Online security breaches can, and do, happen every day across the world. Targets range from individuals to big businesses and there have been major victims in the past – including hotel chains.
Some of the world’s largest companies have fallen prey to data breaches, costing millions of dollars in damages. Think back to 2013 when Yahoo was attacked and three billion user accounts were compromised. In the same year eBay had almost 150 million customer accounts accessed illegally.
With so much revenue and guest information being processed through hotels and resorts, such as credit card data, your property could very well be targeted in the same way so it’s important to be aware of what you’re facing.
Here are the most common forms of online security breaches that may occur – along with some tips to avoid a hotel data breach where you are…
Your biggest threat: Malware
Malware is any piece of software that was written with the intent of doing harm to data, devices or to people. Malware is perhaps the most common and most dangerous online security threat thanks to its diversity.
Officially standing for malicious software, malware incorporates many different types of potential dangers to hotel technology such as reservations systems.
Just a like a virus you might contract, a computer virus will infect files on your system and then spread uncontrollably, eventually crippling the machine if left unchecked.
Trojans are chameleons, disguising themselves as all types of legitimate software or hiding with legitimate software that’s been tampered with. Once installed, they will then attack the system.
Somewhat obviously, spyware is designed to linger undetected in the background of your system and take note of what you do online. It will look for passwords, payment card data such as credit card information, names and addresses, and other private details.
These have the ability to infect a whole network of connected devices, and then use all of them to infect more, either locally or across the Internet.
Again self-explanatory, this malware essentially locks your computer and threatens to destroy everything unless you pay a ransom to the owner. (Talk about dramatic.)
This is not the most hostile of the group, often it will simply serve you annoying ads or pop-ups, but it can also open a way for other malware to get in.
The problem is that all of these types of malware require slightly different methods of removal and protection if a breach does take place at affected hotels. It’s always good practice to avoid engaging with suspicious emails and clicking unsecure links etc. but the only way to be completely safe is to ensure you have anti-malware and antivirus software installed on all the devices you conduct your business with.
The overwhelming wave: Spam
Spam has its origins way back in 1970 thanks to a Monty Python sketch and is the sending of an unsolicited message, mostly advertising via email.
The term can also apply to other media such as instant messaging spam, search engine spam, spam in blogs, wiki spam, online ads spam, text message spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam.
It’s all very unwelcome usually and in some cases carries more dangerous malware with it.
However, there are plenty of ways to ensure you’re not bothered by spam at your hotel. Here are some tips:
- Avoid opening emails that look like scams or spam
- Never give in to spammers by purchasing something or accepting an offer
- Don’t bother replying. Simply delete and/or block
- Don’t be tricked into clicking. Even if a link is labelled ‘unsubscribe’ it will just confirm the email address is active and encourage more spam
- Use a disposable email address for purposes that may attract spam such as online purchasing
- In fact, be very wary where you put your main email address and who you give it to
- Try to use web contact forms instead of actually posting your email address on your website publicly
- When communicating your email address, present it in a way a person will understand but a spambot won’t. For example, test at test.com instead of email@example.com
Testing your vigilance: Phishing
Phishing emails are quite common, with 76% of organisations in 2016 reporting they had been the target of a phishing attack.
They’re so named because they throw out a lure, trying to catch unsuspecting victims and trick them into giving up information such as card details or payment information or allowing entry to malware.
The most common form of phishing comes via email. Likely to be posing as a friend, co-worker, manager, or trusted company such as your bank or card issuer, the email would make a seemingly reasonable request to open an attachment or verify information but would then infect your computer and capture valuable data.
Often a phishing email will look very similar to a normal email you would expect to receive, which is why people can get caught out.
To give yourself the best chance of repelling phishing attempts, follow this advice:
- Ensure anti-malware tools are installed and up to date on your systems – including point of sale systems and payment systems
- Update your applications regularly
- Test links before opening them
- Look for mistakes or suspicious details in email addresses and content
- Be wary of fake login screens and website URLs
- Give all hotel staff and system users education on what to look out for
The vindictive aggressor: DoS attacks
A denial-of-service (DoS) attack occurs when a hacker or virus shuts down a machine or network and prevents it being accessed by its intended users. This is usually done by flooding the system with an unprecedented amount of traffic or by sending information that triggers a crash.
The victims of DoS are usually high-profile organisations who people have a slight against.
A few different methods of DoS attacks exist. They include:
- Buffer overflow attacks sending more traffic to a network address than the programmers have built the system to handle
- ICMP floods that leverage misconfigured network devices by sending spoofed packets that ping every computer on the targeted network
- SYN floods that send a request to connect to a server, but never complete it. This continues until all open ports are saturated with requests
DoS attacks are very hard to predict or prevent. Usually solutions depend on countermeasures once the attack has been noticed. For a full list of actions you can take click here.