With so much activity in and out, hotels and restaurants can be a breeding ground for cybercriminals and personal data seems there for the taking. How can owners protect their business, themselves and their guests?
News broke in November that Marriott International, the world’s largest hotel chain, had suffered a cyber-attack and the breach resulted in a hacker having access to one of its networks since 2014. It meant up to 500 million guests had their data stolen, from basic account information, personal information like name, address and passport number, and even card and payment details.
Restaurants, like hotels, can also be a breeding ground for hackers. These are busy places, with guests coming and going all day, every day, jumping on and off the usually unprotected Wi-Fi, as well as the huge bank of sensitive information the hotel or restaurant must store to operate normally. Unlike banks, hotels generally don’t have elaborate software to detect hacks and have limited knowledge on how to defend against cybercriminals. With so much scope with what a hacker can do, it almost feels inevitable that hospitality sector would targeted.
So what are hackers doing?
Often, hackers will deploy a Denial-of-Service (DoS) attack which essentially halts a system’s ability to respond to requests. They do this simply to halt a business in its tracks or else to launch another attack whilst your systems are frozen. A Man-in-the-Middle (MitM) attack substitutes a guest’s connection with a server, spoofing the IP address to gain access to the server.
Arguably the most common types of attack come through phishing and social engineering attacks. The guest receives an email which looks authentic but is malicious. It could involve an email attachment which loads malware onto the guest’s computer or a supposed ‘issue’ which requests you fill in your personal information. From here, hackers can gain access to a hotel’s or restaurant’s system much easier.
Of course, there’s a plethora of techniques hackers use, often integrated and combined to create an untraceable, devastating attack. It includes cross-site scripting attacks, eavesdropping attacks and a range of malicious software ready to be uploaded, downloaded and installed.
How can hotels and restaurants defend themselves?
You could be on the ball with your cyber security issues, and you could train your staff to detect potential threats, too. But what about your guests? Your guests, the communication between you and them, the systems and the connection between them and your server, these are all gateways to infiltrate your business and, more often than not, it’s a disaster waiting to happen. There are simple steps you can take, however.
- Warn your guests about the type of emails you might send them and to remain vigilant about their connection with the server.
- Consider the vendors you work with; you might choose produce, contractors, cleaning services and other companies based on level of service and cost, but have you considered their security systems?
- Look in the mirror. Does your own security system, firewall and anti-virus protection stand up? Is it robust? Is it built to last?
- Review your Wi-Fi. Consider the ease of logging on, whether outsiders can access the password and how you can effectively manage how guests access it.
- Segment your entire network; if you separate parts of your network, it means that, if an attack does occur, the hacker gains access only to a section of your systems. If you don’t segment, you essentially place everything on the line.
- Seek expert advice; implementing a solid cyber security plan might come at a cost now, but it won’t come at a cost when hackers attempt to steal data.
Hard work vs. hard work
Naturally, hackers are diligent and, with the right motivation, can and will access any data they desire—most of the largest corporations in the world have suffered a breach and it’s not always for monetary motivations—so what can you do?
Quite simply, a good insurance policy will protect you if things do go wrong. Covering data loss, business interruption crisis management, loss of profits, reputational harm and more, our Cyber Insurance policies at Full Time Cover form the core protection for your business, no matter how big the breach.
To find out more about available features, get in touch with us today.