Tech Talk

Recent posts

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.

The underappreciated city of Minneapolis served as host for the 2019 edition of HITEC (produced by HFTP) which wrapped up its most recent four-day run on June 20, 2019. In the days and weeks leading up to the event, meeting solicitations and party invites filled my inbox at a growth rate any VC or entrepreneur would envy. As a first-timer to this international hospitality technology behemoth, it became apparent that HITEC actually begins a few weeks prior to when that first request or invitation lands in your over-stuffed inbox.

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 

want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.


How Hackers Attack Your Hotel Back Office

Left: Pictures of actual hotel back-office closets.


Experts estimate between 38 percent and 47 percent of credit card fraud occurs in the hospitality and food and beverage industries. The high volume of credit card transactions, high staff turnover and data-rich target environment make the hospitality industry attractive to cybercriminals. Despite industry reliance on compliance standards such as PCI DSS, over the past few years, many major brands were breached and lost hundreds of thousands of guest credit card numbers. 

Hotel systems store mission-critical corporate data, credit card data and personally identifiable information (PII) for both guest and staff. Credit card data is the most common target because the numbers can immediately be used to commit online and retail fraud. Cybercriminals find credit card data in applications such as POS systems, property management systems (PMS) and loyalty reward program databases. Once a breach has occurred it can take months to discover, all the while hackers continue to attack the system. Personally identifiable information (PII) is used for identity theft and also stolen from the above as well as back-office applications and corporate systems such as HR management.
According to a recent report for SecureState, the most common methods of external attack include:

  • Weak passwords (39 percent)
  • Social engineering/phishing (30 percent)
  • System misconfiguration (14 percent)
  • Missing patches and unsupported legacy systems (15 percent)

External attacks are used for the initial penetration into the network. Following the initial breach, hackers exploit the network through subsequent levels. For hotels, there are ways to reduce risk of the first layer breach, including:

  1. Hotels can eliminate weak passwords with training and policies requiring strong passwords, including longer passwords with a combination of letters and numbers, lower and uppercase, and special symbols. Requiring strong passwords reduces the risk from standard “dictionary” or brute force attacks. Another best practice for hospitality is that users should log in and out of core systems every time they access; “tailgating” between users is a risk at both the front desk and the back office. There is a balance between convenience and security; usually the more convenient, the less secure.
  2. Social engineering and phishing are becoming more common these days. Social engineering means conning a legitimate user to provide access information or stealing the information needed to enter the system anonymously or as another user. The dangers involve theft, editing or deleting mission-critical information, adding malware and escalation of user privileges through the system that eventually leads to access at the domain or system administrator level. Email is the most used phishing approach, and hotels need to train employees to be vigilant at all times when opening emails or links within emails, even if they come from known users. “Need to know” privileges should restrict systems and sensitive data to those who need to do their job, not just based on their title. 
  3. Misconfiguration of systems can include leaving default passwords on hardware such as routers, switches and access points or on applications. Typically, there is more risk when someone adds equipment to the network after an emergency outage, or someone purchases consumer-grade hardware and puts it on the network without documentation or informing the service provider.
  4. Hardware with missing patches and security updates is a serious problem because once a hacker has breached the system from the outside, these systems become the vector for deeper attacks within the network, especially older Microsoft servers. Lack of dedicated IT support at the site level exacerbates the problems and over time, obsolete and unused equipment piles up in the IT closet, with no documentation about which equipment connects with critical services, and what equipment is obsolete and unused. Many hotels IT closets have not been maintained in years, and in many cases, they can be a fire or safety hazard.

To illustrate the point, look at the photos of actual hotel back-office closets at the top of this webpage.

Hotel operators who leave their IT back office like this invite security risks and increase the probability of hardware-based network failure.

Overall Security Posture

Hotels have a specific set of threats and vulnerabilities that require specific hotel-related mitigation to protect assets that are most likely to be attacked. A cyber security checklist should be part of the employee onboarding process to promote awareness. Hotels should consider technology solutions that employ modern equipment, intrusion detection, monitoring and alerting, and periodic scanning for vulnerabilities within the overall security approach for the hotel.

Security in the hotel back office begins with a standard configuration of modern equipment enabling network visibility. Regular maintenance and documentation help ensure proper configuration of the gateway, switches and firewall. Maintaining an uncluttered, well-documented back office reduces risk from misconfiguration, unpatched and obsolete equipment. Finally, proactive, regular hacking countermeasures such as periodic network vulnerability scanning, security policy awareness and testing should be considered.      

About The Author
Rick Warner
Hotel Defenders

Rick Warner is a 30-year hospitality industry veteran who has worked as an operator, vendor and consultant. He is the co-founder of Hotel Defenders which specializes in assessing, optimizing, remediating and monitoring hotel back office environments. For more information, email him at

Blog post currently doesn't have any comments.
Leave comment

 Security code