Since hotel companies first encountered the pandemic early last year there has been a sharp spike in sophisticated and varied cyber threats and attacks. The goal for cybercriminals is to gain access (through attacks such as SPAM and phishing) and take control of your business-critical data (ransomware) while disrupting your operations, putting your business and the sensitive data (names, emails, addresses, bank details etc.) you hold at risk.
It is critical, now more so than ever before, to ensure you have a strong cyber security strategy in place to protect your hotel, team and customers. With an ever-changing threat landscape, you may find your business at the centre of daily attacks and without the proper IT infrastructure and cyber security awareness, your business runs the risk of becoming another statistic.
But why are hotels the primary target for cyber-attacks?
Cybercriminals don’t break into empty cloud vaults
It goes without saying if your business did not hold anything of value, hotels would not appear as such a hot commodity for these perpetrators to focus on and attack. According to a Mimecast study, email threats increased by 64% in 2020 and 79% of organisations were affected by their lack of cyber security preparedness.
As such, it is beneficial to assume that a cyberattack WILL and CAN happen to your business at any moment. While this notion can seem alarming that is exactly the mindset we want more hotel operators to adopt.
Working with you to develop an awareness of the common attacks hotels similar to yours face can help you to feel more secure and better prepared that once an issue arises, your hotel will be armed to defend itself.
Top 3 cyberattacks faced by hotels
Phishing attacks – Considering the amount of emails your hotel sends and receives on a daily basis we can guarantee that you will have received a phishing email at some point this week or even today.
Typically, what happens is that cybercriminals will do their very best to convince you, a member of your team, or customer, they can be trusted and encourage you or them to share personal data including bank details and passwords. Once the data has effectively been ‘stolen’ retrieving it can be a difficult, lengthy and stressful process.
We would highly recommend learning and educating your team to recognise the signs of a phishing attack which can include:
- Scrutinising potential phishing emails by paying close attention to email addresses, poor spelling, grammar and typos.
- Incorporate the latest in industry-leading software to which can filter phishing emails.
- Keeping all data securely backed up and protected.
- Maintaining a good company policy of not disclosing sensitive personal or business information.
Ransomware – This particular tactic can be used in a variety of ways including a phishing attack as described above. They can also trick unsuspecting victims into opening attachments and downloading damaging malware that will disrupt your access to critical-business data until a ransom is paid.
Avoiding such attacks proves to be a difficult task as a majority of hotels use a POS system which is fully integrated across their devices and often linked across separate devices. Blind spots or security gaps in your network can also provide the ultimate opportunity for cybercriminals to access your network and data without ever needing administrative access.
To assist you in taking the necessary steps to protect your business we suggest;
- Investing in state-of-the-art anti-malware software
- Maintaining your businesses operating systems including patching
- Avoid disclosing software administrative permissions until the source has been verified
- Having a system which regularly backs up your files and data
- Distributing your files and data in secure locations
Public Wi-Fi Theft – While you may not have considered this as a common method for cybercriminals to attack, they can indeed use your hotel Wi-Fi solution to access personal information by spying or viewing everything you, your team and guests do online.
Whereas before we were told to keep a close eye on our passports, wallets and credit cards there is a rising need to be aware of how cybercriminals target your hotels most valued resources.
You should consider adopting the following steps for peace of mind;
- Work with a secure wireless provider and ensure that you have a separate network for guests/customers to use and one for corporate/office/staff to access.
- Ensure all security features have been turned on and are fully functioning.
- Keep track of any updates double check your IT provider knows about them too.
- Prepare a document that is given to guests detailing your hotel’s official Wi-Fi name and password.
Expert guidance and protection
In order to protect your hotel and guests against payment card theft, as well as fraud, our qualified team of engineers can assist you in becoming and remaining compliant with PCI DSS (Payment Card Industry Data Security Standard). You will need to prove your compliance with VISA and Mastercard which will help your hotel avoid fines and being penalised by banks. And once you are PCI DSS compliant you will no longer have surcharges for every transaction submitted.
Similarly, you will need to look at how your hotel is complying with GDPR regulations. Your hotel will bare the full responsibility of protecting the sensitive data it holds. By partnering with an experienced IT company you will benefit from our help with:
- Developing data protection policies.
- Embedding new business processes.
- Educating your team on GDPR regulations.
- Ensuring you have the right security and encryption in place.
Taking privacy seriously as a hotel operator will not only protect you against a majority of cyberattacks but it will also enhance the reputation of your hotel, maintain low costs and help you build trust with your guests and customers.
It is vital for your hotel that you maintain a strong cybersecurity strategy supported by the advancements in technology. Our Cyber Essentials Support scheme is a government-backed cyber security standard that we use to assess and certify businesses, just like yours, to ensure that you are addressing cyber security effectively as well as mitigating the risk of threats.
Addressing your cybersecurity effectively may require outsourcing to a trusted IT company that can bring their years of experience and knowledge to the table. We’ve often recommended our existing clients, including hotels like yours, take a look at our Cyber Essentials Support brochure as a starting point.
If your hotel needs help with cybersecurity, call us on +44 203 034 2244 or +1 323 984 8908 Alternately, you can contact us online. We will be happy to help you overcome your IT challenges. We have engineering bases in the United Kingdom, Europe and Southern California and our group of highly experienced engineers are available 24/7 to assist and ensure that your business’ IT infrastructure is running seamlessly.