We found a very important article on “4 ways to protect your hotel from a data breach” that we thought would interest you.

Last Monday, HEI Hotels & Resorts was preyed upon by hackers. However, Stu Sjouwerman, founder and CEO of employee training and security company KnowBe4, believes hotels should be aware of the dangers of credit thefts by now, but hotels are not prepared. Here are Sjouwerman’s four takeaways on prevention:

1. Understand the risk

HEI reported that the breach occurred in 20 locations across 10 states and in the District of Columbia. In the article, Sjouwerman said that these hacks target point-of-sale systems used in hotel food-and-beverage outlets, and any location operated by HEI using that POS system is vulnerable.

“Many chains all use the same infrastructure. If someone were to break in, the amount of data they could access is enormous,” Sjouwerman said. “To the bad guys time is money, so they go where the biggest hits will net them the most cards.”

As hackers are clever at hiding their tracks, data breaches often go unnoticed until banks detect fraudulent charges. But at that stage, it’s too late; the information has been disseminated and most likely sold online for a profit. The article also explains that a worse situation is when hackers operate from overseas, which makes the likelihood of their arrest slim to none.

2. Train your employees

Hackers exploit human error, and often still rely on phishing schemes to gain access to protected networks. They send falsified emails or loaded links to upload malware onto company computers, and when employees do errant clicks from sources that appear legitimate, it gives access to the company’s data to invaders.

In the article, Sjouwerman said, “One thing hotels should do to make a massive improvement on these risks is send employees simulated phishing attacks. Train at least once per month to identify these attacks.”

The article also explains that the process usually begins with a baseline test to determine what percentage of employees are falling for phishing attacks, and then train them through their browser. “This type of training is the biggest bang for your buck because it’s how [hackers] are getting in,” said Sjouwerman.

3. Update machines

The article strongly emphasises that if the machines aren’t up to date, prevention is still ineffective, even if the employees are properly trained. It is not a big expense considering most updates are free. Investing in strong firewalls and properly protected network is integral to keeping dangerous malware away from sensitive information.

A worrisome issue that all businesses are running into is with regards to data security; at some point there is a moment where credit card information is not encrypted. “It’s usually at the POS level; that’s where these things usually fall down,” said Sjouwerman.

4. Don’t wait for the next attack

Many of the hotel industry’s largest companies such as Home Depot, Target and many more have been struck by credit card theft in recent years, yet many remain without proper defences, said Sjouwerman.

“There are three ways to learn about security: Read about it in books, see others practice it or become a victim. Most people who are hacked insist on learning the third way. Unless it has happened to them, it’s not real enough for them to spend money. Remember that being compliant is not the same as being secure,” said Sjouwerman.

To read the source article, click here.

Comment