Cybersecurity for hotels
Cybersecurity awareness and training, for managers and employees working in Swiss hotels and Swiss subsidiaries of hotel chains.
For decades, when we were using the words “hotel security”, we were usually referring to “physical security”. It was all about guest protection, locks, safes, and surveillance.
Guests and hotel employees today expect that the same level of protection extends to the digital assets that reside not only on their laptops and smartphones, but also on the hotel’s systems. Hotels are obliged to respect this expectation, especially after the new privacy regulations, including the General Data Protection Regulation (GDPR) and the revised Data Protection Act (DPA), which must be equivalent to the GDPR.
Swiss hotels and Swiss subsidiaries of hotel chains must comply with cyber security and privacy laws and regulations, and must follow international standards and best practices that protect their guests and employees.
A new cybersecurity culture is necessary. It refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms, values and expectations of hotel guests regarding cybersecurity.
Cybersecurity awareness for all managers and employees of a hotel is necessary, in order to make information security considerations an integral part of an employee’s job, habits and conduct, embedding them in their day-to-day actions.
We tailor the program to meet specific requirements. You may contact us to discuss your needs.
The program is beneficial to all managers and employees working in Swiss hotels and Swiss subsidiaries of hotel chains.
- Important developments in the hospitality industry after the new privacy regulations, including the GDPR and the revised Data Protection Act (DPA).
- Understanding the challenges.
- Hotels, and the report from the Federal Intelligence Service (FIS), “Switzerland’s Security 2018”.
- Hotels, and the report from the Federal Council, "National Strategy for the Protection of Switzerland Against Cyber Risks".
Who is the “attacker”?
- Countries, competitors, criminal organizations, small groups, individuals, employees, insiders, service providers.
- Hacktivists and the hotel industry.
- Professional criminals and information warriors.
How they attack hotels?
- Step 1 – Collecting information about persons and systems.
- Step 2 – Identifying possible targets and victims.
- Step 3 – Evaluation, recruitment and testing.
- Step 4 - Privilege escalation.
- Step 5 – Identifying important clients and VIPs.
- Step 6 – Critical infrastructure.
Employees and their weaknesses and vulnerabilities.
- Employee collusion with external parties.
- Blackmailing employees: The art and the science.
- Romance fraudsters and webcam blackmail: Which is the risk for the hotel?
Specific risks for the hospitality industry, and best practices to protect the hotel.
- What guests need, and which are the cyber risks?
- a. Speed and convenience.
- It is difficult to balance speed, convenience and security.
- b. Effective and efficient web site and reservation system.
- Examples of challenges and risks.
- c. Great customer service.
- Example - how it can be exploited.
- d. A nice room and housekeeping.
- Example - “The cleaning staff’s hack”.
- e. Food, drinks and entertainment.
- Point-of-sale (POS) fraud and challenges.
- Credit card cloning.
- f. Internet access.
- Honeypots, rogue access points, man-in-the middle attack.
- g. Security.
- Unauthorized access is a major problem, and social engineering is a great tool for attackers.
- h. Privacy.
- The hotel industry is considered one of the most vulnerable to data threats.
- i. Money (if they can sue the hotel for negligence…).
What must be protected?
- Best practices for managers and employees in the hospitality industry.
- What to do, what to avoid.
- From customer satisfaction vs. cyber security, to customer satisfaction as the result of cyber security.
- The DarkHotel group.
- Trojan Horses and free programs, games and utilities
- Reverse Social Engineering.
- Common social engineering techniques
- 1. Pretexting.
- 2. Baiting.
- 3. Something for something.
- 4. Tailgating.
- Clone phishing.
- Whaling – phishing for executives.
- Smishing and Vishing Attacks.
- The online analogue of personal hygiene.
- Personal devices in the hotel.
- Untrusted storage devices.
- Romantik Seehotel Jägerwirt.
- What has happened?
- Why did it happen?
- Which were the consequences?
- How could it be avoided?
- Closing remarks and questions.
Our catalog, instructor-led training in Switzerland, Liechtenstein, and Germany: www.cyber-risk-gmbh.com/Cyber_Risk_GmbH_Catalog_2019.pdf