Cybersecurity for hotels
Cybersecurity awareness and training, for managers and employees working in Swiss hotels and Swiss subsidiaries of hotel chains.
For decades, when we were using the words “hotel security”, we were usually referring to “physical security”. It was all about guest protection, locks, safes, and surveillance.
Guests and hotel employees today expect that the same level of protection extends to the digital assets that reside not only on their laptops and smartphones, but also on the hotel’s systems. Hotels are obliged to respect this expectation, especially after the new privacy regulations, including the General Data Protection Regulation (GDPR) and the revised Data Protection Act (DPA), which must be equivalent to the GDPR.
Swiss hotels and Swiss subsidiaries of hotel chains must comply with cyber security and privacy laws and regulations, and must follow international standards and best practices that protect their guests and employees.
A new cybersecurity culture is necessary. It refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms, values and expectations of hotel guests regarding cybersecurity.
Cybersecurity awareness for all managers and employees of a hotel is necessary, in order to make information security considerations an integral part of an employee’s job, habits and conduct, embedding them in their day-to-day actions.
We tailor the program to meet specific requirements. You may contact us to discuss your needs.
The program is beneficial to all managers and employees working in Swiss hotels and Swiss subsidiaries of hotel chains.
Half day (09:00-13:00). We can tailor the program to meet specific requirements.
George Lekatis. His background and some testimonials:
- Important developments in the hospitality industry after the new privacy regulations, including the GDPR and the revised Data Protection Act (DPA).
- Understanding the challenges.
- Hotels, and the report from the Federal Intelligence Service (FIS), “Switzerland’s Security 2018”.
- Hotels, and the report from the Federal Council, "National Strategy for the Protection of Switzerland Against Cyber Risks".
Who is the “attacker”?
- Countries, competitors, criminal organizations, small groups, individuals, employees, insiders, service providers.
- Hacktivists and the hotel industry.
- Professional criminals and information warriors.
How they attack hotels?
- Step 1 – Collecting information about persons and systems.
- Step 2 – Identifying possible targets and victims.
- Step 3 – Evaluation, recruitment and testing.
- Step 4 - Privilege escalation.
- Step 5 – Identifying important clients and VIPs.
- Step 6 – Critical infrastructure.
Employees and their weaknesses and vulnerabilities.
- Employee collusion with external parties.
- Blackmailing employees: The art and the science.
- Romance fraudsters and webcam blackmail: Which is the risk for the hotel?
Specific risks for the hospitality industry, and best practices to protect the hotel.
- What guests need, and which are the cyber risks?
- a. Speed and convenience.
- It is difficult to balance speed, convenience and security.
- b. Effective and efficient web site and reservation system.
- Examples of challenges and risks.
- c. Great customer service.
- Example - how it can be exploited.
- d. A nice room and housekeeping.
- Example - “The cleaning staff’s hack”.
- e. Food, drinks and entertainment.
- Point-of-sale (POS) fraud and challenges.
- Credit card cloning.
- f. Internet access.
- Honeypots, rogue access points, man-in-the middle attack.
- g. Security.
- Unauthorized access is a major problem, and social engineering is a great tool for attackers.
- h. Privacy.
- The hotel industry is considered one of the most vulnerable to data threats.
- i. Money (if they can sue the hotel for negligence…).
What must be protected?
- Best practices for managers and employees in the hospitality industry.
- What to do, what to avoid.
- From customer satisfaction vs. cyber security, to customer satisfaction as the result of cyber security.
- The DarkHotel group.
- Trojan Horses and free programs, games and utilities
- Reverse Social Engineering.
- Common social engineering techniques
- 1. Pretexting.
- 2. Baiting.
- 3. Something for something.
- 4. Tailgating.
- Clone phishing.
- Whaling – phishing for executives.
- Smishing and Vishing Attacks.
- The online analogue of personal hygiene.
- Personal devices in the hotel.
- Untrusted storage devices.
- Romantik Seehotel Jägerwirt.
- What has happened?
- Why did it happen?
- Which were the consequences?
- How could it be avoided?
- Closing remarks and questions.
For in-house instructor-led training, delivered at your premises (any location in
Switzerland), the all-inclusive cost is CHF 5'000 for 1-20 participants, and CHF
200 for each additional participant (over 20 participants). Instructor travel expenses and all other expenses are included in program price and will not be
billed separately. For instructor-led training in other countries, you may contact us.
In-House Instructor-Led Terms and Conditions, Cancellation Policy
1. An invoice will be sent to the client after the training, and must be paid up to 30
days after the last date of the training. No upfront payment is required.
2. Cancellation from the client less than 72 hours before the scheduled start date will be subject to a cancellation fee of CHF 2'500.
3. Cancellation from the client 3-10 days before the scheduled start date will be subject to a cancellation fee of CHF 1'250.
4. Cancellation from the client more than 10 days before the scheduled start date will not be subject to any cancellation fee.
5. Force Majeure - Neither the client nor Cyber Risk GmbH shall be liable to any penalty should courses be cancelled due to war, fire, strike lock-out, industrial action, accident / illness of the instructor, civil disturbance, or any other cause whatsoever beyond their control.
6. In the unlikely event of a cancellation by Cyber Risk GmbH, any payment made for the cancelled class will be refunded. The client understands and agrees that Cyber Risk GmbH shall not, in any way, be held responsible for any costs, including loss of airfare or other transportation costs, hotel expenses or other damages, which the client may suffer if Cyber Risk GmbH cancels a class.
Our catalog, instructor-led training in Switzerland, Liechtenstein, and Germany: www.cyber-risk-gmbh.com/Cyber_Risk_GmbH_Catalog_2018.pdf