Tech Talk

Recent posts

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.

The underappreciated city of Minneapolis served as host for the 2019 edition of HITEC (produced by HFTP) which wrapped up its most recent four-day run on June 20, 2019. In the days and weeks leading up to the event, meeting solicitations and party invites filled my inbox at a growth rate any VC or entrepreneur would envy. As a first-timer to this international hospitality technology behemoth, it became apparent that HITEC actually begins a few weeks prior to when that first request or invitation lands in your over-stuffed inbox.

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
 
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
 
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

Marriott Inherits a Mess of Historical Proportions - How much will the Starwood data breach end up costing Marriott?

12/04/2018 Tagged as: International, Marriott, security, Starwood, VENZA
By now, everyone is aware that hotel giant Marriott International announced on Friday a massive data breach that goes back more than four years and may have affected up to 500 million customers worldwide. The breach — which began in 2014 and involves Marriott-owned Starwood Hotels & Resorts’ guest reservation databases — is one of the largest in history. It’s also the second major security breach Starwood has reported. In November 2015, the company disclosed that malware had infected point-of-sale systems at dozens of its properties throughout the United States and Canada.

In this latest incident, anyone who made a reservation at a Starwood property, including Sheraton, Westin, W Hotels, St. Regis, Le Meridien, Four Points, Aloft, Tribute, Design Hotels, Element and the Luxury Collection, over this time period may have had data stolen. Information involved includes guest names, mailing addresses, phone numbers, email addresses and birth dates; and, for some customers, loyalty account information, travel histories, passport numbers and payment card data. At the time of this article, Marriott released in a statement that the company isn’t certain whether the hackers have been able to decrypt the payment card numbers.

Marriott acquired Starwood in September 2016. The acquisition made the company the largest hotel chain in the world, with more than 6,700 properties. The hackers’ access apparently went undetected during the merger.
 
Merging Loyalty Programs a Top Priority
Soon after the acquisition, Marriott began merging the Starwood Preferred Guest program with its own Marriott Rewards program. The company then turned its attention to merging the reservation systems. It was while working with the Starwood system that IT staff discovered the activities of the hacker. Marriott apparently had installed a new security monitoring tool on the Starwood network that alerted them to an unauthorized attempt to access the Starwood database.

Although Marriott has not confirmed which security tool found the breach, the company says the tool enabled its IT staff to discover encrypted data the hacker had copied and planned to remove. Marriott immediately enlisted the help of leading security specialists, who discovered there had been unauthorized access to the Starwood network since 2014.

For many industry experts, the breach doesn’t come as a surprise. “The hospitality industry has proven to be a data-rich soft target for hackers,” said attorney Thomas Jackson, who heads Phillips Nizer’s technology practice group in New York. He lists some of the hotel chains that have been breached in recent years, including Hilton Hotels, Hyatt Hotels, Intercontinental Hotel Group, Wyndham Worldwide, Radisson Hotel Group, Kimpton Hotels and Mandarin Oriental Hotel Group.

The breach also has gained the attention of several U.S. legislators, including Senator Mark Warner (D-Va.), who on Friday issued the following statement via Twitter: “It seems every other day we learn about a new mega-breach affecting the personal data of millions of Americans. Rather than accepting this trend as the new normal, this latest incident should strengthen Congress’ resolve. We must pass laws that require data minimization, ensuring companies do not keep sensitive data that they no longer need.”

Warner called on his colleagues to implement standards similar to the recently enacted EU General Data Protection Regulation (GDPR), which includes provisions for improved security and privacy policies for residents’ personal information.

Because the Marriott breach likely involves consumers in the European Union, it has received global attention. Moreover, there is speculation that the hotel conglomerate may have been the target of nation-state hackers who want to follow the travel movements of diplomats, heads of state, military officials, business executives and other people of interest to espionage agencies.
 
The Need for Improved Cybersecurity
Even if espionage is not the case, security experts across the country note that a data breach of this magnitude might still result in a wide range of crimes. Perhaps more importantly, though, it will drive hotel companies to rethink how they secure their networks to combat today’s increasingly sophisticated cybercriminals.

"The hotel industry dramatically underperforms long-regulated industries, such as banking and healthcare, in key areas of cybersecurity,” said Kelly White, founder and CEO of RiskRecon, a cyber risk management company based in Salt Lake City. Compared to banks, he stated, hotels have a 400 percent higher rate of critical software vulnerabilities in internet-facing systems that store and process sensitive regulated information; compared to health care facilities, hotels have a 180 percent higher rate. “The hospitality industry has a long way to go to satisfy protection requirements dictated by standards such as GDPR,” he continued, noting that it’s going to take time for the industry to get their cyber risk house in order.

Although White believes part of the problem is due to the industry being newly regulated, he also points a finger at the franchise model of larger hotel brands. “They are dependent on third- and fourth-party relationships to get security right,” he said. “And, because of the interconnected nature of large enterprises to third and fourth parties, it only takes one mistake to expose and embarrass millions.”

David Durko, CEO of Security Validation, a Montclair, N.J. provider of PCI compliance and managed security services, agrees. “This latest event reminds us that the threat surface for hospitality continues to evolve as reliance on third-party providers and bleeding edge technologies grows,” he said, referring to the category of technologies so new that they could have a high risk of being unreliable.

At the Hospitality Upgrade CIO Summit in September, representatives from the FBI discussed the need for more stringent surveillance tools and noted that hotels must take a multi-faceted approach to cybercrime, as hackers are using multiple methods to break into systems. They outlined the most popularly used intrusion techniques, which include: emails with attachment and malware; phishing; reused credentials from a third party; unpatched known vulnerability; web app or database vulnerability; and, zero day vulnerability.

According to Dan Dearing, senior director of product marketing at Pulse Secure, a San Jose, Calif., provider of network solutions, companies must adopt a ‘Zero Trust’ cybersecurity model, deploying security tools that verify every user and that determine whether users are authorized to access the desired applications or data. Additionally, users’ laptops and mobile devices must meet the company’s security standards. “Only if all three conditions are met are users allowed on the network,” he said.

Josh Bergen, president of Atlanta-based data protection company VENZA, stresses the importance of continuous staff security training in fighting cybercrime. “The ‘human firewall’ is only as strong as the training staff receives, combined with the tools they’re given to manage data security.” He also notes that protecting guest data requires a team approach involving a brand’s corporate office, franchisees, vendors, equipment providers and guests.
 
An Industry Call to Action
Industry insiders agree that the fall-out from this latest security breach will be considerable. Along with the damage to its reputation, Marriott also will be affected financially. Already, the attorneys general in several states, including Illinois, Massachusetts, New York, Pennsylvania and Texas, have launched investigations into the incident. And the breach likely will set off a series of class action lawsuits from those affected by it.

For its part, Marriott is working with leading security experts and law enforcement officials to catch the hackers. And the company is offering plenty of customer support, including launching a dedicated website and call center to answer guest questions and providing customers affected by the breach a year of free monitoring with Kroll’s WebWatch. According to a corporate press release, Marriott also is devoting the resources necessary to phase out all Starwood systems and accelerate network security enhancements.

Certainly, this latest data security incident is a huge call to action for the hospitality industry. “The lodging industry has a unique relationship with its customers, who routinely entrust hotels with their safety and security,” said John Burns, president of Hospitality Technology Consulting in Scottsdale, Ariz. “Moreover, hotels increasingly ask guests for personal information and have amassed detailed profiles that contain sensitive data.

“We must implement a considerably more stringent data protection protocol,” he concluded. “The techniques are available — some are simple and user-friendly, others less so. Regardless, if we fail to honor the trust guests place in us to protect their sensitive data, the result will be a resounding loss of confidence, not only in our relationship-building efforts but also in our industry more broadly.”
About The Author
Fran Worrall
Contributing Editor
Hospitality Upgrade



 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code