This is personal: Cybersecurity and the hospitality industry

By Lena Combs, HLB's Global Hospitality & Leisure Industry Leader

The hospitality industry has been a prime target for cyberattacks in recent years. From ransomware to data breaches, hotel chains and other businesses in the hospitality industry have experienced a variety of attacks. And unfortunately, things seem to be getting worse. In the past few months, there has been a significant increase in cyberattacks targeting private industry networks. This is likely because so many people are now working from home during the pandemic. 

Cybercriminals see this as an opportunity to exploit vulnerabilities and gain access to sensitive information. As a result, businesses in the hospitality industry need to take a fresh look at their cybersecurity measures and ensure they are up-to-date and effective. 

Why is cyber security of utmost importance to the hospitality industry, and what are a cyber attack's potential risks and impacts?

The hospitality industry is one of the most vulnerable industries to cyber attacks for several reasons. First, hospitality businesses deal with large amounts of Personally Identifiable Information (PII), including credit card information and contact details of customers. This data is precious to criminals and is often poorly protected by hospitality businesses. Second, the hospitality industry relies heavily on technology, creating additional attack surfaces for criminals to exploit. For example, many hotels use electronic key cards that can be easily hacked. Finally, the hospitality industry is often slow to adopt new security measures, leaving it behind the curve in protecting against emerging threats and scams.  

A cyber attack can also lead to financial losses and reputational damage. In some cases, a cyber attack can even result in physical damage to property or injuries to people. Although there is a significant risk, there are strategies that can drastically reduce the impact of cyber attacks. 

What are some of the most common cyber attacks on the hospitality industry, and how can they be prevented?

One type of attack is known as malware injection. This occurs when malicious software is injected into a hotel's or restaurant's computer system. The malware can then be used to steal customer data or take control of the system. However, there are steps that hospitality businesses can take to prevent and mitigate malware attacks. For example, ensuring that only authorized personnel have access to computer systems can help to prevent unauthorized individuals from installing malware under false pretenses. In addition, keeping computer systems updated with the latest security patches can help to close off potential entry points for attackers. 

Another type of attack is known as phishing. This involves sending fraudulent emails to hotel or restaurant employees to get them to disclose sensitive information like passwords or credit card numbers.  

Finally, there are denial-of-service (DoS) attacks. These attacks occur when hackers flood a hotel's or restaurant's computer system with requests, overwhelming it and causing it to crash. 

Fortunately, there are steps that the hospitality industry can take to protect itself from these types of attacks, including investing in robust cybersecurity solutions, educating employees about cybersecurity risks and best practices, which can help reduce employee mistakes that could lead to an attack, and staying up-to-date on cybersecurity threats and trends. 

Protecting your hotel's computer systems from hackers

Following GDPR guidelines

To protect themselves, these businesses need to follow GDPR guidelines (General Data Protection Regulation), a set of regulations that European Union member states must implement to protect digital data privacy. These guidelines help hospitality businesses put into place robust security measures that will help to protect their customer data from cybercriminals. GDPR also requires businesses to notify customers if their personal data has been compromised, which will help to limit the damage caused by an attack. 

Implementing strong passwords and security measures to keep your data safe 

The most important thing you can do is to use a unique password for each account. This may seem like a lot of work, but it's the only way to ensure that your data is safe. You should also use a mix of upper and lower case letters, numbers, and symbols in your passwords. In addition, you should change your passwords regularly and never reuse a password.  

Backing up your data regularly in case of an attack or system failure

This ensures that if an attack does occur, critical information can be recovered quickly. Additionally, it is important to keep software updated with the latest security patches. Many attacks exploit known vulnerabilities, so by staying up-to-date, businesses can make it more difficult for attackers to access their systems. 

Hospitality Businesses can Protect Themselves by Being Proactive and Adhering to GDPR Guidelines

While the hospitality industry has been hit hard in the past by data breaches, there are steps that businesses can take to protect themselves. Perhaps the most crucial step is to ensure that all data is protected following GDPR guidelines. This includes encrypting data, using secure servers, regularly backing up information, and developing a plan to respond during a data breach. 

Contact HLB Global today to learn more about how they can help your business stay safe from cybercriminals. 


Sign up for HLB insights newsletters