Tech Talk

Recent posts

If Elon Musk Was A Hotelier
Posted: 09/25/2020

What if a person of Elon Musk’s character and bravado were to enter the hotel industry? How would they shake things up and presage the next ‘game-changers’ to propel hospitality beyond our current challenges?

Things right now are hard to predict. That is a fact. Trends lack patterns. Strategy is a 6-month viewfinder. Leaders are in a tactical storm. We feel overwhelmed by the unknown and the feeling of “what is next.” 

Over the past six months, this column has focused mostly on hospitality technologies and issues that were triggered by COVID-19. Innovation has flourished during that time, from both established industry technology providers and from startups. At last count I had identified nearly 300 startups in the space since the beginning of the year, some of them with very interesting technologies.

As outlined in our previous article, cleanliness is dominating the headlines within the hotel industry, with a number of press releases on new initiatives from all the major chains. The landscape has transformed quickly, to help keep up with the standards this article will summarise the basic principles of cleaning and sanitisation of guest rooms and how that can be achieved quickly, easily and cost-effectively.

Decreasing Stress
Posted: 09/14/2020

Stress does not come without your invitation. It is self-induced by our perspectives of what is occurring in our lives. We all have stress, and the less of it, the more happiness you experience. Life is about living day to day.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

COVID-19 Pandemic Shines the Light on Cybersecurity Gaps

04/07/2020
by David Durko
During these trying times we are seeing a meteoric rise in cyber security threats targeting user credentials, financial information and sensitive business data.  The current environment presents specific risks and opportunities for hoteliers.  Identifying and addressing these risks has not yet garnered support from the top of the hotel’s management structure.  This must change and will before long.  It is vital that hoteliers take this opportunity to review their data security processes and procedures in order to close the threat vectors.  The coronavirus pandemic has shone a light on serious process and technical security gaps that lead to an increase in the probability that hotels will suffer catastrophic data compromises. 
 
The most glaring gap is that Incident Response Plans do not include guidance on how to deal with disasters such as COVID-19.  Every major compliance mandate recommends that Incident Response Plans include processes and procedures for the protection of sensitive information during times of extenuating circumstances.  While properties are focused on securing and protecting business functions they are not considering how to best lock down and protect their electronic assets from damage or compromise.  As more and more hotels are being forced to temporarily close their doors no one is paying attention to securing systems and adding extra protection to ensure that the unattended, dormant systems are protected. 
 
Compliance mandates spell out the requirement very clearly that businesses have a Disaster Recovery and Business Continuity Plan.  This pandemic has made it very clear that hotels do not have a Business Continuity Plan in place and their Disaster Recovery Plan amounts to little more than a cloud-based data store for system back-ups.

Moving to a remote workforce has been difficult and has elevated the risk posture of the properties.  A Business Continuity Plan would have identified the need for SSL-VPN connections that incorporate multi-factor authentication.   The plan would require remote or home user’s systems be vulnerability free before connecting to the hotel network.  Additionally, Advanced Endpoint Threat protections would be required to manage zero-day threats, stop most malware pre-execution and provide USB and Bluetooth controls.   The implementation of an EDR/MDR product is necessary since open source, freeware or conventional anti-virus software is not enough.

As of March 27, 2020, more than 185,000 new domains were registered worldwide. The sole purpose of these sites is to lure unwitting users to fake websites where sensitive credentials can be stolen. This would then allow users to defraud or infect sensitive systems and networks. As of March 30, 2020, reported incidents of ransomware introduced from these mal-domains is up ten-fold.  

For properties that remain open, employee furloughs will lead to the assumption of day-to-day operations by corporate management.  We expect to see an uptick in data security incidents since management rarely participates in training and awareness programs. This makes them far more susceptible to phishing attacks. According to published data email phishing attacks are up 667% in the past 30 days. Fear, uncertainty and panic to obtain the latest information leads to the suspension of data security best practices and an increase in clicks on malware-laced emails. An example of one such email comes from an Eastern European source targeting associates already worried about losing their jobs and risking their health. This cleverly disguised email appears to come directly from the Center for Disease Control but is in fact a cleverly disguised phishing email. Another example comes from the Small Business Administration providing a link to the SBA Application.  In one email as soon as the link is clicked ransomware is delivered to the user’s computer.  In another variant clicking the link presents an online form that allows the bad actors to capture vital user information.

Here are the immediate steps a hotel can take to mitigate risk while they weather these difficult economic times.
  • Make sure the property has a current back up of all critical systems
  • Disable all non-essential user accounts
  • All VPN users must use multi-factor authentication
  • Remote users must have USB drives disabled
  • Perform vulnerability scans prior to connecting to the hotel network
  • Install an EDR/MDR (Advanced Endpoint Threat Protection) to ensure all threats are proactively managed.
  • Current AV will not remain current, receiving updates and definitions.

Well publicized breaches are more than a cautionary tale. The methods of attacks put the bullseye squarely on the backs of franchised and independent hotels. This leaves ownership holding the bag.  
About The Author
David Durko
CEO
Security Validation


David Durko is the CEO of Security Validation a leading managed data security and privacy firm servicing the hospitality industry.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code