Tech Talk

Recent posts

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.

The underappreciated city of Minneapolis served as host for the 2019 edition of HITEC (produced by HFTP) which wrapped up its most recent four-day run on June 20, 2019. In the days and weeks leading up to the event, meeting solicitations and party invites filled my inbox at a growth rate any VC or entrepreneur would envy. As a first-timer to this international hospitality technology behemoth, it became apparent that HITEC actually begins a few weeks prior to when that first request or invitation lands in your over-stuffed inbox.

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 

want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.


Verizon's 10th Annual Data Breach Investigations Report Details the Changing Cyber Threat Landscape


In the 2017 Data Breach Investigations Report (DBIR) just released, Verizon presents a detailed picture of the nature of cybercrime in the past year. Now in its 10th year, the DBIR provides analytical insight on information from 65 organizations encompassing 42,068 incidents and 1,935 breaches from 84 countries. The key takeaways are troubling, if not necessarily surprising:

  • Cyberespionage – driven by state-sponsored, corporate or organized-crime actors – is on the rise; now 21% of all cases analyzed, primarily targeting manufacturing, public sector and education organizations.
  • Ransomware attacks have doubled from previous year – now the 5th most common malware category, up from 22nd in 2014. Ransomware is now categorized as a “prevalent” type of malware.
  • People remain the soft target in the threat landscape. E-mail phishing is still the “go-to technique” for hackers, linked to 95% of malware installations on user computers. 43% of all data breaches used phishing.
  • Pretexting is on the rise. In this technique, the bad guys use fake e-mails or phone calls, usually targeting finance and accounting employees, attempting to trick them into wiring money, paying fake invoices or providing sensitive information such as employee W-2 data.
  • Smaller organizations are more likely to be targets: businesses with fewer than 1,000 employees were victims in 61% of the breaches analyzed.
  • Organizations are still struggling with the most basic security process – changing and protecting passwords. 81% of all breaches leveraged weak, default, or stolen passwords.

This year’s Verizon report makes the statistical analysis of breach data more actionable for businesses by providing key insights by industry segment, including the Accommodations segment (lodging and restaurants). The good news is that the hospitality industry is no longer the primary target for data thieves: Accommodations and Retail combined represent only 15% of all breaches. Top honors this year go to the Financial segment, with 24% of breaches affecting financial organizations.

The bad news for hospitality operators?

The vast majority of breaches still involve theft of cardholder data from POS systems, and time-to-detection is still measured in months. The report states, “The hospitality industry continues to be inhospitable, at least when it comes to POS breaches, which continue to be as ubiquitous and unsatisfying as the continental breakfast. While hotels likely come to mind first, restaurants also fall into this industry and comprise the majority of the victim population. Often food service victims are smaller businesses without IT departments, CISOs etc., but they do accept payment cards and are therefore a target for opportunistic attack.”

Of the 206 hospitality breaches analyzed, 87% involved POS systems, and all of those breaches utilized either malware, hacking, or both. Threat actors were almost all (96%) external players, usually criminal organizations. The truly depressing statistic is breach timelines. Verizon quotes The Eagles on this point, from the song Hotel California: “You can check out any time you like, but you can never leave.” On average, time-to-compromise is measured in seconds, time-to-exfiltrate – get stolen data out – is days, but times to discovery and containment are still measured in months. Detection of breaches in hospitality rarely occurs from internal security: 85% were detected by external fraud investigations, followed by 4% from law enforcement.

So, what should organizations be doing?

Clearly, many hospitality operators need a more effective information security plan (see article in the Spring 2017 edition of Hospitality Upgrade: Information Security: We’re Doing It Wrong). The Verizon DBIR highlights several recommendations that should be part of your plan for improving security:

  • Implement better anti-malware defenses. Malware was involved in 94% of breaches in hospitality.
  • Manage passwords. Don’t use default or easy-to-guess passwords. Don’t use the same password for multiple resources. Don’t share passwords. Don’t allow passwords to go unchanged for long periods.
  • Fortify remote access, particularly to POS systems. Only allow connections from known sources, and use multi-factor authentication for access, which combines something you know (i.e., user id & password) with something you have, like a cell phone, or something you are, like a fingerprint.
  • Patch promptly and consistently. Everything requires maintenance, and computer software is no different. Not keeping server and terminal software updated leaves exposed vulnerabilities that the bad guys can leverage in an attack.
  • Train your users in security awareness. Teach them about phishing, pretexting, and other social-engineering attacks. Encourage them to report anything out of the ordinary. Verizon points out that even a change in system performance or unusual error messages could be an indicator of compromise.
  • Know what you’re dealing with. Research the threat environment by reading the Verizon DBIR, the associated Verizon Data Breach Digests, and other security publications. The bad guys are studying you – you should be studying them, too.
About The Author
Ron Hardin

Ron Hardin is an independent technology consultant. He can be reached at

Blog post currently doesn't have any comments.
Leave comment

 Security code