In an industry that is seemingly under attack from all angles, hoteliers must now take cybersecurity seriously. Over that past few years, the industry’s most well-known brands have all been victims of cybercrime. As such, they are all investing and investigating to make sure it doesn’t happen again.
Let’s take a closer look at cybersecurity for hotels, the most common threats, and what to do about them.
1. Phishing attacks
Phishing refers to the sending/receiving of emails that appear to be from a genuine source. A criminal using it intends to convince the recipient that he/she should share information. That is often passwords and financial information; this scam is one of the oldest on the internet.
In recent years, this threat has become increasingly sophisticated, with attacks targeting those in authority. The aim is to take over a user’s email account to send bogus emails to colleagues. These emails often attempt to persuade recipients to authorize transactions, which are ordered from above.
The most famous of recent ransomware attacks simultaneously attacked countries and businesses all over the world. The latest ransomware, WannaCry, posed a real threat by taking information and certain systems hostage. The purpose of this attack was to gain financially from those who paid the demanded figure to free their data/systems.
As a hotelier, you are at high risk from cybersecurity failings that allow this type of attack to occur. Hotels that have fallen foul to this crime have in the past paid more than $17,000 to be able to let guests into their rooms and create electronic keys.
Another nasty form of attack used against hotels across the world is DDoS.
Called a distributed denial of service attack, you may be familiar with it concerning the web. However, it is also a hack of choice for those looking to target the wide array of systems hotels use. Every day regular items such as sprinkler systems to security cameras are vulnerable to hijack. After which, entire computer systems can be made to come crashing down. Cybersecurity for hotels should always include a process to mitigate any compromised systems should they go down in a DDoS attack.
4. Point of sale/ payment card attacks
Point-of-sale attacks pose the biggest threat to the hotel industry as a whole. Rather than attacking the hotel itself, they are a third-party crime, meaning they attack the vendor. And that means somewhere there is a weakness in the system which has been revealed by human error.
Cybersecurity issues of this nature, often result in customers being out of pocket, and the media getting involved. Which, of course, means bad press for a hotel. Furthermore, there could be financial implications for the business. One example of this is MasterCard billing an unnamed establishment for $1.4-million, and Visa around $500,000.
5. DarkHotel hacking
Not familiar with the term DarkHotel? It is a relatively new one, which sees criminals use a hotels Wi-Fi to target business guests.
The attacks use forged digital certificates to convince victims that a software download is safe. To enable this to happen criminals upload malicious code to a hotel server, and can then target specific guests. The first instance of DarkHotel hacking was first seen in 2007 and originated via peer-to-peer networks and spear-fishing scams. If you have guests that are concerned about DarkHotel hacking, encourage guests to use virtual private networks (VPN) if they plan on conducting business with sensitive data.
6. Customer data/ identity theft
Protecting the identity and information of a customer is paramount to the success of any business and hotels ar eno exception.
One of the biggest risks hoteliers report is the amount of hacking surrounding guest information. As such, network security / cybersecurity is important. Especially when there are criminals from all over the world trying to steal identities, and credit card data.
Unfortunately, for hoteliers, this crime is forever changing. Which means that when it comes down to cybersecurity for hotels, an almost perpetual arms-race to secure both data and networks.
Don’t take our word on cybersecurity for hotels: tell us what you do to secure your networks and data in the comments or join us on Twitter.