When your guests engage with the internet, every session comes with a risk of a hacker making their way to your hotel. When hackers approach, they are looking for valuable information that can be sold on the black market or are trying to cause a major disruption to your business. The top targets at a hotel include the following:
- Payment Data- Storing this data anywhere will draw hackers in to try and take it from you.
- Customer Information- PII is sometimes more valuable than credit card information. This information can consist of several things such as home address, likes, dislikes, and luxuries that a customer enjoys.
Obviously, hotels gathering this information are attempting to create the best experience for their guests, not expose them to hackers. However, if a hacker has this information, they could find ways to expose your guests.
All hackers are not in it for selling information or the money. Some do it for the fun of causing disruption – doing anything they can to hurt a business and its customers. Many attack vectors operate to abuse a hotel’s data so it can’t operate efficiently.
Some examples of this being:
- Disabling systems so people can’t check in or out
- Shutting down systems
- Placing graffiti or some other threatening language on digital signage
- Embarrassing the guest with stolen data
When these attacks happen, hackers are coming with a plan to take everything and leave you with nothing. The best way hotels can defend themselves against attackers with these intentions and capabilities would be to protect your networks and improve best practices to support guest needs.
The first solution is to have your networks separate. Keep the guest network completely separated from the corporate network. This should be done so to prevent guests from jumping between their network to the corporate network or point of sale devices.
The assumption is that the guest network is identified as an untrusted network and doesn’t have authorized access to the trusted side of the network. However, within that network there are passwords that guests would have such as their name or room number to log on.
From a best practices perspective, one scenario that we often see is a guest asking the front desk to print a file or an email. The minute the front desk agent opens the USB drive or email, the hotel may have been compromised. The attack may not even seem imminent yet; it is now enabled to seep through your network and steal information.
Providing a way for guests to use secure public computers and printers is an easy way to provide this valuable service without compromising the hotel.
Remember, hotels are a common target for malicious hackers, might it be for money, intelligence or fun. Regardless of the reason behind an attack, hotels must place safeguards between potentially malicious intentions and themselves to keep their property and guests safe.
For more information on how you can prevent a cyberattack at your property, click here.