Category Archives: Technology

by | August 5, 2011 · 6:38 am

Hospitality Industry Information Security Risks: "Cyber Attack Claims" Increase 56% Mainly Through "Rogue Employees, Malicious Attacks, And Mistakes By Outsourcing Firms"

“…The vast quantities of personal, identifiable information collected by the leisure and hospitality industry have made the sector a chief target for cyber attacks, according to Willis…with reports of a 56% rise in cyber claims over the past year….”

“…Rogue employees, malicious attacks, and mistakes by outsourcing firms appear to be the main culprits, with hackers getting ever-more sophisticated in their attempts to drain corporate databases of customers’ personal details…”

Willis warns that some breaches can cost in excess of $100 million and with more stringent data protection legislation coming into force, companies’ financial exposure to this type of crime will increase further.

“Recent breakthroughs include the introduction of identity theft solutions and Payment Card Industry fines coverage, which helps to protect companies from penalties linked to the mismanagement of credit card data.”

For more:  http://www.insurancedaily.co.uk/2011/08/03/hospitality-and-leisure-attract-cyber-attacks/

Comments Off on Hospitality Industry Information Security Risks: "Cyber Attack Claims" Increase 56% Mainly Through "Rogue Employees, Malicious Attacks, And Mistakes By Outsourcing Firms"

Filed under Claims, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Tagged as , , , , ,

by | July 29, 2011 · 6:45 am

Hospitality Industry Theft Risks: Hotel Bathrobes, Towels, And Bedroom Supplies Can Be Monitored By RFID Technology

“…hotels are using the tech to monitor the whereabouts of bathrobes, bed sheets, duvet covers, bathmats, pool towels and banquet linens…”

“…Up to 20 per cent of hotels’ stock typically go missing, estimates William Serbin of Linen Tracking Technology…”

The RFID technology – which stands for radio frequency identification and requires an installed chip that can be read by an electronic reader – has been used by various industries for several years to organise product storage and tally shipments.

The company, which sells trackable linens, has teamed with Fluensee, an inventory tracking technology firm, to market the RFID tags to hotels.

A towel with a chip is about a dollar more than other towels, he says. Bendable and washable, the tags can be read by sensors up to six feet away.

When towels are removed from a closet, for example, a reader station can register how many, so that the closet can be restocked.

Read more: http://www.dailymail.co.uk/news/article-2019930/Hotels-combat-towel-theft-electric-tags-traceable-microchips.html#ixzz1TVODXBal

Comments Off on Hospitality Industry Theft Risks: Hotel Bathrobes, Towels, And Bedroom Supplies Can Be Monitored By RFID Technology

Filed under Guest Issues, Liability, Management And Ownership, Technology, Theft

Tagged as , ,

by | July 26, 2011 · 10:25 am

Hospitality Industry Security Risks: Hotel "Cyber Liability Myths Exposed"

Cyber Liability Myths Exposed

By Brad Durbin – Petra Risk Solutions 

 

In today’s e-commerce society, operating your hotel without cyber liability coverage is like attempting to drive your car blindfolded on a  Southern California  freeway during rush-hour traffic. 

Here are three common myths and misconceptions I’ve heard repeatedly when discussing cyber liability insurance coverage with hotel owners and operators. 

Myth #1 – “I use the online reservation system offered by my franchise.  They’ll cover me if their system is hacked and my guest’s personal information is compromised.”

This is by far the most common misconception among hoteliers about their exposure and responsibility for a data breach. It’s easy to see why.  You are using your franchisor’s reservation system, which is offered as part of your franchise agreement.  Why wouldn’t they cover you if their system is hacked? 

The answer is in your contract.  While some franchise agreements are more favorable in this area than others, most contain special provisions regarding the use of their online reservation systems.  These provisions typically state that the hotel will be responsible for defending the franchisor and holding them harmless, regardless of whether the data breach came from within the online reservation system. 

The exposure is even greater for non-franchised properties using third party reservations system providers or wholesalers.  I have yet to come across a contract for these services that could be viewed as favorable for the hotel in the event that the reservation system is breached. 

 Myth #2 – “If a hotel guest’s credit card information is stolen at the property level, my Payment Card Processing company will cover me under their policy.” 

Most hoteliers erroneously assume that their Payment Card Processing Company (PCP) will have their best interest in mind in the event of a data breach.  I’m not sure why.  No business, regardless of how great or longstanding your relationship with them has been, will volunteer to pay significant attorney costs and consumer notification fees for you unless they are contractually obligated to do so.  Not surprisingly, most PCP contracts are heavily weighted in favor of the PCP provider regardless of where the data was taken from or if the PCP company is to blame.

Your liability is even greater for a data breach that can be traced back to the hotel property level.  If this happens, the Payment Card Industry (PCI) mandates that you conduct a forensic accounting audit of all your records.  These audits can cost $20,000 – $25,000 for a single location, limited service property. This amount does not include fines typical for any non-compliance issues discovered during the audit. 

Myth #3 – “Cyber liability coverage is a waste of money.”

Most states have laws requiring you to notify EVERY GUEST in your database upon discovery of a breach (e.g. California Senate Bill 1386).  Analysts estimate that the average cost for this notification is approximately $30 per record.  Multiply this by the number of records in your system, or the number of guests who have stayed at your hotel over the years, and you can see just how financially devastating these claims can become. 

For a typical limited service franchised property with $2,500,000 – $5,000,000 in annual room revenue, a cyber liability policy with a $1,000,000 limit can usually be obtained for less than $7,000 annually… an extremely fair price point considering the risks and hefty costs associated with a data breach.

Final Thoughts

When a hotel data breach occurs, guests won’t know or care that another company may be responsible.  They will come directly to the hotel for a remedy. The ENTIRE FINANCIAL BURDEN for notification costs, legal defense, and monetary settlement of all related claims may be borne directly by the hotel – if it does not have an appropriate cyber liability insurance policy in force.

To protect your hospitality assets, select and obtain cyber liability coverage that will address PCI fines, consumer notification costs, credit monitoring, and any government or regulatory action levied against your business in the event that a data breach is discovered.  Not all cyber policies include coverage for these areas, so it’s important for you to work with a qualified hospitality insurance broker. 

Securing proper cyber liability insurance coverage is a cost effective method for hoteliers to help mitigate the risks associated with owning and operating a hotel in today’s digital society. 

———————————————————————-

Brad Durbin is a Hospitality Insurance Specialist with Petra Risk Solutions. For questions about Hotel Cyber Liability or any other Hospitality Risk Solutions, contact Brad at bradd@petrarisksolutions.com.

Comments Off on Hospitality Industry Security Risks: Hotel "Cyber Liability Myths Exposed"

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Technology

Tagged as , , , , , ,

by | July 14, 2011 · 7:14 am

Hospitality Industry Guest Credit Card Security: Tips For Securing Hotel Computer Systems Against Credit Card Data Theft (Video)

[youtube=http://www.youtube.com/watch?v=iCmZ9DlrI9o]

Sue Zloth, is a member of the HFTP PCI Compliance Roundtable, provides key tips for securing guests’ credit card data at the 2011 Hospitality Industry Technology Exposition and Conference (HITEC) conference.

  • Change default passwords on all new information systems
  • Do not allow remote access into hotel computer systems
  • Minimize areas where credit card data is stored

Comments Off on Hospitality Industry Guest Credit Card Security: Tips For Securing Hotel Computer Systems Against Credit Card Data Theft (Video)

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft, Training

Tagged as , , , ,

by | July 13, 2011 · 10:19 am

Hospitality Industry Guest Security: Hotels Launch "Radio Frequency Identification Technology" (RFID) To Better Secure Guestrooms And Limit Guest Access To Different Floors

One of the latest innovations to be launched in the customer security market within the hospitality industry is non-contact Radio Frequency Identification (RFID) technology. This allows guests to access the hotel and their rooms simply by waving their room card, rather than having to insert it into a lock.

The RFID cards can also be extended to lift-systems with cards encoded to allow guest’s access to only the floors that they are entitled.

This means that visitors can be rest assured that from the front door to their rooms, their safety is of the utmost concern, which will only enhance the customer experience.

  • Hoteliers need to ensure that they have a robust threat assessment procedure in position and ensure that a crisis plan is prepared and rehearsed. Security operations need to be agile to respond or expand to meet the required needs if new threats emerge.
  • When enforcing security checks or CCTV, be sensitive, as the guests still need to feel as sense of relaxation as well as safety.
  • Ensure all current staff is trained to identify, inform and respond to any suspicious activity or any crisis that a hotel could face.
  • Hotel staff should remain visible. This gives guests peace of mind and is a key way to deter any criminal activity.
  • Where possible, incorporate security features into the guest experience but do not let a security operation intrude on the customers stay.
  • Outsource specialist tasks like outdoor patrols and vehicle checks to trained third-party security providers. However, ensure they are trained in guest interaction by the hotel so they adhere to your standards.

For more:  http://www.hotel-industry.co.uk/2011/07/identification-systems/

Comments Off on Hospitality Industry Guest Security: Hotels Launch "Radio Frequency Identification Technology" (RFID) To Better Secure Guestrooms And Limit Guest Access To Different Floors

Filed under Guest Issues, Liability, Management And Ownership, Risk Management, Technology

Tagged as , , ,

by | July 10, 2011 · 5:20 pm

Hospitality Industry Fire Risks: Maryland Hotel Suffers Over $3 Million In Structural And Content Damage As Fire Alarms Successfully Assist Evacuation, Limiting Injuries

A four-alarm fire that injured three people and caused several million dollars in damages to a Days Inn hotel in Catonsville began in a locked storage room, Baltimore County fire investigators said Sunday.

Guests said they heard fire alarms go off, then encountered heavy smoke in the hallway.

The cause of the fire on the seventh floor at the Days Inn at 5701 Baltimore National Pike is still under investigation, said Elise Armacost, director of public information for the Baltimore County Fire Department and Office of Homeland Security and Emergency Management. Authorities contradicted earlier reports from hotel patrons blaming the fire on smoking materials.

Fire dispatchers were notified of an alarm at the Days Inn at 8:14 p.m. Saturday. Engine 13 of Westview station arrived first and found billowing smoke. The fire escalated to four alarms and involved nearly 70 pieces of equipment, including units from Howard and Carroll counties, Baltimore city and other jurisdictions, officials said.

Firefighters evacuated about 160 patrons from the building and the guests were relocated to other hotels and motels.

Two guests suffered minor injuries and were transported to nearby hospitals. One firefighter was treated at the scene for minor injuries.   Fire investigators estimate that the fire caused about $2.5 million worth of damage to the hotel and about $1 million to the hotel’s contents.

“We heard the fire alarm go off, then stop, and go off again,” said Omar Oliver of Landover, who was visiting with Theresa Tolson and had rented a third-floor room.

“We called downstairs and they said it was nothing, just somebody playing with the fire alarm,” Oliver said. “Then the TV went out and we started to smell smoke.”

At least one guest was evacuated from an upper floor down a fire department ladder.

For more:  http://elkridge.patch.com/articles/four-alarm-hotel-fire-began-in-locked-storage-room

2 Comments

Filed under Fire, Guest Issues, Injuries, Insurance, Management And Ownership, Risk Management, Technology

Tagged as , , , ,

by | July 7, 2011 · 6:35 am

Hospitality Industry Guest Room Security: Large Hotel Operator Converts Rooms To "Electronic Lock System", Replacing Mechanical Card Locks As "Magnetic Strip Keycards" Provide "Full Audit Accountability"

  • Each keycard is encoded using a portable Front Desk Unit (FDU), uniquely designed for the hotel industry
  •  The magnetic strip keycard reader provides full audit accountability, enabling management to provide legal support in the event of unauthorized access to a room.
  • For emergency use the Generation E-760 door locks provide emergency access through a mechanical key (fixed or recodable) or electronic override plus an emergency keycard.
 
La Quinta Inns & Suites has announced an agreement with Kaba to install the ILCO 760 locking systems in approximately 140 La Quinta hotels. Implementation will begin in fall 2011.
 
“KABA ILCO products demonstrate the reliability that La Quinta wants for its operators and guests,” says Gerald Rodriguez, vice president of purchasing for LQ Management L.L.C. “We were also impressed with KABA’s willingness to engage in a long-term partnership with La Quinta. This will enable us to provide security to our guests, and professional service and operational excellence to our hotels and their staff into the future.”
 
La Quinta began evaluating electronic lock system providers to replace its mechanical card locks in early 2010. This effort included field testing locks from several manufacturers to verify the best solution for La Quinta’s hotels. After testing, La Quinta chose KABA ILCO 760 locks and the Front Desk Unit (FDU).
 
 

2 Comments

Filed under Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology

Tagged as , , , ,

by | July 5, 2011 · 8:22 am

Hospitality Industry Information Security Risks: Hotel Computer Systems Are Increasingly "Breached" Through "Privileged Users" Who Have Total Access To Sensitive Data

“..security breaches are still happening at an even more significant pace with more damaging results.  In the end, many of these advanced intrusions and data security breaches are focused on taking over access to the accounts and permissions of specific “privileged” users in an organization who have access to sensitive data…”

“…These privileged users are specifically targeted by outside hackers because they have proverbial keys to the kingdom, but in some cases the inside user themselves is intent on stealing or doing damage…” 

One solution that is emerging to this problem is to carefully monitor everything (e.g. every key stroke and every mouse click) that a privileged user does on the network, while also putting more granular limits on what they can do.  Basically “trust but verify,” with the goal being detecting any anomalies in a privileged user’s computing usage (e.g. why is this person downloading the source code at 3 a.m.?).  This is not uncommon as it relates to other privileged users in other jobs — the “Eye in the Sky” in the casinos in Las Vegas is equally monitoring the gamblers for cheating but is also monitoring the dealers, and at a bank the CCTV is not only looking for robbers but the teller slipping some money in their pocket.

Instructive of the value of this new approach is that immediately after its breach, the RSA division of EMC acquired private company Netwitness for a reported large premium.  Netwitness is known for analyzing user activity monitoring at the network layer.  In addition, the latest security vendor to file for an IPO, Imperva, has as its core solution the ability to monitor database access and usage by Database Administrators, another type of privileged user.

For more:  http://blogs.forbes.com/tomkemp/2011/07/05/as-hacks-proliferate-new-security-technology-emerges-to-monitor-privileged-it-users/

Comments Off on Hospitality Industry Information Security Risks: Hotel Computer Systems Are Increasingly "Breached" Through "Privileged Users" Who Have Total Access To Sensitive Data

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , ,

by | June 24, 2011 · 4:35 pm

Hospitality Industry Credit Card Risks: Man Who Stole Texas Hotel Guests' "Credit Card Receipts" And "Manufactured Counterfeit Cards" To Purchase Merchandise Sentenced To Five Years In Prison

“…Authorities said Jones and another man, Randy Ray Flaharty, 31, took boxes of monthly credit card receipts of hotel guests from a storage room…”

“…The receipts, officials say, were used to manufacture counterfeit credit cards in document “boiler rooms” and card “chop shops,” which they then used to buy $300,000 worth of merchandise in Texas, Oklahoma and Louisiana...”

“…The cardholders never realized their credit card accounts had been compromised until months, even years, after they stayed at the hotel. But the damage made it hard for some of them to get loans and left lingering headaches in trying to straighten things out, officials said…”

A San Antonio man was sentenced Friday to more than five years in federal prison for stealing thousands of credit card receipts from the Emily Morgan Hotel. The theft allowed conspirators to buy hundreds of thousands of dollars worth of merchandise in three states, authorities say.

Cody Quincy Jones, 34, pleaded guilty in April to ID theft fraud, access device fraud, and aggravated ID theft. Chief U.S. District Judge Fred Biery gave him 41 months for the ID theft fraud charge and 41 months for the access device count, to run concurrently. The judge imposed 24 months on the aggravated ID theft charge, to run consecutively.

The merchandise, which included trailers, televisions, all-terrain vehicles and tires, then was resold or pawned.

The hotel didn’t learn of the thefts until August 2008, and since then, a Secret Service-led task force has ascertained it was San Antonio’s largest identity theft case, with at least 17,000 receipts stolen.

Read more: http://www.mysanantonio.com/news/local_news/article/Conspirator-in-record-setting-I-D-theft-sentenced-1439169.php#ixzz1QF7XXhYu

Comments Off on Hospitality Industry Credit Card Risks: Man Who Stole Texas Hotel Guests' "Credit Card Receipts" And "Manufactured Counterfeit Cards" To Purchase Merchandise Sentenced To Five Years In Prison

Filed under Crime, Guest Issues, Insurance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , ,

by | June 21, 2011 · 5:50 am

Hospitality Industry Information Security: "Cyberinsurance" Has Evolved Into A "Must-Have" Insurance Policy For Hotel Management As Coverage Includes "Forensics"

“…some insureds get charged $1,000 an hour by a forensics firm. It’s paying the individual walking by your house burning down with a bucket of water…” 

“…used to really focus our underwriting attention on how well they could prevent the breach, but we’ve added another phase to it,” says Whetstone. “Not only can you prevent it, but if it happens, how quickly can you respond? Do you have a plan in place? Kind of like a disaster recovery plan or a business continuity plan. It’s the same with this incident response plan.”

“…cyberinsurance is a “must-have” for most firms today…”

Demand for cyberinsurance was rising even before the most recent highly-publicized parade of breaches at major corporations and organizations. After the news of the first major Sony hack but before the subsequent reports involving Sony, Citicorp, the International Monetary Fund and others, Insurance Journal spoke with an expert to gauge how the insurance market for this coverage is doing.

James Whetstone, senior vice president and U.S. technology and privacy manager for insurer Hiscox Specialty, is a former technology geek and broker turned underwriter.

Hiscox is one of the original underwriters of the coverage. Whetstone says there are almost 30 carriers now offering cyber liability coverage, some more seriously than others. He says these times of claims are when an insurer’s commitment to a market can be tested, citing what he calls the “naive” capacity that exists.

The coverage has evolved quickly– Whetstone compares the product’s acceptance to that of employment practices liability (EPL) coverage– to where cyberinsurance is a “must-have” for most firms today.

The underwriting has also changed. “We used to really focus our underwriting attention on how well they could prevent the breach, but we’ve added another phase to it,” says Whetstone. “Not only can you prevent it, but if it happens, how quickly can you respond? Do you have a plan in place? Kind of like a disaster recovery plan or a business continuity plan. It’s the same with this incident response plan.”

For more:  http://www.insurancejournal.com/news/national/2011/06/20/203166.htm

Comments Off on Hospitality Industry Information Security: "Cyberinsurance" Has Evolved Into A "Must-Have" Insurance Policy For Hotel Management As Coverage Includes "Forensics"

Filed under Claims, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Technology, Theft

Tagged as , , , , ,