The hospitality industry’s long-term success depends on its ability to adapt to new trends and technologies and mitigate threats to business continuity, such as natural catastrophes and criminal activity, especially cybercrime.
Expanding technology-based services like online delivery and remote guest check-in that became popular during the pandemic has given hackers greater access. The hospitality industry is the third most targeted by cyber criminals, largely because of the amount of personal and financial data that resorts, hotels and restaurants store in their databases. Most major hotel and restaurant franchises now require franchisees to have some level of cyber insurance, but obtaining coverage is difficult and expensive. Underwriters will look for hospitality businesses with proven cybersecurity protections like cybersecurity audits, multifactor authentication, and employee training.
Cyber-attacks are not relegated to certain hours, operating environments, or location. The hospitality industry is especially vulnerable due to various required brand partner software or networks, influx of customers that could be the attackers, high staff turnover rate, and the multitude of vendors required to run your operation.
When addressing concerns about your operation’s online safety, the first step is to acknowledge the existing cybersecurity risks that expose an organization to a hacker’s malicious attacks. Some of the most common cyber risks and threats for businesses are:
– Data breaches: A data breach exposes confidential, sensitive, or protected information to an unauthorized person who then views or shares the files in the data breach without permission. Individuals, businesses, and governments can be at risk of a data breach and put others at risk if they are not protected. Data breaches happen most often because of weaknesses in technology or in user behavior and are not always caused by an outside hacker.
– Malware: Malware is malicious software that cybercriminals insert into a company’s web pages or web files after they’ve penetrated the business’s site. Bad actors then use malware to steal sensitive corporate data, including customers’ personal information. Malware can also redirect a company’s web pages to other sites and insert pop-up ads onto a company’s web pages or website.
- Best practices to avoid a data breach include: Patching and updating software, high-grade encryption for sensitive data, upgrading devices when a manufacturer no longer supports software, enforcing “bring your own device” security policies, enforcing strong credentials and multi-factor authentication, and educating employees on best security practices and ways to avoid socially engineered attacks.
– Ransomware: Ransomware is malicious software that gains access to sensitive information within a system, encrypts the information so the user cannot access it, and then demands a financial payout for the data before it is released.
– Phishing: Phishing is a cybercrime in which a target is contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The phished information is then used to access important accounts and can result in identity theft and financial information.
As the cost of data breach recovery continues to rise each year, it’s hardly difficult to recognize the cost benefits of protecting a business from cyber risks by properly training staff and enforcing up-to-date best practices for cybersecurity.
Employees can be your best defense against a cyberattack, but also among the easiest targets for cyber criminals. Giving your employees proper cyber risk training can help limit the impact of an attack.
Here are ten steps to help your employees become savvy cyber defenders:
- Educate employees on your data incident reporting procedures.
- Teach your employees how to identify suspicious emails and links:
- Develop a list of trending email scams.
- Train your employees to create strong passwords.
- Instruct employees to lock their computers and to back up data.
- Instruct employees to use only authorized software.
- Teach your employees to understand their role in data security.
- Train employees to be conscientious about email usage.
- Educate employees on the proper use of social media for work
purposes. - Share your mobile device policy.
Working with a knowledgeable insurance specialist, who understands these emerging risk and compliance exposures and negotiates coverage that is customized towards your needs, is key in procuring protection and preventing additional disruption to your business.
