<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

Traveling this Summer? Don't Let Your Data Get Checked Out

May 23, 2017

Vacation-Hack

You probably really never think too much about it. You are on a trip and check into your hotel. After you get settled, you want to check your Facebook, email, Instagram and Twitter accounts. So, you will do what you have been doing every other time you check into a hotel, you click on the wifi that is given you to.

But, have you really ever thought about the information you are giving out over the web?


Using the hotel password and wifi might not be the smartest thing you can do. For the hospitality sector, securing guests; not users’ networks, is the priority.

Hotels Lack Ideal Security Measures

Hotels are more worried about how the business looks from the outside then what could be happening on the inside.

Hackers have taken notice as well.

According to a recent report by the UK Government Cyber Security Breaches Survey in 2016, compared with other industries, the hospitality sector is less engaged with cyber security - and are less likely to see it as a priority.

Report Shows Hotels Need to Catch Up

  • One in five don’t apply software updates when available
  • A quarter don’t have sufficient firewall protection
  • A third don’t have updated malware protection
  • 40% of businesses never notify senior managers about cyber security issues

At hotel reception credit card informationMany managers have not seen this as an issue, but guests sure will. A guest who is staying in an un-secure hotel will be apt not to return. After all, not many people want their information stolen and used against them.

With cyber attacks on the rise, the hospitality industry is a major target considering the level of valuable personal data it holds.

The report goes on to talk about the cyber risks that hotels can face if they do not get with the times and update their security practices.

Cyber Risks Facing Hotels

Point of sale thefts – incidents have occurred where cyber criminals have harvested customers’ names, credit card numbers and CVV codes after installing malware on card payment systems.

DarkHotel hacking of corporate guests – a campaign which has seen business guests targeted after connecting to the internet via hotel wi-fi.

Phishing scam targeting customers and hotels – guests have been tricked into handing over their details on fake websites posing as a legitimate booking site while hoteliers were also lured into sending their monthly fees to fake branded webpages.

DoS attacks close hotel websites – a typical technique employed by hackers is a denial of service attack which can shut down an entire hotel chain’s website by overwhelming it with traffic sources.

10 Tips For Better Cyber Security

So What Should Hotels Do to Stop the Attacks?

You will never be able to fully stop cyber attacks. But, hotels need to get with the times and update their security systems with the latest technologies. A hotel should posses enough tools and practices to reduce the risk of an attack, and to know when an attack is taking place. This is accomplished by building and frequently re-evaluating a visibility plane.


“9 Tips to” Protect Against Credit Card Theft
As we all know, theft of credit card data, or skimming, continues to be on the rise and there are certain security standards, which must be followed.

  1. Replace your credit cards after a data breach.
  2. Guard your information - Phishing emails often request both sensitive (account information, passwords) and non-financial information (DOB, name, address, etc.) to commit fraud and identity theft.
  3. Change passwords frequently. And use strong passwords.
  4. Security freeze - blocks your credit history from being viewed by lenders.
  5. Frequently check your bank statements online.
  6. Use a secure pay device, like an EMV card or secure digital pay service (Apple Pay, Google Wallet, etc.) whenever possible.
  7. Report fraud and financial crime immediately.
  8. Take advantage of your bank's online banking safety security features.
  9. Request a temporary card number from your credit card issuer for making purchases online.

Hotels should also have background checks in place during the recruitment process and ensure IT security policies are in place, which includes deleting access when an employee leaves the business.

What Happens When an Attack Does Occur?

If a cyber attack does occur, hotels need to have in place a cyber security plan that has been tested and is updated on a regular basis.

A post from InfoSec Institute said:

As the Stroz Friedberg’s managing director Bryan Rose takes it, the fact that cyber insurers do not undertake rigorous assessment before creating cyber policies in writing means that they fail to identify the high-risk clients. Consequently. “[T]here’s a real risk that insurance companies are not appropriately pricing the risk,” Rose concludes.

A lot of companies fail and do not receive insurance payment because they did not have a plan in place or it was not effective enough. If this undertaking seems daunting, perhaps it's time to weight the pros and cons of outsourcing you network security. 

At the end of the day, it is all about making sure your business and customers are secure. This is why hotels need to have cyber security at the top of their priority lists.

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES