You probably really never think too much about it. You are on a trip and check into your hotel. After you get settled, you want to check your Facebook, email, Instagram and Twitter accounts. So, you will do what you have been doing every other time you check into a hotel, you click on the wifi that is given you to.
But, have you really ever thought about the information you are giving out over the web?
Using the hotel password and wifi might not be the smartest thing you can do. For the hospitality sector, securing guests; not users’ networks, is the priority.
Hotels are more worried about how the business looks from the outside then what could be happening on the inside.
Hackers have taken notice as well.
According to a recent report by the UK Government Cyber Security Breaches Survey in 2016, compared with other industries, the hospitality sector is less engaged with cyber security - and are less likely to see it as a priority.
With cyber attacks on the rise, the hospitality industry is a major target considering the level of valuable personal data it holds.
The report goes on to talk about the cyber risks that hotels can face if they do not get with the times and update their security practices.
Point of sale thefts – incidents have occurred where cyber criminals have harvested customers’ names, credit card numbers and CVV codes after installing malware on card payment systems.
DarkHotel hacking of corporate guests – a campaign which has seen business guests targeted after connecting to the internet via hotel wi-fi.
Phishing scam targeting customers and hotels – guests have been tricked into handing over their details on fake websites posing as a legitimate booking site while hoteliers were also lured into sending their monthly fees to fake branded webpages.
DoS attacks close hotel websites – a typical technique employed by hackers is a denial of service attack which can shut down an entire hotel chain’s website by overwhelming it with traffic sources.
You will never be able to fully stop cyber attacks. But, hotels need to get with the times and update their security systems with the latest technologies. A hotel should posses enough tools and practices to reduce the risk of an attack, and to know when an attack is taking place. This is accomplished by building and frequently re-evaluating a visibility plane.
“9 Tips to” Protect Against Credit Card Theft
As we all know, theft of credit card data, or skimming, continues to be on the rise and there are certain security standards, which must be followed.
Hotels should also have background checks in place during the recruitment process and ensure IT security policies are in place, which includes deleting access when an employee leaves the business.
If a cyber attack does occur, hotels need to have in place a cyber security plan that has been tested and is updated on a regular basis.
A post from InfoSec Institute said:
As the Stroz Friedberg’s managing director Bryan Rose takes it, the fact that cyber insurers do not undertake rigorous assessment before creating cyber policies in writing means that they fail to identify the high-risk clients. Consequently. “[T]here’s a real risk that insurance companies are not appropriately pricing the risk,” Rose concludes.
A lot of companies fail and do not receive insurance payment because they did not have a plan in place or it was not effective enough. If this undertaking seems daunting, perhaps it's time to weight the pros and cons of outsourcing you network security.
At the end of the day, it is all about making sure your business and customers are secure. This is why hotels need to have cyber security at the top of their priority lists.