Tech Talk

Recent posts

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
 
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
 
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 

The forces driving local search rankings are constantly changing. But recent studies suggest that in 2019, four key factors make up the local search algorithm. 
 
The most significant factor is Google My Business (GMB). If you’re not on it, get on it now.

The robotic revolution in the hospitality industry might seem to have taken a step back. This January, the famously quirky Henn-Na Hotel in Japan fired half of its 243 robot staff. The robotic workforce reportedly irritated guests and frequently broke down.

Think about the moment when you first enter your hotel room. Look around: Does the room tell you anything unique about the hotel where you are staying? Or is it all beige walls and double beds with white covers, and you have to walk back outside and look at the sign on the hotel’s facade to even remember where you are?



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

Eliminate Internet Browsing on Check-in Machines

07/24/2014

At virtually every hotel security audit I’ve ever conducted, and at every hotel I’ve ever stayed at, front desk computers are used to both browse the Internet and accept credit card transactions. That is a serious violation of security protocol.

It doesn’t matter if a desk clerk is helping a customer print off their afternoon boarding pass, or check their personal email. Internet browsing on point-of-sale (POS) or property management machines that have the capability to take credit cards is a one-way ticket to data compromise.

Hackers Are Lurking
What happens if the innocent employee, with no formal security training, accidentally clicks on a malicious link while browsing the Internet? That malicious link could secretly download malware or install a virus onto the machine. Depending on the malware installed, every single customer credit card transaction made on that computer (and perhaps on the entire network) could be at risk.

The whole point of malware is to gain access to valuable and sensitive information, such as credit card numbers, so cybercriminals can reproduce cards or sell the stolen data on the black market.

Common types of malware that may infect your front desk computers include:

  • Keylogger: malware that secretly records every keystroke a user makes on a computer or mobile device. In such a way, malware authors can easily harvest typed information like passwords or credit cards.
  • Memory Scraper: designed to capture, or ‘scrape’ sensitive information from system memory (RAM) and return it back to the attacker. Some can morph into newer versions to avoid detection, or automatically reinstall in different locations if deleted.
  • Rootkit: type of malicious software activated each time a system boots up. They are difficult to detect because they reside at the system’s kernel level, and are activated before a system's operating system has completely booted up.
  • Packet Sniffer: malicious software that can intercept incoming and outgoing network traffic. Most sniffers are able to decode and analyze the data found, reporting it back to the owner.
Can Customer Service and Security Coexist?
The solution to hotel front desk dilemma is simple. Segment.

Most hoteliers don’t segment the POS and property management systems from other systems with access to the Internet. Segmentation is the act of compartmentalizing network areas that contain sensitive information (like customer credit cards) from those that don’t. Segmentation is a very secure practice because, if set up correctly, it is nearly impossible for sensitive data to leak outside of its allotted area.

It may sound complicated, but it’s not. All you need to do is dedicate one machine to taking credit cards, and dedicate any others for customer service use. Machines used to take credit cards should have no access to the public Internet (browsing, etc.), and machines that have access to the Internet should not have access to the point of sale system. That way, even if employees aren’t properly trained, it’ll be extremely difficult to mess up.

For example, if a customer pays with a credit card on the dedicated machine while checking in, then asks about restaurants in the area, the front desk clerk would physically need to move to the other computer placed on a separate network segment at the front desk used for Internet browsing. Remote desktop connections to a dedicated ‘browsing’ computer on another network segment could also be used.

Please note that the computers used to browse the Internet are just as vulnerable as before, but if infected, do not have access to credit card data on the more secure network segment. Also, don’t forget the concierge desk…they often have similar access to front desk computers.

I’m convinced that if this simple practice were put into place at hotels around the world, the risk of compromise in the hospitality industry would significantly decline. Not to say this is the only way hospitality industry systems are being compromised. Best practice is always to implement all controls contained in the PCI Data Security Standard. 

About The Author
Gary Glover

SecurityMetrics


Gary Glover (CISSP, CISA, QSA, PA-QSA) is the director of security assessment at SecurityMetrics. Gary has worked in the IT security industry as a QSA for over nine years. For more information about SecurityMetrics, visit www.securitymetrics.com.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code