Hotels, as many other companies, use computers to handle various tasks. The actions hotels perform with the computers include payment transactions, reservations, accounting and room access card-keys. Computer systems are also used to control lights and air conditioning in rooms.
Automation assists hotel operations and usually facilitates better stays for guests. However, on the other side of the coin, extensive use of computers allows a possibility of cyber attacks. At Secure Stay we recommend you keep a close watch on those threats, as preventing cyber threats is easier than remedying them. You should remember that the hotel’s reputation is at stake within mentioning the well-being of guests and employees.
In addition to impairing the hotel’s networks, cybercrime might restrict access to hotel facilities for guests. This year in Austria, hackers broke into a hotel’s system and left more than 180 guests locked out of their rooms and hotel owners had to pay a ransom to get the access to the rooms back. It is clear that such an event resulted in a major disruption to the hotel owners and their guests.
Ransomware incidents can corrupt a hotel’s computer system, affect the air conditioning or light, while affecting guests’ comfort, or worse their safety. Moreover, booking systems are at risk as they deal with information associated with the hotel, third party providers, and customers.
Why are hotels the target?
Cybercriminals attack hotels due to their Point of Sale systems used. There are often ongoing applications that are not as protected as modern payment systems. Hotel sends the information to the back office instead of sending it to the terminal directly which is built to encrypt and payment data. This extra step creates a weak point in the hotel’s systems. Also, there is a lot of other data that can be of interest to hackers, such as various payment card transactions.
These are top five types of virtual attacks to be prepared for:
1. Remote hacking through third parties
At Secure Stay we highly recommend to monitor third-party access to your hotel networks, as cybercriminals might break in through a remote access point. Hotel IT representatives should be in control of vendor access to sustain a constant observation of all activity coming from the third party.
The largest data breach was performed through a third party vendor, when hackers obtained access to information of more than 70 million credit cards.
2. Phishing scam
Some fake websites pose as legitimate booking websites, while they try to obtain personal information of guests and their credit card information. Also, hotel owners are being tricked into a similar scam when they pay fees to fake websites. These days it is important to make sure that the websites used both by customers and hotels are legitimate and are not run by hackers.
Hotels are at risk when it comes to ransomware attacks, as we mentioned earlier hotels use PoS systems with applications that are not as secure as modern payment systems. There are other weaknesses hotel systems have that might cause ransomware attacks.
4. Access to personal information through guest Wi-Fi
The attack is called “man in the middle” and it imitates a legitimate Wi-Fi access point. It allows cybercriminals to view all the online activity of users of this fake connection. It includes their logins to banking systems, entering credit card information on websites, or reading email.
It also happens that hackers incite users of guest Wi-Fi networks to visit websites that are actually scam versions of original websites. They gain more access to guests’ personal devices when cybercriminals trick users to install so-called “critical” updates.
Taking into account all the threats that await hotels, it is essential that these establishments should protect their networks. At Secure Stay we assist Hotel businesses to remain constantly protected and prevent cyber threats. It is already not a matter of if, but when a cyber attack occurs, as cyber attacks become more and more common.
What hoteliers can do to protect their business?
Luckily, there are measures that can be taken in order to protect your hospitality business. Protections that you can put into practice include:
1. Train your employees.
Hotel management should instruct employees not to open suspicious emails and potentially harmful attachments, as they may contain malware. They should also be warned not to send emails to unrecognized addresses or share sensitive information through unsecured ways of communication.
2. Integrate Security Information and Event Management (SIEM)
If you set up this platform you should be warned of security breaches immediately.
3. Maintain PCI compliance
The Payment Card Industry Data Security Standard (PCI DSS) was introduced by PCI SSC in response to fast PCI development. Hotels should adhere to these standards that require companies to send credit card information in a secure manner. This should prevent hoteliers from paying massive fines, losing revenues and customers’ trust.