You are currently viewing 7 Cybersecurity Threats in the Hotel Industry
Cybersecurity Risks in hotel reservation

7 Cybersecurity Threats in the Hotel Industry

1. Introduction

In general, all of the guest data that hotels have is stored on a long-term basis, meaning guests are potentially at risk before, during and well after their actual hotel stay. Therefore, as a business in the hospitality industry, you should be very proactive in understanding hotel cybersecurity and the risks you face.

2. What the Hospitality Industry Has That Hackers Want

Hotel booking reservation travel reception concept Free Photo

Hotels are data treasure troves, storing millions of travelers’ personal information. Consequently, they are overflowing with data that hackers desperately want, making hotel cybersecurity one of the biggest concerns of the hospitality industry. 

Some of the sensitive and confidential data held in the hospitality industry include:

  1. First, credit card information of guests.
Credit card payment, buy and sell products & service Free Photo

In fact, the reliance of the industry on credit cards as a key form of payment makes it a rife target for cybercrime. Credit cards are used for online bookings, payments for food or drinks at the restaurant, treatments at the spa, etc. A common attack method has been to attack point of sale systems with malware that collects credit card information.

2. Secondly, the names and addresses of guests or potential customers.

3. Thirdly, phone contacts of guests.

4. And also email addresses.

It is, therefore, no surprise that the hospitality industry is seemingly under attack from all angles. In the past few years, some of the industry’s most well-known brands have been victims of cybercrime, therefore, as a hotelier, you must take hotel cybersecurity seriously.

3. Hotel cybersecurity threats

In the past, we have seen many hotels become victims of cyber attackers. Such incidents have led to serious data breaches (e.g., credit card data, identity card numbers, social security numbers, loss of data, customer names, dates of birth, address) and hurt the reputation of the hotel.

Here are some cybersecurity threats that target businesses in the hospitality industry:

i. Customer data/identity theft

First and foremost, a hacker wants to steal the data you collect about your potential clients and/or hotel guests. For instance, name, address, date of birth and payment information such as credit card details. To do this, they will attempt to use malware, computer viruses and/or social engineering.

Hooded computer hacker stealing information with laptop Free Photo

ii. Phishing attacks

A second threat is phishing attacks. Phishing is one of the most widespread and malicious attacks today. It refers to trying to gather personal information using deceptive emails and malicious websites. Read more about phishing attacks and the types of phishing here.

iii. Dark Hotel Hacking

Dark Hotel hacking refers to using hotel WiFi to target guests. Hackers target security vulnerabilities in hotel WiFi to steal users’ (guests, staff) passwords and data. They can do this by tricking guests to download malicious software onto their devices or computers. An insecure WiFi could be used to gain unauthorized access to guests’ mobile phones, tablets as well as laptops. Also, personal information could be leaked from hotel servers and databases if they’re not adequately secured.

Scenario

  1. First, as a hotel guest (or staff), you try to get online using the hotel’s WiFi network.
  2. Then, you see a pop-up to update software and you click on it without giving it much thought.
  3. Unbeknownst to you, your computer is compromised because when you click to download the “software update”, malicious software is installed on your computer. This software may be designed to steal your information (payment card information) or damage your computer.

As a hotel, it is crucial that you secure your network to protect the online activity of your guests and staff and ensure your client’s payment card information is safe.

Related article on the risks of public WiFi

iv. Ransomware

Another hotel cybersecurity risk is ransomware. Ransomware poses a real threat to many businesses and those in the hotel industry are no exemption. If you are hit, the attacker may demand a large sum of money to restore your data or computer system. Many businesses hit by ransomware have failed to recover their data. Hotels that have fallen victim to this cybercrime have in the past lost thousands of dollars in a bid to recover their systems or data.

v. Distributed Denial of Service (DDoS) Attack

Distributed Denial of Service (DDoS) attacks are a hack of choice for those looking to target the wide array of systems that hotels use. Every day-use IoT systems such as CCTVs, sprinkler systems, lighting are vulnerable to attack. A hacker gaining access to these systems can use them to cause havoc in your hotel.

vi. Point of Sale (POS) attacks

POS attacks are perhaps the most dangerous threats in the hospitality industry. A hacker will attack your hotel’s point-of-sale system and either cause it to crash, access client confidential data (such as names, credit card information, addresses, etc.) or use it to defraud your clients or potential clients. This is automatically bad press for your hotel.

vii. The risk of USBs/flash drives

Equally high risk are USB/flash drives. With only little social engineering, it doesn’t take a serious hacker to install a computer virus or malware in a hotel.

Pendrive isolated on white Free Photo

Scenario:

  1. Your valued guest strolls over to your front desk reception with a flash drive in his pocket. He stops, smiles at your receptionist and slaps his USB device on the counter. He politely asks the guest services agent to print a document for him. Your agent attempts to redirect him to the business center. He claims that he tried it the previous night and couldn’t get it to work.
  2. Then, eager to please, the front desk staff takes the flash drive to the back, pops it into a USB port, and joyfully opens the file. Unfortunately, the simple act of double-clicking on a file may have inadvertently also caused them to install malicious software onto this computer. You print the document without noticing anything is amiss and hand the drive back to your guest. Score, 10 points for customer service!
  3. Unfortunately, this noble gesture also marks the beginning of infiltration of your hotel systems and network. The malicious software may be a keylogger or it may be designed to replicate and cross over to other systems on the network, including your point of sale system.

Now that you have an appreciation of hotel cybersecurity threats, please check out our blog on steps you can take to protect your hotel from becoming a victim of these threats.

Get in touch with us to schedule cybersecurity awareness training for your staff, for gateway and endpoint security solutions (best-in-class firewall and antivirus solutions), email hosting and email security solutions, including Microsoft 365 at competitive rates.

This Post Has One Comment

Comments are closed.