Tag Archives: Cybersecurity

by | March 20, 2012 · 11:47 am

Hospitality Industry Information Risks: "Specialized Cyber-Risk Insurance" Is Important In Providing "Security Liability" And "Privacy Liability" Coverage

A specialized cyber-risk insurance policy is necessary. Coverage would not usually be triggered under a commercial general liability policy–many of which also have exclusions. Importantly, property-damage policies typically do not acknowledge “data” as property.

“Cyber liability” is essentially comprised of two defined risks:

  • Security Liability: the unauthorized access and/or use of a network. Employees or others with access to the network can misappropriate identity information, business secrets, transmit malicious codes, and undertake a denial of service attack against your network or other networks.
  • Privacy Liability: the breach of personal data protection laws that allow individuals to control the collection, access, transmission, use, and accuracy of their personal information.

The available policy coverage options start with General Internet Crime Liability. This addresses the first and third party risks associated with e-business, the Internet, networks and informational assets.

However, it is critical to review your business activities to ensure appropriate coverage. To this needs to be added appropriate Property, Directors and Officers, Business Interruption and Fidelity wordings. For those businesses offering software and services susceptible to outage or malfunction associated with a cyber-attack, Electronic Errors and Omissions coverage should also be obtained.

For more:  http://www.pcworld.com/businesscenter/article/252126/can_insurance_cover_cybercrime_damages_at_your_business.html

Comments Off on Hospitality Industry Information Risks: "Specialized Cyber-Risk Insurance" Is Important In Providing "Security Liability" And "Privacy Liability" Coverage

Filed under Crime, Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Theft

Tagged as , , , , ,

by | March 1, 2012 · 1:24 am

Hospitality Industry Information Risks: Hotel's Store "Enormous Amounts Of Data" That Is Never Used; 100% At Risk And 0% Value

“…companies can go a long way toward reducing their exposure to significant losses resulting from a security breach by putting themselves on a “data diet…There is an enormous amount of information that we never use, but we never get rid of. It’s 100% risk and 0% value. As a risk manager, that’s the scariest equation you’re ever going to hear…”

While there is no way for companies to completely eliminate the risk of data breaches and cyber attacks, there are several steps they can take to reduce their potential financial and reputational losses, a panel of experts said Thursday at the third annual Business Insurance Risk Management Summit®in New York.

“The fact is that you’re going to be attacked. That’s the reality,” said Alan Brill, senior managing director of secure information services for New York-based Kroll Inc. A well-crafted cyber risk management program need not be wildly expensive or complex, Mr Kroll said, but should at least strive for “commercially reasonable levels” based on company size and industry.

For more:  http://www.businessinsurance.com/article/20120229/NEWS06/120229881?tags=|338|299|302|342|303|335

Comments Off on Hospitality Industry Information Risks: Hotel's Store "Enormous Amounts Of Data" That Is Never Used; 100% At Risk And 0% Value

Filed under Guest Issues, Insurance, Labor Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , ,

by | December 14, 2011 · 6:21 am

Hospitality Industry Information Security Risks: Most Hotels And Restaurants Have Experienced A "Cyber Attack" In The Past Year; "Intellectual Property Protection" Is Too Often Ignored

“…Seventy-three percent of small-to-middle-sized companies experienced a cyber attack in 2010, and 30% of those attacks were extremely effective, according to Symantec, a software security developer based in Mountan View, Calif…”

“…estimates are that this year…the cost associated with each breach has gone up to $214 per record…Negligence is a big issue,” “

With the increase in worldwide cyber crimes, smaller private businesses may be more vulnerable than larger ones, said an executive of Chubb Group of Insurance Companies. “It’s the perfect cyber storm,” said Ken Goldstein, vice president of the Chubb Group of Insurance Companies. “We’re in a bad economy; we’ve got private companies, generally small to middle in market size, that are strapped in what they can spend on intellectual property protection,” he said.

At the same time, he said, new technology means “cyber thieves can essentially hack from anywhere around the globe.”

Cyber crimes can do serious harm to an organization’s bottom line. According to Ponemon’s, the median annualized cost of cyber crimes for the 50 organizations studied was $5.9 million, with a range of $1.5 million to $36.5 million. This represents a 56% increase since last year.

“Multiply that by the number of customers that you service; it could be a sizable amount of money that a company would have to pay out of pocket,” Goldstein said.

The most costly cyber crimes are those caused by malicious code, denial of service, stolen devices and Web-based attacks, Goldstein said. Besides deliberate cyber theft, Goldstein says company information loss sometimes is a byproduct of employee negligence. An employee losing their mobile device at a hotel or restaurant, for example, could lead to a breach, he said.

For more:  http://www.fa-mag.com/fa-news/9382-smaller-private-companies-at-greater-risk-of-cyber-attack-.html

Comments Off on Hospitality Industry Information Security Risks: Most Hotels And Restaurants Have Experienced A "Cyber Attack" In The Past Year; "Intellectual Property Protection" Is Too Often Ignored

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology

Tagged as , , , , ,

by | November 24, 2011 · 6:47 am

Hospitality Industry Information Security: Hotel Chain Computer System Hacked By Man Who Threatened To Reveal Confidential Information If He Was Not Hired For IT Position

“…an infected email attachment (was) sent to some Marriott employees to install malicious software on the company’s system that gave him a “backdoor” access to proprietary email and other files…”

“…Nemeth sent an email to Marriott staff on November 11 last year, informing them that he had been accessing Marriott’s computers for months and had obtained proprietary information… He threatened to reveal the information if Marriott did not give him a job maintaining the company’s computers…”

A Hungarian citizen has pleaded guilty to stealing confidential information from the computers of Marriott International, and threatening to reveal the information if the hotel chain did not offer him a job maintaining the company’s computers, the Department of Justice said.

Attila Nemeth, 26, pleaded guilty in a US court, according to a statement by DOJ. He was detained after he travelled to the states on a ticket purchased by Marriott for a fictitious job interview.

As he had not received a response from Marriott, Nemeth sent another mail on November 13 containing eight attachments, seven of which were documents stored on Marriott’s computers. The documents included financial documentation and other confidential and proprietary information, the DOJ said.

A US Secret Service agent, using the identity of a fictitious employee of Marriott, communicated with Nemeth on November 18, who continued to call and email the undercover agent demanding a job to prevent the public release of the documents, according to the plea agreement. Nemeth emailed a copy of his Hungarian passport as identification and offered to travel to America, according to the DOJ.

For more:  http://news.techworld.com/security/3320672/marriott-hotel-chain-hacked-by-disgruntled-job-seeker/

Comments Off on Hospitality Industry Information Security: Hotel Chain Computer System Hacked By Man Who Threatened To Reveal Confidential Information If He Was Not Hired For IT Position

Filed under Crime, Labor Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , , ,

by | November 17, 2011 · 3:37 am

Hospitality Industry Internet Risks: Recent Studies Show Dramatic Increases "Mobile Space Cybercrime" As Criminals Focus On Smartphones And Tablets

“…The usage of Internet through mobile phone had been on a rapid upward trend. This led to 42 per cent more mobile vulnerabilities last year compared to the year before, as shown in a Symantec Internet Security Threat Report…”

“…cybercriminals were starting to focus their efforts on the mobile space as more and more mobile users switched to smartphones and tablets instead of the conventional desktops…”

A recent worldwide study conducted by Norton by Symantec aimed at unveiling the cost of global crime, has concluded that online adults footed a bill of over US$388 billion in the past year.

According to Symantec Corporation Sdn Bhd consumer sales manager Jason Mok, the price tag came to be as the study took into account not only the direct cash cost of cybercrime – that being the money stolen by cybercrime and money spent on resolving cyber-attacks – which was up to US$114 billion, but also the amount which victims of cybercrime valued the time they lost to cybercrime, which was US$274 billion.

“The Norton Cybercrime Report 2011 found that more than two thirds of online adults have been a victim of cybercrime in their lifetime. Every second, 14 adults become a victim of cybercrime, resulting in more than one million cybercrime victims per day,” stated Mok, who also pointed out that the rate was higher than the worldwide birth rate.

Mok marked this as a sign that cybercriminals were starting to focus their efforts on the mobile space as more and more mobile users switched to smartphones and tablets instead of the conventional desktops.

“This had led to an increasing importance of mobile security, as you are not only losing your phone or tablet, you are losing your personal information, identity as well as your money,” Mok informed the crowd during a media briefing held at a hotel here yesterday.

Read more: http://www.theborneopost.com/2011/11/16/norton-by-symantec-study-reveals-alarming-rate-of-cybercrime-caused-by-under-protection/#ixzz1dvTlh9u3

Comments Off on Hospitality Industry Internet Risks: Recent Studies Show Dramatic Increases "Mobile Space Cybercrime" As Criminals Focus On Smartphones And Tablets

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Technology, Theft

Tagged as , , , , ,

by | October 14, 2011 · 6:15 am

Hospitality Industry Guest Information Risks: Hotels Are Collecting More Personal Information On Guests And Protecting "Personally Identifiable Information" Is Top Priority

“…ensuring the security of this data is so important that it’s consuming hotel IT departments’ attention right now, said Josh Weiss, Hilton Worldwide’s VP of brand and guest technology…”

 “…The stakes involved in protecting “personally identifiable information” (data that can be used to uniquely identify, contact or locate a single person) are far higher with this personal information than with credit-card information…”

As hotels collect more personal information about guests and the Epsilon and Sony data breaches earlier this year shook people’s confidence in corporate data protection, hotel guests are increasingly asking hotels how well they’re securing their personal information, Mark McBeth, Starwood Hotels’ VP of information technology, said during a recent conference.

IT execs from Starwood and also Hilton and owner/operator White Lodging said they’re responding by making guest-data security their No. 1 priority. “PII is considered high-risk because if there were to be a breach, you’re exposing the guest’s identity,” he said. “It paints some pretty scary pictures.”

A “PII” breach could potentially lead to child abduction or a murder if information falls into the wrong hands, he said.

For more:  http://travel.usatoday.com/hotels/post/2011/10/starwood-hilton-work-to-protect-personally-identifiable-information/553616/1

Comments Off on Hospitality Industry Guest Information Risks: Hotels Are Collecting More Personal Information On Guests And Protecting "Personally Identifiable Information" Is Top Priority

Filed under Crime, Guest Issues, Insurance, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , ,

by | September 29, 2011 · 6:09 am

Hospitality Industry Information Security: Major Hotels Move Closer To "Secure Payments Framework" That Will Protect Guest Credit Card Data Through "Tokenization"

 “Every major hotel company is working to get as many of their systems as possible out of the scope of the Payment Card Industry Data Security Standards (PCI-DSS)…Most of these companies have focused on solutions based on tokenization, and many have implemented them or are in the process of doing so.”

Tokenization is a process whereby sensitive card data is stored in a single secure location, which may be operated by a hotel brand, a payment gateway or another third party, and replaced in hotel systems by substitute “tokens.”  The tokens can be used to complete the transaction, but are useless if intercepted electronically by a thief. 

Top hotel security executives met several times to discuss this problem as the HTNG Secure Payments Framework effort took shape during August and early September.  Early discussions indicated a broad agreement that a single industry framework is needed, and that the framework needs to work with existing security approaches in place at major hotel companies and in commonly used systems.  There was also agreement on the key elements needed for the industry framework.  The group intends to document this framework conceptually in a white paper that will form the basis for subsequent standards development.

  This new effort will leverage hotel companies’ prior investment in tokenization efforts, adding a layer of security that will enable those solutions to be extended to unrelated parties that may be involved in transactions, such as online travel agencies, global distribution systems, switches, channel management systems, central reservation systems, management companies, independent hotels, payment gateways, swipe devices, and other parties.  “The approach is intended to enable the tokenization of card data by the first system that touches the reservation,” said Rice.  “The sensitive data will remain stored in a secure vault, and all of the other systems will simply pass along the token in place of the credit card.  The hotel itself can then submit the token to its token provider or gateway to complete the card transaction.  The card data itself need never touch a hotel system.”

For more:  http://www.hotelnewsresource.com/article58324.html

Comments Off on Hospitality Industry Information Security: Major Hotels Move Closer To "Secure Payments Framework" That Will Protect Guest Credit Card Data Through "Tokenization"

Filed under Guest Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology

Tagged as , , , ,

by | September 15, 2011 · 10:17 am

Hospitality Industry Cybercrime Risks: Hotel Management Should Have Policies "Disclosing Risks Of Hotel Computer And Wireless Internet Usage"

“…According to a report from antivirus software manufacturer Norton, global cybercrime has claimed 431 million adult victims in the past year, costing countries $114 billion in direct financial losses. That figure jumps to $388 billion when you factor in the value that victims place on the time they spent recouping the losses…”

Last year, in the U.S. specifically, more than 74 million people were victims of some form of cybercrime, leading to $32 billion in direct financial losses.

  • Recognize that your smartphone is really a pocket-size computer and is prone to the same types of attacks directed at your laptop and desktop. Take steps to protect it, such as keeping your operating system current and creating a strong password.
  • Keep your personal information to yourself. For instance, don’t put your entire birth date, including the year, on Facebook. Think about the security questions normally posed by your bank and other secure locations: “first school you attended,” “name of favorite pet” and the like. Are your answers on display online?
  • Know the pitfalls of public Wi-Fi. CreditCards.com says, “Avoid public wireless Internet connections unless you have beefed-up security protection.”
  • Beware of public computers, too. For instance, Kiplinger says, “Don’t access your accounts or personal information on public hotel computers, which could have software that logs keystrokes and records your passwords and account numbers.”
  • Use credit cards, rather than debit cards, when making purchases online. In case of fraud, you’ll get much better protection from liability with a credit card.

For more:  http://money.msn.com/identity-theft/article.aspx?post=6730f6ce-5203-4b59-bd46-f65a7a3545c2

Comments Off on Hospitality Industry Cybercrime Risks: Hotel Management Should Have Policies "Disclosing Risks Of Hotel Computer And Wireless Internet Usage"

Filed under Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , ,

by | September 13, 2011 · 10:49 am

Hospitality Industry Information Security Risks: Senate Introduces "Personal Data Protection And Breach Accountability Act Of 2011" Forcing Companies To Secure Personal Data

“…Introduced by Sen. Richard Blumenthal (D-Conn.), the Personal Data Protection and Breach Accountability Act of 2011 would force companies that hold online information for more than 10,000 people to follow strict guidelines to ensure the data is stored correctly…”

The U.S. Senate will consider a bill aimed at protecting citizens’ personal information from online data theft, and penalizing companies that don’t adequately store and safeguard their customers’ personal information.

The bill would impose fines on companies who don’t follow the guidelines and leave customer data open to compromise, and open the door for customers to sue companies that don’t adequately protect their data.

Blumenthal’s bill would put the U.S. government in line with states such as Massachusetts, which has legislation that fines companies that improperly protect residents’ digital data.

For more:  http://www.msnbc.msn.com/id/44491737/

Comments Off on Hospitality Industry Information Security Risks: Senate Introduces "Personal Data Protection And Breach Accountability Act Of 2011" Forcing Companies To Secure Personal Data

Filed under Crime, Guest Issues, Insurance, Legislation, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , ,

by | August 24, 2011 · 8:00 am

Hospitality Industry Guest Privacy Risks: Virginia Hotel Sued For Violating "Fair And Accurate Credit Transactions Act"; Receipts "Bore Expiration Date Of Credit Card"

“…(the suit) would include individuals who received electronically printed receipts for transactions at Marjac Suites after June 30, 2008, and whose receipts bore the expiration date of their credit or debit card…”

A willful violation of the statute, the Fair and Accurate Credit Transactions Act, can trigger damages of $100 to $1,000 per transaction, along with attorneys’ fees and costs.

A Virginia Beach hotel broke a privacy-protection law by including restricted information on a credit-card receipt, a hotel guest alleges in a suit filed in federal court in Norfolk.

The plaintiff, James T. Buechler of Baltimore County, Md., contends that Marjac Suites on Atlantic Avenue and its owner, Burlage Hotel Associates, violated a federal statute in January by printing Buechler’s card-expiration date on his receipt at checkout.

Buechler is seeking damages “on behalf of himself and the thousands of other consumers placed at risk by defendant’s unlawful practice,” according to the suit, filed Aug. 10.

Buechler is asking the court to certify his suit as a class action. Members of the proposed class would include individuals who received electronically printed receipts for transactions at Marjac Suites after June 30, 2008, and whose receipts bore the expiration date of their credit or debit card.

For more:  http://hamptonroads.com/2011/08/guest-claims-va-beach-hotel-violated-privacy-law

2 Comments

Filed under Crime, Guest Issues, Legislation, Liability, Management And Ownership, Privacy, Risk Management

Tagged as , , ,