevalent cyberattack tactics and to understand the steps they need to take to prevent an attack from occurring – or at least to minimize the damage if one does.
AVOID GETTING HOOKED BY PHISHING SCAMS
One of the easiest tricks hackers use to access systems and data is to pass themselves off as a legitimate contact. This tactic is known as phishing and usually comes in the form of fraudulent emails or messages that initially appear to be from trusted banks, vendors, work colleagues, or guests. Phishing attacks may use malicious links, infected attachments, or simply can request the sharing of sensitive information. Hotels can minimize their exposure to risks by adopting the following steps:
1 Train employees on how to spot email phishing scams, such as verifying a sender’s address, analyzing the tone and language of a message, and by confirming the validity of links and attachments before proceeding to open them.
2 Avoid disclosing sensitive data to unfamiliar sources and verify the identity and authenticity of any requests for information or payments.
3 Maintain a backup of business data, such as guest records, reservations, invoices, and payroll in case of data loss.
4 Maintain the updated hardware and software able to identify, isolate, and delete phishing emails (spam filters, antivirus programs, firewalls, etc.)
DIFFUSING DENIAL OF SERVICE ATTACKS
Denial of service (DoS) is a type of cyberattack that’s becoming an all-too-common threat for hospitality organizations. The general goal of DoS is to disrupt or disable a property’s website or network by overwhelming it with a large amount of traffic or requests. Examples can include freezing a hotel’s booking engine or locking guests and staff out of rooms, often until a ransom is paid.
To prevent their business operations and guests from becoming victims, hoteliers often can sidestep DoS with techniques that include:
- Installing software that can identify spikes in network traffic that can differentiate between legitimate and malicious sources to block unwanted activity.
- Configure firewalls and routers appropriately to prevent suspicious traffic from accessing property networks to limit the number and size of packets that can be processed.
- Deploy load balancing abilities to distribute traffic across multiple servers or locations, redirecting traffic to alternative or backup servers in case of overload or failure.
- Implement rate limiting to restrict network traffic volume over a specific period of time, throttling or rejecting any excessive or abusive network bandwidth requests.
ADDRESSING MALWARE IN ALL ITS SHAPES AND SIZES
Although all malware is designed to infect a computer system or network, the software can take various forms depending on a cyberattacker’s goals. This can include viruses, worms, ransomware, spyware, and adware – each capable of inflicting damage while exposing a hotelier to a range of vulnerabilities, including crashed systems and data theft. Yet hoteliers can drastically reduce their chances of being targeted by any type of malware threat when keeping these best practices in mind:
- Maintain updated malware protection software on all devices and networks, with scans performed regularly to swiftly remove any detected threats.
- Ensure staff use only up-to-date browsers with adblocking software when accessing the internet while implementing rules to avoid visiting suspicious or unsecured websites.
- Require external drives such as USB thumb drives to be scanned prior to being used on any hotel devices or networks.
- Implement rules requiring all operating systems to be up-to-date and routinely patched to eliminate any security loopholes or vulnerabilities that malware can exploit.
- Restrict administrative permissions only to trusted personnel and limit access privileges of other users or guests to the minimum necessary.
Remaining vigilant in the face of evolving online threats
Cyber-attackers no doubt will continue to adapt and become more ingenuitive as new technologies such as AI become widespread. Hotels always must attempt to stay a step ahead by maintaining awareness of the latest and most-commonly utilized tactics while understanding which best practices are the most effective to put in place. Those seeking expert advice should look to trusted professionals, including their operational systems and network solution providers. Doing so can only aid industry businesses in maximizing their ability to protect business and guest data from any type of from cybersecurity risk.