Tag Archives: Cybercrime

by | April 12, 2012 · 1:10 am

Hospitality Industry Information Technology Risks: Hotel And Restaurant "POS Systems" Are The #1 Target Of Criminal Data Breaches

If a criminal can breach a system in the restaurant, they also have access to the front desk, the spa and any other connected system. The risk is even greater when hotels are part of a hotel chain with interconnected systems.

Franchise businesses are particularly at risk primarily because franchises tend to have the same POS system duplicated at all locations. If a cybercriminal can figure out a way to breach one, in all likelihood, they can replicate the attack at other locations.

In 2011, Trustwave SpiderLabs conducted 42 percent more data breach investigations than in the previous year. More than 85 percent of these data breaches occurred in the food and beverage, retail and hospitality industries.

Why the focus on these industries? There are several reasons, but the number one is that they all process credit cards. In our investigations, we found that the vast majority of assets targeted by criminals were point-of-sale software systems (75 percent of cases). Think of the scenario of a hotel that maintains a restaurant, a spa, as well as other services all connected to one POS system.  We’ve investigated cases where the criminal breaches the environment at one location and was in turn able to connect todozens of others through the wide area network used by the hotel chain.

For more:  http://www.forbes.com/sites/ciocentral/2012/04/11/restaurants-beware-hackers-want-your-customer-data/

2 Comments

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , , , ,

by | · 1:10 am

Hospitality Industry Information Technology Risks: Hotel And Restaurant "POS Systems" Are The #1 Target Of Criminal Data Breaches

If a criminal can breach a system in the restaurant, they also have access to the front desk, the spa and any other connected system. The risk is even greater when hotels are part of a hotel chain with interconnected systems.

Franchise businesses are particularly at risk primarily because franchises tend to have the same POS system duplicated at all locations. If a cybercriminal can figure out a way to breach one, in all likelihood, they can replicate the attack at other locations.

In 2011, Trustwave SpiderLabs conducted 42 percent more data breach investigations than in the previous year. More than 85 percent of these data breaches occurred in the food and beverage, retail and hospitality industries.

Why the focus on these industries? There are several reasons, but the number one is that they all process credit cards. In our investigations, we found that the vast majority of assets targeted by criminals were point-of-sale software systems (75 percent of cases). Think of the scenario of a hotel that maintains a restaurant, a spa, as well as other services all connected to one POS system.  We’ve investigated cases where the criminal breaches the environment at one location and was in turn able to connect todozens of others through the wide area network used by the hotel chain.

For more:  http://www.forbes.com/sites/ciocentral/2012/04/11/restaurants-beware-hackers-want-your-customer-data/

2 Comments

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , , , ,

by | March 20, 2012 · 11:47 am

Hospitality Industry Information Risks: "Specialized Cyber-Risk Insurance" Is Important In Providing "Security Liability" And "Privacy Liability" Coverage

A specialized cyber-risk insurance policy is necessary. Coverage would not usually be triggered under a commercial general liability policy–many of which also have exclusions. Importantly, property-damage policies typically do not acknowledge “data” as property.

“Cyber liability” is essentially comprised of two defined risks:

  • Security Liability: the unauthorized access and/or use of a network. Employees or others with access to the network can misappropriate identity information, business secrets, transmit malicious codes, and undertake a denial of service attack against your network or other networks.
  • Privacy Liability: the breach of personal data protection laws that allow individuals to control the collection, access, transmission, use, and accuracy of their personal information.

The available policy coverage options start with General Internet Crime Liability. This addresses the first and third party risks associated with e-business, the Internet, networks and informational assets.

However, it is critical to review your business activities to ensure appropriate coverage. To this needs to be added appropriate Property, Directors and Officers, Business Interruption and Fidelity wordings. For those businesses offering software and services susceptible to outage or malfunction associated with a cyber-attack, Electronic Errors and Omissions coverage should also be obtained.

For more:  http://www.pcworld.com/businesscenter/article/252126/can_insurance_cover_cybercrime_damages_at_your_business.html

Comments Off on Hospitality Industry Information Risks: "Specialized Cyber-Risk Insurance" Is Important In Providing "Security Liability" And "Privacy Liability" Coverage

Filed under Crime, Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Theft

Tagged as , , , , ,

by | December 18, 2011 · 6:55 am

Hospitality Industry Information Security: Study Finds Hotels Are "Prime Targets" For Financial Data Theft; "Infiltration Of Smartphones Through Bluetooth Technology"

“…Hotels also are prime targets for people looking to steal financial data. In a study of 200 data-breach cases, Trustwave’s SpiderLabs, the online security company’s research arm, found 38 percent occurred at hotels or resorts…”

Two key challenges for travelers involve the use of unsecured wireless networks at hotels, airports and other public venues and the infiltration of smartphones through Bluetooth technology.

Identity theft can be a rude awakening for many business travelers. Last year, identity theft made up 19 percent of the 1.3 million complaints stored in the Consumer Sentinel Network, a secure online database available to law-enforcement agencies.

Experts say business travelers are especially vulnerable because they increasingly rely on electronic devices that easily can be lost or hacked. Credant Technologies, a data-protection company, found that travelers have lost 11,000 mobile devices at the busiest U.S. airports this year, 37.5 percent of them laptops and 37.2 percent tablets or smartphones.

“You are 15 times more likely to have your identity stolen than to have your car broken into,” said Todd Davis, chairman and CEO of LifeLock, an identity-theft protection company.

For more:  http://www.delawareonline.com/article/20111218/BUSINESS/112180321/Identity-theft-risk-increases-when-traveling?odyssey=mod%7Cnewswell%7Ctext%7CBusiness%7Cs

2 Comments

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , ,

by | December 14, 2011 · 6:21 am

Hospitality Industry Information Security Risks: Most Hotels And Restaurants Have Experienced A "Cyber Attack" In The Past Year; "Intellectual Property Protection" Is Too Often Ignored

“…Seventy-three percent of small-to-middle-sized companies experienced a cyber attack in 2010, and 30% of those attacks were extremely effective, according to Symantec, a software security developer based in Mountan View, Calif…”

“…estimates are that this year…the cost associated with each breach has gone up to $214 per record…Negligence is a big issue,” “

With the increase in worldwide cyber crimes, smaller private businesses may be more vulnerable than larger ones, said an executive of Chubb Group of Insurance Companies. “It’s the perfect cyber storm,” said Ken Goldstein, vice president of the Chubb Group of Insurance Companies. “We’re in a bad economy; we’ve got private companies, generally small to middle in market size, that are strapped in what they can spend on intellectual property protection,” he said.

At the same time, he said, new technology means “cyber thieves can essentially hack from anywhere around the globe.”

Cyber crimes can do serious harm to an organization’s bottom line. According to Ponemon’s, the median annualized cost of cyber crimes for the 50 organizations studied was $5.9 million, with a range of $1.5 million to $36.5 million. This represents a 56% increase since last year.

“Multiply that by the number of customers that you service; it could be a sizable amount of money that a company would have to pay out of pocket,” Goldstein said.

The most costly cyber crimes are those caused by malicious code, denial of service, stolen devices and Web-based attacks, Goldstein said. Besides deliberate cyber theft, Goldstein says company information loss sometimes is a byproduct of employee negligence. An employee losing their mobile device at a hotel or restaurant, for example, could lead to a breach, he said.

For more:  http://www.fa-mag.com/fa-news/9382-smaller-private-companies-at-greater-risk-of-cyber-attack-.html

Comments Off on Hospitality Industry Information Security Risks: Most Hotels And Restaurants Have Experienced A "Cyber Attack" In The Past Year; "Intellectual Property Protection" Is Too Often Ignored

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology

Tagged as , , , , ,

by | November 17, 2011 · 3:37 am

Hospitality Industry Internet Risks: Recent Studies Show Dramatic Increases "Mobile Space Cybercrime" As Criminals Focus On Smartphones And Tablets

“…The usage of Internet through mobile phone had been on a rapid upward trend. This led to 42 per cent more mobile vulnerabilities last year compared to the year before, as shown in a Symantec Internet Security Threat Report…”

“…cybercriminals were starting to focus their efforts on the mobile space as more and more mobile users switched to smartphones and tablets instead of the conventional desktops…”

A recent worldwide study conducted by Norton by Symantec aimed at unveiling the cost of global crime, has concluded that online adults footed a bill of over US$388 billion in the past year.

According to Symantec Corporation Sdn Bhd consumer sales manager Jason Mok, the price tag came to be as the study took into account not only the direct cash cost of cybercrime – that being the money stolen by cybercrime and money spent on resolving cyber-attacks – which was up to US$114 billion, but also the amount which victims of cybercrime valued the time they lost to cybercrime, which was US$274 billion.

“The Norton Cybercrime Report 2011 found that more than two thirds of online adults have been a victim of cybercrime in their lifetime. Every second, 14 adults become a victim of cybercrime, resulting in more than one million cybercrime victims per day,” stated Mok, who also pointed out that the rate was higher than the worldwide birth rate.

Mok marked this as a sign that cybercriminals were starting to focus their efforts on the mobile space as more and more mobile users switched to smartphones and tablets instead of the conventional desktops.

“This had led to an increasing importance of mobile security, as you are not only losing your phone or tablet, you are losing your personal information, identity as well as your money,” Mok informed the crowd during a media briefing held at a hotel here yesterday.

Read more: http://www.theborneopost.com/2011/11/16/norton-by-symantec-study-reveals-alarming-rate-of-cybercrime-caused-by-under-protection/#ixzz1dvTlh9u3

Comments Off on Hospitality Industry Internet Risks: Recent Studies Show Dramatic Increases "Mobile Space Cybercrime" As Criminals Focus On Smartphones And Tablets

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Technology, Theft

Tagged as , , , , ,

by | October 28, 2011 · 5:41 am

Hospitality Industry Cyber Crime: Washington Hotel Room Used By "Identity Theft" Ring Exposed By Credit Card Company Alerting Card Owner Of Hotel Room Booked At Hotel

“…The man’s credit-card company had alerted him that someone using his card had booked a room there…”

“…Police say the search turned up cell phones, lap top computers, computer hard drives, iPod touches, electronic storage devices, magnetic card readers, routers, hotspots and computer peripherals…”

Police have arrested two men and say a search has turned up evidence that there may be more victims of identity theft. Police say they have yet to determine how many vicitms there might be.

Just after noon on Tuesday, East Precinct patrol officers met a man in the lobby of the Silver Cloud Hotel in the 1100 block of Broadway. Officers went to the room and found two men.

In the room, they saw several cell phones, laptops, a WiFi hotspot, router and papers with credit-card numbers.

Detectives with the fraud, forgery and financial explotation unit got a warrant to search the room and the suspects’ vehicle.

For more:  http://www.seattlepi.com/local/article/Seattle-cops-may-have-busted-identity-theft-ring-2239352.php

Comments Off on Hospitality Industry Cyber Crime: Washington Hotel Room Used By "Identity Theft" Ring Exposed By Credit Card Company Alerting Card Owner Of Hotel Room Booked At Hotel

Filed under Crime, Guest Issues, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , ,

by | October 14, 2011 · 6:15 am

Hospitality Industry Guest Information Risks: Hotels Are Collecting More Personal Information On Guests And Protecting "Personally Identifiable Information" Is Top Priority

“…ensuring the security of this data is so important that it’s consuming hotel IT departments’ attention right now, said Josh Weiss, Hilton Worldwide’s VP of brand and guest technology…”

 “…The stakes involved in protecting “personally identifiable information” (data that can be used to uniquely identify, contact or locate a single person) are far higher with this personal information than with credit-card information…”

As hotels collect more personal information about guests and the Epsilon and Sony data breaches earlier this year shook people’s confidence in corporate data protection, hotel guests are increasingly asking hotels how well they’re securing their personal information, Mark McBeth, Starwood Hotels’ VP of information technology, said during a recent conference.

IT execs from Starwood and also Hilton and owner/operator White Lodging said they’re responding by making guest-data security their No. 1 priority. “PII is considered high-risk because if there were to be a breach, you’re exposing the guest’s identity,” he said. “It paints some pretty scary pictures.”

A “PII” breach could potentially lead to child abduction or a murder if information falls into the wrong hands, he said.

For more:  http://travel.usatoday.com/hotels/post/2011/10/starwood-hilton-work-to-protect-personally-identifiable-information/553616/1

Comments Off on Hospitality Industry Guest Information Risks: Hotels Are Collecting More Personal Information On Guests And Protecting "Personally Identifiable Information" Is Top Priority

Filed under Crime, Guest Issues, Insurance, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , ,

by | September 15, 2011 · 10:17 am

Hospitality Industry Cybercrime Risks: Hotel Management Should Have Policies "Disclosing Risks Of Hotel Computer And Wireless Internet Usage"

“…According to a report from antivirus software manufacturer Norton, global cybercrime has claimed 431 million adult victims in the past year, costing countries $114 billion in direct financial losses. That figure jumps to $388 billion when you factor in the value that victims place on the time they spent recouping the losses…”

Last year, in the U.S. specifically, more than 74 million people were victims of some form of cybercrime, leading to $32 billion in direct financial losses.

  • Recognize that your smartphone is really a pocket-size computer and is prone to the same types of attacks directed at your laptop and desktop. Take steps to protect it, such as keeping your operating system current and creating a strong password.
  • Keep your personal information to yourself. For instance, don’t put your entire birth date, including the year, on Facebook. Think about the security questions normally posed by your bank and other secure locations: “first school you attended,” “name of favorite pet” and the like. Are your answers on display online?
  • Know the pitfalls of public Wi-Fi. CreditCards.com says, “Avoid public wireless Internet connections unless you have beefed-up security protection.”
  • Beware of public computers, too. For instance, Kiplinger says, “Don’t access your accounts or personal information on public hotel computers, which could have software that logs keystrokes and records your passwords and account numbers.”
  • Use credit cards, rather than debit cards, when making purchases online. In case of fraud, you’ll get much better protection from liability with a credit card.

For more:  http://money.msn.com/identity-theft/article.aspx?post=6730f6ce-5203-4b59-bd46-f65a7a3545c2

Comments Off on Hospitality Industry Cybercrime Risks: Hotel Management Should Have Policies "Disclosing Risks Of Hotel Computer And Wireless Internet Usage"

Filed under Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , ,

by | September 13, 2011 · 10:49 am

Hospitality Industry Information Security Risks: Senate Introduces "Personal Data Protection And Breach Accountability Act Of 2011" Forcing Companies To Secure Personal Data

“…Introduced by Sen. Richard Blumenthal (D-Conn.), the Personal Data Protection and Breach Accountability Act of 2011 would force companies that hold online information for more than 10,000 people to follow strict guidelines to ensure the data is stored correctly…”

The U.S. Senate will consider a bill aimed at protecting citizens’ personal information from online data theft, and penalizing companies that don’t adequately store and safeguard their customers’ personal information.

The bill would impose fines on companies who don’t follow the guidelines and leave customer data open to compromise, and open the door for customers to sue companies that don’t adequately protect their data.

Blumenthal’s bill would put the U.S. government in line with states such as Massachusetts, which has legislation that fines companies that improperly protect residents’ digital data.

For more:  http://www.msnbc.msn.com/id/44491737/

Comments Off on Hospitality Industry Information Security Risks: Senate Introduces "Personal Data Protection And Breach Accountability Act Of 2011" Forcing Companies To Secure Personal Data

Filed under Crime, Guest Issues, Insurance, Legislation, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , ,