Tech Talk

Recent posts

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.

The underappreciated city of Minneapolis served as host for the 2019 edition of HITEC (produced by HFTP) which wrapped up its most recent four-day run on June 20, 2019. In the days and weeks leading up to the event, meeting solicitations and party invites filled my inbox at a growth rate any VC or entrepreneur would envy. As a first-timer to this international hospitality technology behemoth, it became apparent that HITEC actually begins a few weeks prior to when that first request or invitation lands in your over-stuffed inbox.

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 

want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.


Data Breaches — What is a Hotel Brand Supposed to Do?


Unfortunately, large hotel chains are ideal victims — enticing hackers with large quantities of valuable information such as credit card data for guests and sensitive employee data for staff. All owners and operators need to take proactive steps to protect consumer data.

A recent string of cybersecurity events affecting a surprising number of well-known hotel chains has been making headlines. First, it was revealed that a point-of-sale (POS) malware breach hit a total of 20 hotels run by HEI Hotels and Resorts, including Hyatt, Marriott, Starwood and Intercontinental properties. The attack was active March 1, 2015 through June 21, 2016, potentially affecting thousands of customers — according to a statement by HEI Hotels and Resorts.

In the same timeframe, a data breach was announced at Millennium Hotels & Resorts North America, involving food and beverage POS systems at 14 of its hotels in the U.S. Credit cards that were processed from early March 2016 to mid-June 2016 were affected.

Not long after this, credit information was reportedly compromised at Noble House Hotels & Resorts, affecting credit cards used at 11 different properties between April 25, 2016 and Aug. 3, 2016. Most recently, Kimpton Hotels confirmed that malware was found on payment terminals in more than 60 of its hotels and restaurants. Customers’ payment cards processed between Feb. 16, 2016 and July 7, 2016 were involved.

This string of hotel chain attacks indicates that many hospitality companies still are not implementing strong enough security measures — particularly when it comes to the POS systems.

So what is a hotel brand supposed to do?

Hospitality companies must realize that they are in a digital war with cybercriminals that are after payment card data. And it’s a harsh reality that the war is being won far too often by these hackers. Any business, regardless of size or vertical specialty, that processes payment data or offers free Wi-Fi to guests, is a lucrative breach target, but unfortunately, large chains like HEI or Kimpton are ideal victims — enticing hackers with large quantities of valuable information such as credit card data for patrons, sensitive employee data for staff, and sometimes even medical data used by in-house care facilities.

Cybercriminals have multiple opportunities
and points of entry for the hacks.

Hotels are generally more at risk for POS breaches because payment card data is used throughout each hotel location — most have multiple POS terminals. Plus card info is shared with the hotel before the guest even arrives through the booking process. All of this gives cybercriminals multiple opportunities and points of entry for the hacks.  In addition, hotels are made even more vulnerable thanks to other POS system provider breaches, like the recent one at Oracle that affected 330,000 merchants.

Regardless of the size of the hotel, all owners and operators need to take proactive steps to protect the consumer data they come into contact with.
Traditional cybersecurity defenses just aren’t cutting it anymore. And customers of these establishments deserve the best possible security of their data — and they should expect it too. New defensive approaches, advanced cybersecurity tools and increased cyber intelligence need to be deployed, which usually come from a relationship with an outside vendor due to the specialized knowledge needed to understand what the tools and resulting information being gathered is telling you. Possible tools include things like File Integrity Monitoring, Unified Threat Management (UTM) appliances, Security Information and Event Management (SIEM) and next-generation endpoint security solutions.
When systems like this are in place and managed appropriately, the processes within the programs,  the computer operating system and memory will be watched for suspicious activity — and those tools will talk to other tools that have even deeper threat intelligence from a network of other deployed sensors.

However, it’s very hard to do all of this on your own. Many hotels don’t have dedicated IT staff available to run these systems, and worse yet, those that have dedicated IT staff at a corporate level may not have the skills or cycles available to dedicate the required time needed to properly manage these types of defense systems.

Within the IT security world, there is a skills shortage going on. Beyond that, it is so hard to find people that are loyal, knowledgeable, and able to understand security related data that flows in at warp speed from computer systems. The trend seems to be to hire an external vendor that can do some of this ‘heavy lifting’ for you.

The cyber threats of tomorrow will require new ways of thinking and new tools to defend against hacking attempts and the resulting data loss. It’s time that the hospitality industry make use of these advanced tools and the vendors in the market that can help keep them safer and  better protected from the attacks on their POS systems that seem to keep coming. This proactive approach will help to keep organizations out of the breach headlines.

About The Author
John Christly
Chief Information Security Officer

John Christly is the chief information security officer for Netsurion, a provider of remotely managed security services for multi-location businesses. He is responsible for security and compliance for the firm and is an avid cyber threat researcher.

Blog post currently doesn't have any comments.
Leave comment

 Security code