Tech Talk

Recent posts

The forces driving local search rankings are constantly changing. But recent studies suggest that in 2019, four key factors make up the local search algorithm. 
 
The most significant factor is Google My Business (GMB). If you’re not on it, get on it now.

The robotic revolution in the hospitality industry might seem to have taken a step back. This January, the famously quirky Henn-Na Hotel in Japan fired half of its 243 robot staff. The robotic workforce reportedly irritated guests and frequently broke down.

Think about the moment when you first enter your hotel room. Look around: Does the room tell you anything unique about the hotel where you are staying? Or is it all beige walls and double beds with white covers, and you have to walk back outside and look at the sign on the hotel’s facade to even remember where you are?

Hotel guests commonly bring multiple devices with them during their stay. However, many hotel environments don’t provide easy access to charging outlets. This situation can lead to a guest feeling more than inconvenienced. A recent survey found almost 90 percent of people "felt panic" when their phone battery dropped to 20 percent or below.

Spam is one of the major problems that most hotel website owners face on regular basis. It is a bad practice used by spammers to persuade the page rank of a site.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

Key Takeaways From the 2015 Verizon PCI Compliance Report

03/30/2015

Verizon released the Verizon 2015 PCI Compliance Report on March 12. The 84-page report contains an overview of how ‘compliant’ companies are and the findings compare prior years’ results to current.

Hospitality Upgrade was invited to interview an author of the report. We asked regular contributor Marion Roger, VP Business Development, Hospitality Evolution Resources, to conduct an interview with Franklin Tallah, lead for hospitality for Verizon.

Note: About 20 percent of the companies covered by Verizon’s report were defined as “hospitality” (grouping hotels, online travel companies, airlines and restaurants.)

To help our readers cut to the chase, Roger asked Tallah, to share what he thought were the most important takeaways for our readers. Tallah’s responses are below:

1. During interim investigation assessments, only 12 percent of all the companies included in the study were compliant at the testing phase, meaning 88 percent were non-compliant at testing. Tallah indicated that the “least prepared industry” was the hospitality segment.  Only four percent of hospitality entities were compliant at interim testing level.  He went on to add that restaurants and travel companies (OTAs and airlines, technically part of the hospitality segment studied) actually fared better than hotels. Thus, given the three groups COMBINED scored an average of only four percent passing, one could deduce that hotels were even LESS than four percent compliant at the interim stage.  

He then expanded his comments to note the report found the hospitality industry as the sector that needs a longer remediation period, sharing they often struggled between the interim findings and fixing issues before the final stages. He attributed that in part to the hub and spoke structure of head offices and the portfolio of properties.

Roger asked if he was surprised that despite the increasing maturity of the standard and organizations’ understanding of it, attaining compliance remains far from easy. Tallah opined that although we operate in such a rapidly evolving threat landscape, the 12 requirements are a good starting point and yet so many are not even passing more than a few.

In particular, Tallah noted that of the 12 requirements, that hospitality companies typically passed only two of them in the interim stage: Requirement #1- having a firewall, and Requirement #12 – Maintaining security policies (an infosec environment.)   Of the other requirements (Principles 2 through 11 inclusive) the hospitality industry as a whole failed.

[For those needing a quick “cheat sheet”, the 12 PCI DSS requirements include maintaining firewalls, securing configurations, protecting stored data, protecting data in transit, maintaining antivirus software, maintaining secure systems, restricting access, authenticating access, controlling physical access, logging and monitoring, testing security systems and maintaining security policies.]

2. Of all the data breaches Verizon’s forensics team investigated over the last 10 years, not a single company was found to be compliant with all 12 PCI requirements at the time of the breach. That said, compliance is up on the whole. Between 2013 and 2014, compliance across the entire population studied, rose in every area except testing security systems.

Of the 12 PCI compliance requirements No. 11, Testing Security Systems, was the only requirement that experienced drop off; dropping from 40 percent to 33 percent compliance.

Tallah pointed out that while testing was a challenge for everyone, the 2014 report also uncovered that the hospitality” sector is the one that struggles the most with the internal vulnerability scan phase of testing. This test is monitored as a pass/fail, and the hospitality industry as a whole failed this phase.

3. He wrapped up with some interesting correlation findings related to the principles. The first finding is that on average, breached organizations were 36 percent less likely to be compliant with a given requirement. In particular 45 percent of the breached companies were not compliant on patch management and development security.

Tallah remarked that sadly the study illustrated one can see a clear correlation between those companies that are not fully PCI compliant and the level of risk they face.

There are a variety of angles to take on the report and a lot of detailed data to sift through.  Depending on the sector and role the reader, interpretation leads to either very positive or quite negative news. 

Delve into the report and grasp that as mentioned earlier, only 20 percent of businesses passed their most recent PCI compliance assessments. But remember: while this is better than the 10 percent compliance rate cited in the 2014 report, it’s important to note that of all the breaches reported by Verizon last year, “not a single company has been found to be compliant at the time of the breach,” underscoring the importance of PCI DSS compliance.

Clearly PCI compliance is only a single element of a much broader security and risk management portfolio. As Forrester Research highlighted on March 3 of this year: “If regulations are the beginning and end of your security strategy, you need to rethink your strategy. Compliance-based strategies have narrow controls that are of limited use to the entire enterprise.”

Click here to view the full report.

About The Author
Marion Roger
VP Business Development
Hospitality E Resources


Marion Roger, vice president of Hospitality E Resources (HER Consulting), is a specialist in the hospitality supply chain landscape who is currently leading an industry initiative to support guest data security and has developed a hotel-focused training curriculum on PII protection. With a speciality focus on electronic reservation systems, payment technology protection and data security, Marion is a regular on the speaker circuit and contributor to Hospitality Upgrade on these key topics.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code