Tech Talk

Recent posts

Are You All In?
Posted: 07/27/2020

Imagine everyone in your organization engaged, aligned, and performing to their potential. Imagine everyone playing “All In.”

Great organizations have synergy. Their culture allows them to play to a rhythm at a different tempo than the average organization. How do you get that at your organization?

Many front-line hospitality workers rely on tips for a significant part of their paychecks. If not for tips, many hotel associates who serve as waitstaff, bartenders, housekeepers, bell staff, concierges and pool attendants would soon be looking for other jobs. This is a regional issue: in most of Asia and Europe, staff get higher base pay, and tips are either not expected at all, or are truly discretionary. But in the U.S., Canada, Britain and other countries, tips are an important reality, and one that’s not likely to change anytime soon.

As somebody who’s helped to grow a company from 13 people to nearly a thousand, I know very well the excitement that comes with having a mindset focused entirely on growth. Every newly acquired customer, every new office and every milestone means the gap between you and your nearest competitor is that much bigger and that much harder to overtake.

As the travel industry begins to rally, technology companies are taking steps to help their customers get back to business. Strategies run the gamut from complimentary webinars and virtual learning events to special promotions and discounts, all designed to enable hotels and other hospitality venues to reopen confidently and economically amid the COVID-19 pandemic.

Room Service and the New Normal - Food always has been, and always will be, a major part of the travel experience. But in a post-pandemic world, change is inevitable. Crowded restaurants and menus which have been handled many times may well (even temporarily) be avoided by wary travelers.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

Eliminate Internet Browsing on Check-in Machines

07/24/2014
by Gary Glover

At virtually every hotel security audit I’ve ever conducted, and at every hotel I’ve ever stayed at, front desk computers are used to both browse the Internet and accept credit card transactions. That is a serious violation of security protocol.

It doesn’t matter if a desk clerk is helping a customer print off their afternoon boarding pass, or check their personal email. Internet browsing on point-of-sale (POS) or property management machines that have the capability to take credit cards is a one-way ticket to data compromise.

Hackers Are Lurking
What happens if the innocent employee, with no formal security training, accidentally clicks on a malicious link while browsing the Internet? That malicious link could secretly download malware or install a virus onto the machine. Depending on the malware installed, every single customer credit card transaction made on that computer (and perhaps on the entire network) could be at risk.

The whole point of malware is to gain access to valuable and sensitive information, such as credit card numbers, so cybercriminals can reproduce cards or sell the stolen data on the black market.

Common types of malware that may infect your front desk computers include:

  • Keylogger: malware that secretly records every keystroke a user makes on a computer or mobile device. In such a way, malware authors can easily harvest typed information like passwords or credit cards.
  • Memory Scraper: designed to capture, or ‘scrape’ sensitive information from system memory (RAM) and return it back to the attacker. Some can morph into newer versions to avoid detection, or automatically reinstall in different locations if deleted.
  • Rootkit: type of malicious software activated each time a system boots up. They are difficult to detect because they reside at the system’s kernel level, and are activated before a system's operating system has completely booted up.
  • Packet Sniffer: malicious software that can intercept incoming and outgoing network traffic. Most sniffers are able to decode and analyze the data found, reporting it back to the owner.
Can Customer Service and Security Coexist?
The solution to hotel front desk dilemma is simple. Segment.

Most hoteliers don’t segment the POS and property management systems from other systems with access to the Internet. Segmentation is the act of compartmentalizing network areas that contain sensitive information (like customer credit cards) from those that don’t. Segmentation is a very secure practice because, if set up correctly, it is nearly impossible for sensitive data to leak outside of its allotted area.

It may sound complicated, but it’s not. All you need to do is dedicate one machine to taking credit cards, and dedicate any others for customer service use. Machines used to take credit cards should have no access to the public Internet (browsing, etc.), and machines that have access to the Internet should not have access to the point of sale system. That way, even if employees aren’t properly trained, it’ll be extremely difficult to mess up.

For example, if a customer pays with a credit card on the dedicated machine while checking in, then asks about restaurants in the area, the front desk clerk would physically need to move to the other computer placed on a separate network segment at the front desk used for Internet browsing. Remote desktop connections to a dedicated ‘browsing’ computer on another network segment could also be used.

Please note that the computers used to browse the Internet are just as vulnerable as before, but if infected, do not have access to credit card data on the more secure network segment. Also, don’t forget the concierge desk…they often have similar access to front desk computers.

I’m convinced that if this simple practice were put into place at hotels around the world, the risk of compromise in the hospitality industry would significantly decline. Not to say this is the only way hospitality industry systems are being compromised. Best practice is always to implement all controls contained in the PCI Data Security Standard. 

About The Author
Gary Glover

SecurityMetrics


Gary Glover (CISSP, CISA, QSA, PA-QSA) is the director of security assessment at SecurityMetrics. Gary has worked in the IT security industry as a QSA for over nine years. For more information about SecurityMetrics, visit www.securitymetrics.com.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code