Tech Talk

Recent posts

With Guests Checking Back In, Hoteliers Look to Take Next Step With New Tech
Posted: 03/07/2023

Business travel is picking back up and families may be taking their first or second real vacations since the pandemic cancelled so many plans just a few years ago. To ensure that guests have the best on-site experience possible, hoteliers are increasingly looking to new technologies to make their stay more comfortable than ever. With an advanced property management systems (PMS) and integration platforms, hoteliers can increase operational and staff efficiency, but also meet changing guest expectations for a high-value but relatively low-touch experience. We looked ahead to see what changes we expect to see sweeping the hospitality industry this year.

Long-term readers of this blog know that I rarely focus on a single company or product. My goal is to help readers understand new and emerging technologies, when and why they might be useful, and what to consider if you are buying them.

Read More +

The Future of Hotels
Posted: 02/21/2023

Hotels have always been a high-touch low-tech business. Today, and into the foreseeable future, hotels are moving away from the pure ‘people serving people’ model towards a more high-tech low-touch business, and doubling down on digitalization. In the paragraphs below, I envision ways in which tech can innovate and enhance the guest experience throughout the guests’ 6 stage hotel journey: Imagine-Book-Stay-Report-Recommend-Return.

Read More +

Definitely Doug 2/10/23: Planning for June
Posted: 02/10/2023

The question I have heard most often in recent months is “where are you going in the last week of June?”. As most readers are aware, two trade shows featuring hotel technology are scheduled during the same dates that week. Many of you are still undecided which to attend. Knowing that your decision will be based at least in part on where others are going (hoteliers and exhibitors both), I decided to try to get some real data that I could share.

The Shiji Distribution Solutions team provided the research on available partners, vendors, and technology, however, for obvious reasons, the chart doesn’t contain every single solution and partner available.

Read More +

comment on this article

COVID-19 Pandemic Shines the Light on Cybersecurity Gaps

04/07/2020

by David Durko

During these trying times we are seeing a meteoric rise in cyber security threats targeting user credentials, financial information and sensitive business data. The current environment presents specific risks and opportunities for hoteliers. Identifying and addressing these risks has not yet garnered support from the top of the hotel’s management structure. This must change and will before long. It is vital that hoteliers take this opportunity to review their data security processes and procedures in order to close the threat vectors. The coronavirus pandemic has shone a light on serious process and technical security gaps that lead to an increase in the probability that hotels will suffer catastrophic data compromises.

The most glaring gap is that Incident Response Plans do not include guidance on how to deal with disasters such as COVID-19. Every major compliance mandate recommends that Incident Response Plans include processes and procedures for the protection of sensitive information during times of extenuating circumstances. While properties are focused on securing and protecting business functions they are not considering how to best lock down and protect their electronic assets from damage or compromise. As more and more hotels are being forced to temporarily close their doors no one is paying attention to securing systems and adding extra protection to ensure that the unattended, dormant systems are protected.

Compliance mandates spell out the requirement very clearly that businesses have a Disaster Recovery and Business Continuity Plan. This pandemic has made it very clear that hotels do not have a Business Continuity Plan in place and their Disaster Recovery Plan amounts to little more than a cloud-based data store for system back-ups.

Moving to a remote workforce has been difficult and has elevated the risk posture of the properties. A Business Continuity Plan would have identified the need for SSL-VPN connections that incorporate multi-factor authentication. The plan would require remote or home user’s systems be vulnerability free before connecting to the hotel network. Additionally, Advanced Endpoint Threat protections would be required to manage zero-day threats, stop most malware pre-execution and provide USB and Bluetooth controls. The implementation of an EDR/MDR product is necessary since open source, freeware or conventional anti-virus software is not enough.

As of March 27, 2020, more than 185,000 new domains were registered worldwide. The sole purpose of these sites is to lure unwitting users to fake websites where sensitive credentials can be stolen. This would then allow users to defraud or infect sensitive systems and networks. As of March 30, 2020, reported incidents of ransomware introduced from these mal-domains is up ten-fold.

For properties that remain open, employee furloughs will lead to the assumption of day-to-day operations by corporate management. We expect to see an uptick in data security incidents since management rarely participates in training and awareness programs. This makes them far more susceptible to phishing attacks. According to published data email phishing attacks are up 667% in the past 30 days. Fear, uncertainty and panic to obtain the latest information leads to the suspension of data security best practices and an increase in clicks on malware-laced emails. An example of one such email comes from an Eastern European source targeting associates already worried about losing their jobs and risking their health. This cleverly disguised email appears to come directly from the Center for Disease Control but is in fact a cleverly disguised phishing email. Another example comes from the Small Business Administration providing a link to the SBA Application. In one email as soon as the link is clicked ransomware is delivered to the user’s computer. In another variant clicking the link presents an online form that allows the bad actors to capture vital user information.

Here are the immediate steps a hotel can take to mitigate risk while they weather these difficult economic times.

Make sure the property has a current back up of all critical systems
Disable all non-essential user accounts
All VPN users must use multi-factor authentication
Remote users must have USB drives disabled
Perform vulnerability scans prior to connecting to the hotel network
Install an EDR/MDR (Advanced Endpoint Threat Protection) to ensure all threats are proactively managed.
Current AV will not remain current, receiving updates and definitions.

Well publicized breaches are more than a cautionary tale. The methods of attacks put the bullseye squarely on the backs of franchised and independent hotels. This leaves ownership holding the bag.