Category Archives: Technology

by | April 10, 2011 · 8:12 am

Hospitality Industry Information Security Risks: Hotel Management Should Consider "Cyber Liability Policies" With "Vicarious Liability Provisions" To Insure Guest Information Database Breaches

“…clients with robust cyber liability policies will find coverage under the vicarious liability provisions. …”

Data breaches generally represent enormous problems for companies,” said Alan N. Situn, a shareholder with law firm Greenberg Traurig L.L.P. in New York. “Not only can they be very expensive, but equally important to many companies (is) the reputational damage that they perceive from these types of breaches” if information they provide to a third party is somehow breached.

Hackers tend to hold on to such information “usually about a year, and then use it in the hope that folks have become a little bit more relaxed and not as vigilant,” said Mauricio F. Paez, a partner with law firm Jones Day in New York.

For the most part, the companies that are affected are in a damage- or crisis-management mode, said Robert J. Scott, managing partner with law firm Scott & Scott L.L.P. in Dallas. “They’re emailing their customers; they’re apologizing for the inconvenience, trying to clarify and limit the scope of the magnitude of the problem; and they’re hopeful the leakage of the email doesn’t result” in other problems.

Observers noted that the firms were notifying customers of the data breach even though they were not legally required to do so by state laws, except in North Dakota, unless more damaging personal information, such as Social Security or credit card numbers, had been revealed.

Epsilon customers whose data was breached have been “doing everything they should be doing in terms of being up front and honest with the consumers,” Mr. Scott said.

If the breach results in litigation, the question will arise of “how does that fit into the overall risk management program of the company” that hired the outside marketing company, said Kroll Ontrack’s Mr. Brill, who suggested that affected firms review their risk management programs now.

For more:  http://www.businessinsurance.com/article/20110410/ISSUE01/304109976

2 Comments

Filed under Claims, Guest Issues, Liability, Management And Ownership, Risk Management, Technology

Tagged as , , , , ,

by | April 5, 2011 · 2:15 pm

Hospitality Industry Security And Terrorism Risks: "Eye On Awareness—Hotel Security And Anti-Terrorism Training" Online Video Course Offered By Hotel Association (Video)

CLICK ON "SEE" TO WATCH "EYE ON AWARENESS" PREVIEW

Hotel bombings in Baghdad, Jakarta, and Morocco—hospitality properties have become popular targets for terrorism in recent years. Not surprisingly, a majority of today’s guests list safety and security as their most important concern when planning a hotel stay.  How can your hotel ensure a sense of security and still offer a welcome and inviting environment for guests? A property’s front-line employees may well be the most crucial, yet often overlooked, element of effective hotel security.

Developed in partnership with international security experts, hospitality leaders, and the U.S. Department of Homeland Security’s If You See Something, Say Something™ campaign, Eye on Awareness—Hotel Security and Anti-terrorism Training™ provides the skills and knowledge essential for hotel employees to recognize, report and react to suspicious situations at their property.

For more:  http://www.ahlei.org/eyeonawareness/

Comments Off on Hospitality Industry Security And Terrorism Risks: "Eye On Awareness—Hotel Security And Anti-Terrorism Training" Online Video Course Offered By Hotel Association (Video)

Filed under Conferences, Guest Issues, Injuries, Liability, Management And Ownership, Risk Management, Technology, Training

Tagged as , , , ,

by | April 4, 2011 · 8:22 am

Hospitality Industry Information Security Risks: Large Email Marketing Services Company To Many Hotels Has Data Breach And Guest Email Accounts Are Stolen

In addition to the banks, other impacted companies included hotel brands Ritz-Carlton Rewards and Marriott Rewards, and retail heavyweights Home Shopping Network, Walgreens, Brookstone, New York & Company and Kroger. TiVo is also included in this list.

“…customers should “exercise extreme caution,” as email addresses are all cyber-criminals need to initiate a phishing attack. Users can expect to see more spam, and should be vigilant about email offers that ask for personal information or have links to other sites that ask for personal information.”

Many of these phishing attacks tend to take the form of security alerts—informing users that their accounts have been compromised and they should verify their log-in credentials to reset their accounts—or direct marketing scams promising special deals that require a credit card number.

Epsilon, a large email marketing services company with a roster of A-list clients, reported a data breach that is impacting practically anyone who has ever signed up to receive a retail offer or alert through its email account. The company warned that thieves may use the information to launch a phishing campaign to trick users into disclosing more critical data.

On March 30, Epsilon detected “an unauthorized entry” into its email system. During this time, a subset of clients’ customer data was exposed. Epsilon only has the information of people who opted-in to receive marketing emails, and the theft was limited to email addresses and customer names, according to the company.

“A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway,” Epsilon said in a terse statement on April 1.

“Epsilon has advised us that the files that were accessed did not include any customer information other than email addresses,” used books retailer AbeBooks wrote in a message to customers on April 3.

For more:  http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Hits-Banks-Retail-Giants-154971/

Comments Off on Hospitality Industry Information Security Risks: Large Email Marketing Services Company To Many Hotels Has Data Breach And Guest Email Accounts Are Stolen

Filed under Crime, Guest Issues, Maintenance, Management And Ownership, Risk Management, Technology

Tagged as , , , ,

by | March 25, 2011 · 3:05 pm

Hospitality Industry Guest Security: Hotel Security Depends On Management Adopting A "Global Security Program"

Effective security and risk management relies on a foundation of principles including critical rapid data flow, standardization of emergency protocols, executive leadership and effective local management, not luck. We can guarantee only that attacks against hotels will happen again. The nature of the hospitality industry offers porous, soft, attractive targets.

The corporate security departments of most major hotel brands are not budgeted to provide the effective layers of detection or deterrence required to minimize this risk. A cautious examination of the major world economies reveals the first early signs of improvement. This presents an opportunity for major brands to offer an enhanced measure of security to their important customer base. We should consider that the safety of business and recreational travel is on the minds of everyone who boards a plane and visits or stays as a guest in your facilities. Comfortably resolving this sense of uneasiness is good business.

There are several critical elements required to create an effective hotel global security program:

•    security risk management software (global command and control);
•    security management standardization by venue;
•    new generation security equipment with software analytics; and
•    training.

Management methods that increase margins and reduce the risk of crime, terror, accidents and incidents, can be summarized by four words: global command and control.

For more:  http://www.hotelnewsnow.com/Articles.aspx/5239/Guest-safety-in-an-unsafe-world

2 Comments

Filed under Crime, Guest Issues, Injuries, Insurance, Liability, Management And Ownership, Privacy, Risk Management, Technology

Tagged as , , ,

by | March 23, 2011 · 12:26 pm

Hotel Industry Information Security Risks: California Hotel Employees Union Files Suit Over Identification Cards "Encoded With Social Security Numbers"

Disney hotel union members submitted Tuesday a petition with about 1,400 signatures to managers, seeking changes to their employee cards that they say would protect them against identity theft.

Unite Here Local 11, the union that represents about 2,100 hotel workers, is fighting to change identification cards that have encoded Social Security numbers, which can be read by smartphone apps and other devices.

Already last month, the union filed a federal class action lawsuit, claiming that the cards violate state law. Union members collected signatures to emphasize that the majority of hotel workers want an immediate change to their ID cards, rather than a few listed on the lawsuit. Leigh Shelton, a union spokeswoman, said some other unions also are supporting the cause, but they did not participate in this petition.

About 20 workers took their petition to the Disney administration building in Anaheim on Tuesday morning.

“This is a very serious problem that we hope they resolve immediately,” said Eddie Chavez, a union organizer and Disneyland Hotel bellman.

For more:  http://www.ocregister.com/news/-293152–.html

Comments Off on Hotel Industry Information Security Risks: California Hotel Employees Union Files Suit Over Identification Cards "Encoded With Social Security Numbers"

Filed under Labor Issues, Liability, Management And Ownership, Technology, Theft

Tagged as , , ,

by | March 17, 2011 · 6:27 pm

Hotel Industry Credit Card Security: "Cyber Criminals" Steal Credit Card Data On Hotel Computer Systems That Lack Critical Firewalls

Cyber criminals are systematically attacking systems that store credit card data, including Point-of-Sale and Property Management Systems. The criminal organizations are highly structured and integrated with the world’s organized crime rings.

Detailed forensic analysis by law enforcement agencies and specialized private-sector security practices, as well as by security departments at major hotel groups around the world, leave little doubt that the attacks on hotels are highly targeted and effective.

Many hoteliers believe they are not vulnerable because they use Point-of-Sale and Property Management Systems that have been validated as conforming to the latest PCI security standards. Unfortunately this is far from the case. Even such validated systems can be vulnerable if the hotel operates them in an unsecured manner. Leading forensics firms agree that the most important security measures are those that keep cyber criminals from getting inside the hotel network in the first place. Once inside, there are many ways for them to steal the data, even if the PMS or POS system itself is secure.

  • Eliminate EVERY default password on EVERY machine on your network – server, workstation, router, firewall, and any other device that has a password. The most important machines to check are the ones you think are NOT vulnerable, such as a PC on an engineer’s desk for monitoring building systems, or the PC in the parking garage attendant’s office, or the one in a closet running your keycard system.
  • Eliminate holes in remote access to systems inside your network. Remote access by vendors is an essential part of support for many hotel systems. The data thieves know this, and they know how to use it to get inside your network. They know all the default passwords, and they have even been known to steal master customer lists, complete with current passwords, from vendors.
  • If you were to store stacks of money in plain sight in an exit stairwell, you would expect to be robbed. Operating without an Internet firewall is just as risky. Yet many hotels, especially smaller ones, don’t have a firewall. If you are connected to the Internet without one, then people you don’t know, from around the world and many with malicious intent, are reaching into your network.

For more:  http://www.traveldailynews.com/pages/show_page/42199-Hotel-associations-issue-joint-statement-on-credit-card-security

Comments Off on Hotel Industry Credit Card Security: "Cyber Criminals" Steal Credit Card Data On Hotel Computer Systems That Lack Critical Firewalls

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Tagged as , , , ,

by | March 16, 2011 · 4:29 pm

Hotel Industry Credit Card Security Risks: Major Hotel Industry Associations Issue "Joint Statements" On Actions To Prevent Cyber-Crime

 Three major hotel industry associations, including the American Hotel & Lodging Association (AH&LA), Hotel Technology Next Generation (HTNG), and Hospitality Financial and Technology Professionals (HFTP) today issued the following joint statement to hotels regarding organized cyber crime attacks on credit card data. It identifies actions that hotels — and not their system vendors — need to take immediately in order to minimize their vulnerabilities and to avoid the potential for hundreds of thousands of dollars in costs and fines that typically result when just a single hotel system is breached.

  • Cyber criminals are systematically attacking systems that store credit card data
  • Criminal organizations are highly structured and integrated with the world’s organized crime rings
  • Attacks on hotels are highly targeted and effective
  • Many hoteliers believe they are not vulnerable because they use Point-of-Sale and Property Management Systems that have been validated as conforming to the latest PCI security standards.
  • The most important security measures are those that keep cyber criminals from getting inside the hotel network in the first place
  • Once inside, there are many ways for them to steal the data, even if the PMS or POS system itself is secure.

The three actions are:

  1. Eliminate EVERY default password on EVERY machine on your network — server, workstation, router, firewall, and any other device that has a password.
  2. Eliminate holes in remote access to systems inside your network
  3. Get a firewall and configure it properly. Operating without an Internet firewall is just as risky. Yet many hotels, especially smaller ones, don’t have a firewall

For more:  http://www.hospitalitynet.org/news/154000320/4050609.html

Comments Off on Hotel Industry Credit Card Security Risks: Major Hotel Industry Associations Issue "Joint Statements" On Actions To Prevent Cyber-Crime

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Training

Tagged as , , , ,

by | March 8, 2011 · 5:07 am

Hospitality Industry Information Technology (IT) Risks: "Network Security and Privacy Liability" Insurance Is Available To Protect First-Party Risks And Third-Party Liability Involved In Cyber-Crime

“…Network Security and Privacy Liability policies are generally designed to address first-party risks and third-party liability–sometimes in the same policies, sometimes separately…”

“…first-party losses. These might include business interruption, which could be caused by a flood or fire in a data center, or malicious hacking by a disgruntled employee or even a cyber-crook half a world away...”

There is also the risk of being sued by third parties for somehow allowing–or failing to prevent–unauthorized access to sensitive information.

When IT goes down, business screeches to a halt. Indeed, for businesses such as online retailers, brokerages and some financial firms, the IT and data assets are the entire business–every bit as critical as the factory and warehouse are to the hard-goods manufacturer, or the vehicle fleet to a trucking company.

As more and more companies–and their insurers–are realizing, this reliance on IT creates a hornet’s nest of risks that can result in crippling losses that conventional, turn-of-the-century P&C insurance coverages won’t respond to. These new issues call for a new category of coverage.

Perhaps even more ominous are the all-new liability exposures inherent in IT operations. A raft of relatively new regulations and legislation makes companies responsible for safeguarding personal and confidential data they collect as part of everyday e-commerce operations.

Companies are liable for customer credit card numbers, financial transactions, medical history, credit information and other sensitive data.

For more:  http://www.propertycasualty360.com/2010/03/15/cyber-coverage-the-new-must-have-in-the-property#

Comments Off on Hospitality Industry Information Technology (IT) Risks: "Network Security and Privacy Liability" Insurance Is Available To Protect First-Party Risks And Third-Party Liability Involved In Cyber-Crime

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology

Tagged as , , , ,

by | March 2, 2011 · 2:14 pm

Hospitality Industry Information Security: British Courts Jail Operators Of World's Largest Internet Crime "Forum" Which Provided "Hacking Software" And Credit Card Theft Instructions

The site contained manuals such as “14 ways of hacking credit cards” and “running cards on eBay” and information on staying anonymous. It sold hacking software and instructions on how to manufacture crystal meth and explosives.

Nicholas Webber, who masterminded the criminal website Ghostmarket.net, has been jailed for five years.

Three teenagers who founded and operated one of the world’s largest English-language internet crime forums, described in court as “Crimebook”, have been sentenced to up to five years in custody. Police estimate that losses from the thousands of credit details traded over the site, Gh0stMarket.net, amount to £16.2m. The web forum, which had 8,000 members worldwide, has been linked to hundreds of thousands of pounds of registered losses on 65,000 bank accounts.

Nicholas Webber, the site’s owner and founder, was arrested in October 2009 with the site’s administrator, Ryan Thomas, after trying to pay a £1,000 hotel bill using stolen card details. They were then 18 and 17. Webber was jailed for five years on Wednesday and Thomas for four years.

After seizing Webber’s laptop, police discovered details of 100,000 stolen credit cards and a trail back to the Gh0stMarket website. Webber and Thomas jumped bail that December, fleeing to Majorca, but were rearrested when they flew back to Gatwick airport on 31 January 2010.

Southwark crown court was told how public-school-educated Webber, the son of a former Guernsey politician, was using an offshore bank account in Costa Rica to process funds from the frauds. After his initial arrest, Webber threatened on a forum to blow up the head of the police e-crimes unit in retaliation, and used his hacking skills to trace officers’ addresses.

For more:  http://www.guardian.co.uk/uk/2011/mar/02/ghostmarket-web-scam-teenagers

Comments Off on Hospitality Industry Information Security: British Courts Jail Operators Of World's Largest Internet Crime "Forum" Which Provided "Hacking Software" And Credit Card Theft Instructions

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Technology, Theft

Tagged as , , , , ,

by | February 24, 2011 · 8:36 am

Hospitality Industry Advertising Risks: Misleading Hotel Guests Using Online "False Reviews" Or "Photoshopped" Images On Hotel Website "Violates The Law"

“…a person or company that endorses a service or product should be upfront about any financial connection they may have with the marketer. For example, if an employee of a hotel writes a review of the hotel, they must say they are an employee. Posing as an independent reviewer would violate the law…”

“…Fabricating a property’s appearance through the use of Photoshop or trick photography, or posting false online reviews to create a more appealing facade is not recommended or condoned by the American Hotel & Lodging Association…”

Misleading potential guests is not only ethically objectionable, it also minimizes the chance for repeat business, word-of-mouth referrals, and positive online reviews. Additionally, planted reviews are typically transparent and the intended result has the opposite effect.

For hoteliers, AH&LA recommends addressing and responding to negative online comments and accurately representing the hotel in online and offline material to ensure guest satisfaction and long-term success. For consumers, AH&LA recommends reviewing a mix of high, low, and medium online reviews to identify consistent characteristics of the hotel. Additionally, it’s advised to use multiple sources to obtain the most accurate depiction, including visiting the hotel’s Website, online and offline review sources, and Facebook.”

For more:  http://today.msnbc.msn.com/id/41741701/ns/today/

Comments Off on Hospitality Industry Advertising Risks: Misleading Hotel Guests Using Online "False Reviews" Or "Photoshopped" Images On Hotel Website "Violates The Law"

Filed under Crime, Guest Issues, Labor Issues, Management And Ownership, Risk Management, Technology, Training

Tagged as , , ,