Tag Archives: Technology

by | November 24, 2011 · 6:47 am

Hospitality Industry Information Security: Hotel Chain Computer System Hacked By Man Who Threatened To Reveal Confidential Information If He Was Not Hired For IT Position

“…an infected email attachment (was) sent to some Marriott employees to install malicious software on the company’s system that gave him a “backdoor” access to proprietary email and other files…”

“…Nemeth sent an email to Marriott staff on November 11 last year, informing them that he had been accessing Marriott’s computers for months and had obtained proprietary information… He threatened to reveal the information if Marriott did not give him a job maintaining the company’s computers…”

A Hungarian citizen has pleaded guilty to stealing confidential information from the computers of Marriott International, and threatening to reveal the information if the hotel chain did not offer him a job maintaining the company’s computers, the Department of Justice said.

Attila Nemeth, 26, pleaded guilty in a US court, according to a statement by DOJ. He was detained after he travelled to the states on a ticket purchased by Marriott for a fictitious job interview.

As he had not received a response from Marriott, Nemeth sent another mail on November 13 containing eight attachments, seven of which were documents stored on Marriott’s computers. The documents included financial documentation and other confidential and proprietary information, the DOJ said.

A US Secret Service agent, using the identity of a fictitious employee of Marriott, communicated with Nemeth on November 18, who continued to call and email the undercover agent demanding a job to prevent the public release of the documents, according to the plea agreement. Nemeth emailed a copy of his Hungarian passport as identification and offered to travel to America, according to the DOJ.

For more:  http://news.techworld.com/security/3320672/marriott-hotel-chain-hacked-by-disgruntled-job-seeker/

Comments Off on Hospitality Industry Information Security: Hotel Chain Computer System Hacked By Man Who Threatened To Reveal Confidential Information If He Was Not Hired For IT Position

Filed under Crime, Labor Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , , ,

by | October 25, 2011 · 5:27 am

Hospitality Industry Internet Issues: Hotel "Wi-Fi Networks" Are Facing "Exponentially" Higher Demand From Guest Usage Of iPads; Investment In More Bandwidth Necessary

“…Some hotel Internet service providers are proposing a solution that offers tiered Wi-Fi service. The lowest level, suitable for basic Internet requirements like checking e-mail, would be free, but other levels would be priced depending on bandwidth requirements…”

 “… iPads consume four times more Wi-Fi data per month than the average smartphone…”

Largely because of the broad use of iPads and other mobile tablets, which are heavy users of video streaming, the guest room Wi-Fi networks that most hotels thought they had brought up to standard just a few years ago are now often groaning under user demands.

“The iPad is the fastest-selling device in consumer electronics history, and because of it the demand placed on any public place Wi-Fi system has gone up exponentially in the last year and a half,” said David W. Garrison, the chief executive of iBAHN, a provider of systems for the hotel and meetings industries.

This means more hotel customers are unhappy with their Internet connections. Hotel owners, meanwhile, who are digging out from a two-year slump caused by the recession, will probably have to invest more money to provide more bandwidth.

For travelers, it may mean still another fee, since hotels will be paying their own Internet bills.

For more:  http://www.nytimes.com/2011/10/25/business/ipads-change-economics-and-speed-of-hotel-wi-fi-on-the-road.html

Comments Off on Hospitality Industry Internet Issues: Hotel "Wi-Fi Networks" Are Facing "Exponentially" Higher Demand From Guest Usage Of iPads; Investment In More Bandwidth Necessary

Filed under Guest Issues, Maintenance, Management And Ownership, Technology

Tagged as , , , ,

by | October 20, 2011 · 7:13 pm

Hospitality Industry Guest Room Security: "Mobile Phone Master Key ByPass" Technology Allows Instant "Neutralizing" Of Lost Or Stolen Master Keys

“…when a master key is lost or stolen, each and every lock must be manually re-programmed to ensure that anyone finding the master key cannot open every door in the hotel…”

 Hotel managers have long experienced the logistical and costly hurdles of having to manage the loss of staff master key cards. With the uptake of Mobile Key by OpenWays – the industry’s first and only ubiquitous mobile phone guest front desk bypass method allowing the unlocking of guestroom doors – hoteliers have been quick to realize the additional opportunity to help mobilize their workforce. As a result, OpenWays announces the launch of Mobile Master Key.

Appropriate administration of master keys is critically important for the safe and secure management of any hotel.

With OpenWays Mobile Master Key, neutralizing a lost or stolen master key happens simply with the push of a button. There are no locks to walk to and reprogram. It’s a highly secure and easy process. Since reporting the loss now has limited consequences, staff members are more inclined to immediately report a loss vs. trying to find their plastic card for hours before eventually reporting the loss to hotel security.”

For more: http://www.hospitalitynet.org/news/154000320/4053444.html

Comments Off on Hospitality Industry Guest Room Security: "Mobile Phone Master Key ByPass" Technology Allows Instant "Neutralizing" Of Lost Or Stolen Master Keys

Filed under Guest Issues, Labor Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology

Tagged as , , ,

by | September 20, 2011 · 5:49 am

Hospitality Industry Theft Risks: Washington Hotel Housekeeper Arrested For "Stealing iPad" From Guest Room; Global Positioning System (GPS) On Device Tracks Down Suspect

“…The guest noticed his iPad missing from his room Sept. 9, and there was no forced entry… the man used a GPS that had been installed on the device as an anti-theft measure to trace the iPad to Zavala’s apartment complex…”

Olympia detectives arrested a housekeeper at the Red Lion Hotel Olympia on Friday after a hotel guest tracked a global positioning system on his missing iPad to the housekeeper’s apartment, police said

The man contacted police, and detectives went to Zavila’s apartment. She admitted to taking the iPad.

Detectives executed a search warrant at the apartment and found the iPad. They also found a laptop, jewelry and other items that might have been stolen.

Hotel General Manager Jay Johnson said Zavala has been suspended pending the outcome of her case. He added that hotel officials believe the theft is an isolated incident.

Read more: http://www.theolympian.com/2011/09/19/1806512/hotel-housekeeper-accused-of-stealing.html#ixzz1YV3toCsb

Comments Off on Hospitality Industry Theft Risks: Washington Hotel Housekeeper Arrested For "Stealing iPad" From Guest Room; Global Positioning System (GPS) On Device Tracks Down Suspect

Filed under Crime, Guest Issues, Labor Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Tagged as , , , ,

by | August 15, 2011 · 5:31 am

Hospitality Industry Information Security: Hotels And Resorts Are Targeted For Cyber Attacks Because Of Faulty "Data Collection Practices"

“…The report said the largest share of cyber attacks — 38% — were aimed at hotels, resorts and tour companies…”

“… large hotel chains are most vulnerable because hotel management companies may not be able to monitor how data is collected and stored at dozens or even hundreds of properties throughout the world. Independent contractors who work for individual hotels can also open the door to hackers and computer viruses…”

A business traveler who books hotel rooms via the Internet, may be at higher risk of being victimized by computer hackers and identity thieves.

Insurance claims for data theft worldwide jumped 56% last year, with a bigger number of those attacks targeting the hospitality industry, according to a new report by Willis Group Holdings, a British insurance firm.

That could spell trouble for business travelers who submit credit card numbers and other personal information to hotel websites, said Laurie Fraser, global markets leisure practice leader for Willis.

For more:  http://www.latimes.com/business/la-fi-travel-briefcase-20110815,0,65581.story

Comments Off on Hospitality Industry Information Security: Hotels And Resorts Are Targeted For Cyber Attacks Because Of Faulty "Data Collection Practices"

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , ,

by | August 5, 2011 · 6:38 am

Hospitality Industry Information Security Risks: "Cyber Attack Claims" Increase 56% Mainly Through "Rogue Employees, Malicious Attacks, And Mistakes By Outsourcing Firms"

“…The vast quantities of personal, identifiable information collected by the leisure and hospitality industry have made the sector a chief target for cyber attacks, according to Willis…with reports of a 56% rise in cyber claims over the past year….”

“…Rogue employees, malicious attacks, and mistakes by outsourcing firms appear to be the main culprits, with hackers getting ever-more sophisticated in their attempts to drain corporate databases of customers’ personal details…”

Willis warns that some breaches can cost in excess of $100 million and with more stringent data protection legislation coming into force, companies’ financial exposure to this type of crime will increase further.

“Recent breakthroughs include the introduction of identity theft solutions and Payment Card Industry fines coverage, which helps to protect companies from penalties linked to the mismanagement of credit card data.”

For more:  http://www.insurancedaily.co.uk/2011/08/03/hospitality-and-leisure-attract-cyber-attacks/

Comments Off on Hospitality Industry Information Security Risks: "Cyber Attack Claims" Increase 56% Mainly Through "Rogue Employees, Malicious Attacks, And Mistakes By Outsourcing Firms"

Filed under Claims, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Tagged as , , , , ,

by | July 26, 2011 · 10:25 am

Hospitality Industry Security Risks: Hotel "Cyber Liability Myths Exposed"

Cyber Liability Myths Exposed

By Brad Durbin – Petra Risk Solutions 

 

In today’s e-commerce society, operating your hotel without cyber liability coverage is like attempting to drive your car blindfolded on a  Southern California  freeway during rush-hour traffic. 

Here are three common myths and misconceptions I’ve heard repeatedly when discussing cyber liability insurance coverage with hotel owners and operators. 

Myth #1 – “I use the online reservation system offered by my franchise.  They’ll cover me if their system is hacked and my guest’s personal information is compromised.”

This is by far the most common misconception among hoteliers about their exposure and responsibility for a data breach. It’s easy to see why.  You are using your franchisor’s reservation system, which is offered as part of your franchise agreement.  Why wouldn’t they cover you if their system is hacked? 

The answer is in your contract.  While some franchise agreements are more favorable in this area than others, most contain special provisions regarding the use of their online reservation systems.  These provisions typically state that the hotel will be responsible for defending the franchisor and holding them harmless, regardless of whether the data breach came from within the online reservation system. 

The exposure is even greater for non-franchised properties using third party reservations system providers or wholesalers.  I have yet to come across a contract for these services that could be viewed as favorable for the hotel in the event that the reservation system is breached. 

 Myth #2 – “If a hotel guest’s credit card information is stolen at the property level, my Payment Card Processing company will cover me under their policy.” 

Most hoteliers erroneously assume that their Payment Card Processing Company (PCP) will have their best interest in mind in the event of a data breach.  I’m not sure why.  No business, regardless of how great or longstanding your relationship with them has been, will volunteer to pay significant attorney costs and consumer notification fees for you unless they are contractually obligated to do so.  Not surprisingly, most PCP contracts are heavily weighted in favor of the PCP provider regardless of where the data was taken from or if the PCP company is to blame.

Your liability is even greater for a data breach that can be traced back to the hotel property level.  If this happens, the Payment Card Industry (PCI) mandates that you conduct a forensic accounting audit of all your records.  These audits can cost $20,000 – $25,000 for a single location, limited service property. This amount does not include fines typical for any non-compliance issues discovered during the audit. 

Myth #3 – “Cyber liability coverage is a waste of money.”

Most states have laws requiring you to notify EVERY GUEST in your database upon discovery of a breach (e.g. California Senate Bill 1386).  Analysts estimate that the average cost for this notification is approximately $30 per record.  Multiply this by the number of records in your system, or the number of guests who have stayed at your hotel over the years, and you can see just how financially devastating these claims can become. 

For a typical limited service franchised property with $2,500,000 – $5,000,000 in annual room revenue, a cyber liability policy with a $1,000,000 limit can usually be obtained for less than $7,000 annually… an extremely fair price point considering the risks and hefty costs associated with a data breach.

Final Thoughts

When a hotel data breach occurs, guests won’t know or care that another company may be responsible.  They will come directly to the hotel for a remedy. The ENTIRE FINANCIAL BURDEN for notification costs, legal defense, and monetary settlement of all related claims may be borne directly by the hotel – if it does not have an appropriate cyber liability insurance policy in force.

To protect your hospitality assets, select and obtain cyber liability coverage that will address PCI fines, consumer notification costs, credit monitoring, and any government or regulatory action levied against your business in the event that a data breach is discovered.  Not all cyber policies include coverage for these areas, so it’s important for you to work with a qualified hospitality insurance broker. 

Securing proper cyber liability insurance coverage is a cost effective method for hoteliers to help mitigate the risks associated with owning and operating a hotel in today’s digital society. 

———————————————————————-

Brad Durbin is a Hospitality Insurance Specialist with Petra Risk Solutions. For questions about Hotel Cyber Liability or any other Hospitality Risk Solutions, contact Brad at bradd@petrarisksolutions.com.

Comments Off on Hospitality Industry Security Risks: Hotel "Cyber Liability Myths Exposed"

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Technology

Tagged as , , , , , ,

by | July 14, 2011 · 7:14 am

Hospitality Industry Guest Credit Card Security: Tips For Securing Hotel Computer Systems Against Credit Card Data Theft (Video)

[youtube=http://www.youtube.com/watch?v=iCmZ9DlrI9o]

Sue Zloth, is a member of the HFTP PCI Compliance Roundtable, provides key tips for securing guests’ credit card data at the 2011 Hospitality Industry Technology Exposition and Conference (HITEC) conference.

  • Change default passwords on all new information systems
  • Do not allow remote access into hotel computer systems
  • Minimize areas where credit card data is stored

Comments Off on Hospitality Industry Guest Credit Card Security: Tips For Securing Hotel Computer Systems Against Credit Card Data Theft (Video)

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft, Training

Tagged as , , , ,

by | July 5, 2011 · 8:22 am

Hospitality Industry Information Security Risks: Hotel Computer Systems Are Increasingly "Breached" Through "Privileged Users" Who Have Total Access To Sensitive Data

“..security breaches are still happening at an even more significant pace with more damaging results.  In the end, many of these advanced intrusions and data security breaches are focused on taking over access to the accounts and permissions of specific “privileged” users in an organization who have access to sensitive data…”

“…These privileged users are specifically targeted by outside hackers because they have proverbial keys to the kingdom, but in some cases the inside user themselves is intent on stealing or doing damage…” 

One solution that is emerging to this problem is to carefully monitor everything (e.g. every key stroke and every mouse click) that a privileged user does on the network, while also putting more granular limits on what they can do.  Basically “trust but verify,” with the goal being detecting any anomalies in a privileged user’s computing usage (e.g. why is this person downloading the source code at 3 a.m.?).  This is not uncommon as it relates to other privileged users in other jobs — the “Eye in the Sky” in the casinos in Las Vegas is equally monitoring the gamblers for cheating but is also monitoring the dealers, and at a bank the CCTV is not only looking for robbers but the teller slipping some money in their pocket.

Instructive of the value of this new approach is that immediately after its breach, the RSA division of EMC acquired private company Netwitness for a reported large premium.  Netwitness is known for analyzing user activity monitoring at the network layer.  In addition, the latest security vendor to file for an IPO, Imperva, has as its core solution the ability to monitor database access and usage by Database Administrators, another type of privileged user.

For more:  http://blogs.forbes.com/tomkemp/2011/07/05/as-hacks-proliferate-new-security-technology-emerges-to-monitor-privileged-it-users/

Comments Off on Hospitality Industry Information Security Risks: Hotel Computer Systems Are Increasingly "Breached" Through "Privileged Users" Who Have Total Access To Sensitive Data

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , ,

by | April 28, 2011 · 6:25 pm

Hospitality Industry Information Security Risks: Hotel Management Must "Encrypt All Confidential Guest Data" To Decrease "Public Exposure Of Data"

“…99% of businesses around the globe at present no longer store confidential information on their systems and 75% continuously complied with PCI requirements…”

“…encrypting confidential information will “shrink the card data environment,” thus a minimal to zero possibility of public exposure of these data…”

To prevent fraud, she proposed three ways for the card industry:

  • Widespread distribution of ‘smarter’ payment devices is one, where EVM (chip-and-pin) cards will be used
  • Smarter networks to stem the cyber crime before or when it happens
  • A cardholder authentication method such as two-factor authentication

“Visa’s global fraud rate recently hit a historic low – at just over 5 cents for every $100 transacted, down more than two-thirds from the levels of 20 years ago,” she added.

She urged the card industry to step up a bit more its security measures as most consumers believe cyber criminals are ahead of what’s already in place. According to Richey, 61% of consumers are of the opinion that the security measures of the card industry are one step behind cyber criminals.

Rather than keeping pace with cyber crime which would only exhaust resources, Richey proposed getting smarter as a better solution in combating fraud and protecting card data.

“We need to use all the intelligence we have at our disposal. I think that the opportunities to get smarter and fight fraud are all around us,” she said.

Richey, on the other hand, recognized the fact that these suggestions will be costly and will require tremendous resources.

For more:  http://inaudit.com/audit/it-audit/cyber-crime-vincible-through-smarter-technologies-visa-5856/

Comments Off on Hospitality Industry Information Security Risks: Hotel Management Must "Encrypt All Confidential Guest Data" To Decrease "Public Exposure Of Data"

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , ,