Technology has changed our lives for the better, but like every other development it has its downside. Data breaches have become common news, and the latest victim is the hospitality industry.
The 2016 Trustwave Global Security Report has found the hospitality industry to be the second-most vulnerable to security breaches behind the retail industry. The reliance on point-of-sale (POS) terminals is unavoidable for both industries, because of the nature of their business transactions, but this contributes heavily to the risk.
Add to that a large number of booking partners and online platforms for the hospitality industry, and it's clear this threat is not going to go away anytime soon. Setting up and implementing threat intelligence and intrusion detection services will go a long way to make their security management systems robust.
Major travel and hospitality brands like American Airlines, United Airlines, Park 'N Fly, Hilton and Starwood Hotels have reported some kind of data breach over the last year. This shows cybercriminals have evolved. They have now moved on from the financial institutions and retail sectors to other businesses that can fall easy prey to information security risks.
This is particularly true of the business travel segment where corporate spending and credit limits are high. The end of 2014 saw the Dark Hotel attacks flooding the news. This was sophisticated malware that tricked high-value targets like business executives who had checked in as hotel guests and logged into the Wi-Fi. As important data was siphoned off, the problem was further aggravated by the fact that most antivirus software couldn't detect a trace of the malware during this breach or later.
According to Computer Weekly, cybercrime costs the global economy about $445 billion per year. While direct losses come from data breaches, the loss of personal security and funds stolen, cybercrime also has indirect effects like downtime or lost productivity, which can be costly as well.
Strangely enough, despite increasing instances of high-profile breaches, a large number of business owners and managers still assume their businesses are safe. They are clearly unaware of the scale of the problem, but the truth of the matter is this: If you are online, you are at risk.
The latest biennial Global Economic Crime Survey conducted by PricewaterhouseCoopers (PWC) shows cybercrime is up 20 percent since 2014. It is the fastest-growing economic crime in the last two years, with an increase of 38 percent in U.S. organizations, 28 percent in Chinese organizations and close to 55 percent in U.K. organizations.
Compared to the traditional forms of economic crime, which include procurement fraud or asset misappropriation, this could be even more dangerous since perpetrators could have access to more data now and easily. It is imperative that businesses minimize these risks through robust policies and compliance programs as well as rigorous fraud risk assessment.
But it's not just an external threat. SilverSky (now BAE Systems) reported that while 98 percent of employees claim to be secure in their business correspondences, 51 percent have received unencrypted emails and 21 percent sent confidential and sensitive corporate information without encryption.
Businesses, therefore, have to train their teams in their email habits and contain not just data loss but also their reputational loss. Basic training should include these pertinent points from Milwaukee Business News:
- Check domain name of sender and open attachments only when familiar or are verified by senders
- Avoid websites and links that seem unfamiliar since malware is easily be embedded in malicious sites
- Ensure that all suppliers and customers exchange information through encrypted message
- Immediately shred all customer and confidential company information right after they are used
- Use unique passwords and multifactor authentication for email accounts
If hospitality businesses are still wondering why this is important, they have not been paying attention of the open risk for their systems and are setting themselves up for the fall. As Tracey Groves of PWC put it, cybercrime is not just a matter of compliance but also of company culture.
Fraud risk assessment has to be blended with a strict code of conduct, which in turn needs to be backed up with regular training and employee engagement. Robust data analytics and internal audits are as important for the travel and hospitality segment as is antivirus software.