Tech Talk

Recent posts

Definitely Doug 9/29/23: Experience Matters! (Part Two)
Posted: 09/29/2023

In my last blog, I introduced the topic of software that enables hotel guests to book local experiences. I cited potential key benefits, including commission revenue, guest satisfaction, reduced staff workload, and new direct bookings.

Read More +

Three Mistakes Hotels Are Making with Wi-Fi
Posted: 09/18/2023

Wi-Fi is now like the foundation for your hotel: if it’s not solid, it can jeopardize everything.
Your HSIA network has to deliver the performance and experience your guests demand; Wi-Fi has evolved from being an amenity to a necessity and key driver of guest satisfaction.
In the converged world, all your systems for business operations depend on a solid and secure Wi-Fi network. Without it, nothing else works properly—your staff and systems will struggle, and you will waste precious time, money, and resources trying to recover.
Here are three things you may be doing that put you and your Wi-Fi network at risk, and what you should do instead.

Read More +

Definitely Doug 9/15/23: Experience Matters!
Posted: 09/15/2023

Hotels are usually the first thing a traveler books within a destination. And hotels usually know that destination better than anyone else (or any website) a guest might consult. But are hotels connecting the dots?

Read More +

Definitely Doug 8/25/23: Check It Off the List!
Posted: 08/25/2023

This week I will cover software that goes under various descriptions, including quality assurance, audit, and checklist management. It includes anything that involves a standard list of things that someone needs to perform or verify. In hospitality, this is still an emerging field, but is growing very rapidly.

Between 2020-2022, traveler adoptions fluctuated drastically due to the lockdowns, the impact of the variants, and the vaccination schedule. As the pandemic is behind us and people start to travel in 2023, one question is on every practitioner’s mind: What are the traveler’s current expectations and preferences in the post-pandemic world?

Read More +

comment on this article

COVID-19 Pandemic Shines the Light on Cybersecurity Gaps

04/07/2020

by David Durko

During these trying times we are seeing a meteoric rise in cyber security threats targeting user credentials, financial information and sensitive business data. The current environment presents specific risks and opportunities for hoteliers. Identifying and addressing these risks has not yet garnered support from the top of the hotel’s management structure. This must change and will before long. It is vital that hoteliers take this opportunity to review their data security processes and procedures in order to close the threat vectors. The coronavirus pandemic has shone a light on serious process and technical security gaps that lead to an increase in the probability that hotels will suffer catastrophic data compromises.

The most glaring gap is that Incident Response Plans do not include guidance on how to deal with disasters such as COVID-19. Every major compliance mandate recommends that Incident Response Plans include processes and procedures for the protection of sensitive information during times of extenuating circumstances. While properties are focused on securing and protecting business functions they are not considering how to best lock down and protect their electronic assets from damage or compromise. As more and more hotels are being forced to temporarily close their doors no one is paying attention to securing systems and adding extra protection to ensure that the unattended, dormant systems are protected.

Compliance mandates spell out the requirement very clearly that businesses have a Disaster Recovery and Business Continuity Plan. This pandemic has made it very clear that hotels do not have a Business Continuity Plan in place and their Disaster Recovery Plan amounts to little more than a cloud-based data store for system back-ups.

Moving to a remote workforce has been difficult and has elevated the risk posture of the properties. A Business Continuity Plan would have identified the need for SSL-VPN connections that incorporate multi-factor authentication. The plan would require remote or home user’s systems be vulnerability free before connecting to the hotel network. Additionally, Advanced Endpoint Threat protections would be required to manage zero-day threats, stop most malware pre-execution and provide USB and Bluetooth controls. The implementation of an EDR/MDR product is necessary since open source, freeware or conventional anti-virus software is not enough.

As of March 27, 2020, more than 185,000 new domains were registered worldwide. The sole purpose of these sites is to lure unwitting users to fake websites where sensitive credentials can be stolen. This would then allow users to defraud or infect sensitive systems and networks. As of March 30, 2020, reported incidents of ransomware introduced from these mal-domains is up ten-fold.

For properties that remain open, employee furloughs will lead to the assumption of day-to-day operations by corporate management. We expect to see an uptick in data security incidents since management rarely participates in training and awareness programs. This makes them far more susceptible to phishing attacks. According to published data email phishing attacks are up 667% in the past 30 days. Fear, uncertainty and panic to obtain the latest information leads to the suspension of data security best practices and an increase in clicks on malware-laced emails. An example of one such email comes from an Eastern European source targeting associates already worried about losing their jobs and risking their health. This cleverly disguised email appears to come directly from the Center for Disease Control but is in fact a cleverly disguised phishing email. Another example comes from the Small Business Administration providing a link to the SBA Application. In one email as soon as the link is clicked ransomware is delivered to the user’s computer. In another variant clicking the link presents an online form that allows the bad actors to capture vital user information.

Here are the immediate steps a hotel can take to mitigate risk while they weather these difficult economic times.

Make sure the property has a current back up of all critical systems
Disable all non-essential user accounts
All VPN users must use multi-factor authentication
Remote users must have USB drives disabled
Perform vulnerability scans prior to connecting to the hotel network
Install an EDR/MDR (Advanced Endpoint Threat Protection) to ensure all threats are proactively managed.
Current AV will not remain current, receiving updates and definitions.

Well publicized breaches are more than a cautionary tale. The methods of attacks put the bullseye squarely on the backs of franchised and independent hotels. This leaves ownership holding the bag.