Tech Talk

Recent posts

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.

The underappreciated city of Minneapolis served as host for the 2019 edition of HITEC (produced by HFTP) which wrapped up its most recent four-day run on June 20, 2019. In the days and weeks leading up to the event, meeting solicitations and party invites filled my inbox at a growth rate any VC or entrepreneur would envy. As a first-timer to this international hospitality technology behemoth, it became apparent that HITEC actually begins a few weeks prior to when that first request or invitation lands in your over-stuffed inbox.

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
 
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
 
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

POODLE: A Major Threat or Call to Action?

10/23/2014

In the fast paced world of information security it seems that exploits outpace the fix resulting in the compromise of sensitive data. Security has always been a reactive discipline but maybe that is changing.  

In the case of POODLE, the latest in a list of highly publicized vulnerabilities the exploit appears to have been identified and corrective actions published before any significant damage could be wreaked. 

Identified and reported by Google researchers, POODLE affects the Secure Socket Layer (SSLv3) protocol and if exploited could allow information transmitted between computers and servers to be intercepted in an unencrypted form. Currently it seems that POODLE is not as serious as the Heartbleed bug, since an attacker needs to have a privileged position in the network to exploit POODLE. This type of attack falls into the man-in-the-middle category. Man-in-the-middle means that an individual needs to insert themselves between the computer and server in order to capture data. In other words the intruder would need to compromise your computer network before they could effectively take advantage of POODLE.

So what does this means for the hospitality industry? The challenge is that most brand booking sites are configured to meet the lowest common denominator in terms of security. This is done to accommodate the large permutation of users from around the world who use any number of web browsers with any number of security configurations and helps prevent users from being technically excluded from using the sites. The challenge this presents is that this also creates the greatest number of holes in the architecture and elevates the risk of using brand websites. We work very closely with many of the major brands and have it on good authority that they are already testing an appropriate fix. They assure us that they have the necessary controls in place to mitigate risks to the consumer. So that speaks to the larger global brands but what about the smaller regional chains and independent properties? These properties may lack in-house expertise or guidance to help assess and remediate vulnerabilities. So for these properties the biggest risk is in their inability to identify the technical challenges, lack of security surrounding their wireless infrastructure and the time it takes them to identify and patch key systems. Historically smaller organizations have been slow in identifying vulnerabilities, have no knowledge of how to secure wireless networks and have been even slower in remediating vulnerabilities.

What Businesses Need to Do

In order to mitigate risk of this bug or any vulnerability there are a few courses of action:

  1. Check to see if your web servers are vulnerable – there are a number of free tools available to audit your systems
  2. Use tools that support TLS_FALLBACK_SCSV, a mechanism that prevents attackers from forcing Web browsers to use SSL 3.0 – this will require verification of application compatibility
  3. Disable SSL 3.0 altogether, or disable SSL 3.0 CBC-mode ciphers – verification of compatibility
  4. Set your computer browser to only use TLS instead of SSLv3.0
  5. Patch systems when vendor security fixes are released.
  6. Regularly scan your Internet facing and internal systems for vulnerabilities.
  7. Run current anti-virus, anti-malware and firewall software.
  8. Change passwords frequently and do not use shared accounts.
  9. Follow the PCI Security Standards for Security Best Practices.
About The Author
David Durko
CEO
Security Validation, LLC


David Durko is the CEO and chief compliance officer for Security Validation’ Data Security Advisory Practice. Security Validation provides PCI and GDPR Assessment Services along with Virtual Data Privacy Officer services from its offices in the U.S. and U.K.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code