How Hotel Cybersecurity Keeps Guests and Data Secure – Security Intelligence
Hotels need cybersecurity: Although they don’t have the volume of transactions that big box retail stores do, their transactions are generally larger, and their guests have more at stake than just their groceries. But the personal information hotels store is only part of what’s at risk.
Hospitality organizations need to understand their vulnerabilities, as well as how to identify threats to their guests, property and data. Below are four key areas hotel cybersecurity teams need to focus on.
Hotel security is a standard practice, but the focus has traditionally been around physical property. Guests rely on hotels to keep themselves and their possessions safe during their stays. When they have high-value items that need more protection than just the lock on their door, they turn to the room safe or, in some cases, safes managed by hotel security staff.
Guests may mistakenly assume the same level of protection extends to the digital assets that reside on their laptops and smartphones when they use hotel Wi-Fi connections. But hotels need to be certain they are delivering a consistent level of security to guests and their possessions, whether they are physical or digital.
It’s obvious that all billing systems need to be secure to protect guests’ personal and financial information. But with centrally connected reservation systems, the exposure extends far beyond a single hotel’s booking system.
Hotels need to think about multiple endpoints and the remote connections they rely on to run the property’s operations. Electronic door locks, HVAC controls, alarms and a full range of Internet of Things (IoT) devices can fall under the control of cybercriminals aiming to disrupt normal operations.
Cybercrimes happen, and they need to be reported responsibly, but not all breaches need to be announced at the moment of discovery. Hotel managers should notify their security teams at the corporate level so that actions can be taken to protect related properties and their guests.
Take advantage of cybersecurity professionals who can identify sources of intrusion, assess the extent of the breach and provide details of the compromised material. Announcements of the breach surely need to be made quickly, but they should come after all the relevant information has been gathered and verified. That way, customers and their data can be properly advised and further exposures limited.
While malware and other sophisticated cybercriminal schemes certainly represent a formidable threat, the majority of data breaches are initiated by individuals within the organization. For example, an employee might steal data to sell it on the black market, or destroy or corrupt it for personal reasons.
More often, information is passed to criminals through social engineering, a practice that involves gaining small amounts of information over a period of time, generally from a variety of people within the company. The criminals are then able to piece together the bits of information to communicate with someone who might mistakenly divulge sensitive or protected information. Hotel properties need to devote time and effort to educating their staffs about these advanced threat techniques to protect their guests and their own reputations.
Hotels are vulnerable to cybercrimes through a variety of avenues that break with the traditional physical security measures deployed across the hospitality industry. Keeping guests and their assets — both physical and digital — safe is paramount to preserving both the image and financial security of hotels.
3 min read – The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices…
3 min read – On May 02, 2024, CISA and the FBI released a Security by Design alert to all software manufacturers and customers regarding an ongoing security vulnerability associated with “directory traversal” (also known as path traversal) in the software design process. The…
4 min read – In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to…
4 min read – At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…
3 min read – There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…
3 min read – Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.