Why Hotels Should Always Secure WiFi Networks

Internet connectivity is no longer an amenity. It has become an integral part of travelers’ daily lives and a basic expectation.”

Kristine Rose, Vice President of Brands Hyatt Hotel Group

Offering WIFI to hotel guests is no more an exclusive privilege hotels’ offer their guests. High-speed internet is the backbone for any hotel that offers a technology-assisted guest experience. From smartphones & tablets to smart room amenities everything is connected to enhance the guest technology experience.   

Cybersecurity in hotels remains one of the hottest debates in hospitality. The 2019 HITEC Minneapolis conference was also dominated by discussions on hotel technology security. Still, to this day, a lot of hotel owners disregard the need for WIFI security in hotels, oblivious to what is at stake. 

Today, hotels’ internet security is a strategic matter than involves proper policy making and guidelines formulated by experts. You will definitely notice the sheer number of articles from prominent data security providers (mostly VPN services) that simply judge hotel WIFI to be a pool of cybercriminals. 

Obviously, the above statement is partially true stating historical cybercrime events like the Starwood Hotels and the Guangzhou Hotels cases. But with the evolution of cybercrime techniques, also come evolved security essentials for robust data security in hotels. 

“A lot of the former risks, the reasons we used to warn people, those things are gone now,” … “It used to be because almost nothing on the internet was encrypted. You could sit there and sniff everything. Or someone could set up a rogue access point and pretend to be Hilton, and then you would connect to them instead of the hotel.”     

Chet Wisniewski, Principle Researcher at Sophos 

Why Should Hotels Offer Secured WIFI 

Hotel internet security & data protection is the express responsibility of owners and management. There are a plethora of reasons that demand reinforced cybersecurity in hotels to ensure both guests’ data and their devices are completely secured. 

Man in the Middle Attacks 

A popular cyberthreat historically at hotels, this what is commonly called the “Man in the Middle” attack. Here is how the experts at Norton Internet Security explain it: 

… Let’s say you received an email that appeared to be from your bank, asking you to log in to your account to confirm your contact information. You click on a link in the email and are taken to what appears to be your bank’s website, where you log in and perform the requested task.

In such a scenario, the man in the middle (MITM) sent you the email, making it appear to be legitimate. (This attack also involves phishing, getting you to click on the email appearing to come from your bank.)

He also created a website that looks just like your bank’s website, so you wouldn’t hesitate to enter your login credentials after clicking the link in the email. But when you do that, you’re not logging into your bank account, you’re handing over your credentials to the attacker.

Phishing Attacks 

These remain the most common attacks on hotels since they are delivered through a simple email. A Phishing attack is conducted by delivering a malicious link through an email with the capability of imitating the receiver and sending out further phishing links to their contact lists. 

The criminal sends out very convincing emails to unsuspecting hotel staff and guests, to later breach their devices. In recent times, these attacks have evolved and cybercriminals now target high ranking individuals at hotels to convince recipients that the link is indeed official. 

Ransomware 

Ransomware is becoming a popular way to hold data and hotel technologies hostage at hospitality businesses. In such attacks, cybercriminals breach unsecured hotel hardware and encrypt the data on these devices. Once everything is inaccessible, the hackers send out a demand for money that must be paid out to receive the decryption key for the data. 

The WannaCry ransomware was possibly one of the darkest examples of these types of attacks. Being one of the victims of data loss, work completed over 4 years to be exact, it was a devastating moment to never recover years of work at my first job. 

POS Hacks

A point of sale attack is the most catastrophic for hotels when looking at cyberattacks financially. These attacks are the primary reason that hotels are the second most breached businesses in the world today. 

A POS attack is not directed on the hotel itself, it is launched against the 3rd party vendor providing the payment gateway like VISA and MasterCard. Usually caused by human error or a deficiency in security measures, this attack can expose hotels in the press and also lead to financial consequences.   

DDoS Attacks 

Distributed Denial of Service attacks used to be a common cyber threat for all types of businesses across the world. Their purpose to completely render a website, portal, app, or web server useless by sending out requests to access by thousands per second. When the web service is unable to cater to so many requests per minute it simply shuts itself down and goes offline. 

The more worrisome part is that once hackers have taken down a hotel server, they also get access to various I.T. connected systems like security scanning, signage, self-check-in machines, cameras, POS machines, and room technologies. 

How can Hotels Secure Their WIFI Networks

Although the variety and frequency of cyber attacks on hotels are increasing, so is the interest of hotel owners to secure their properties and wireless connections. Cybersecurity solutions provider Netsurion establishes the following suggestions to hotel owners for effective cyber security in hotels: 

• Antivirus & Internet Security Software 

A corporate security suite with both detection and protection capabilities is essential for all modern hotels. These are vital in identifying and blocking off most common attacks. Hotel owners should ensure that this software is kept updated and should be available on all hotel hardware that has access to local data.  

A great aspect of these security suites is their combined features to protect user devices, internet activity, emails, monitor trojan & DDoS, identify phishing links, and automatically keep the virus database updated. Many cybersecurity companies now offer top tier enterprise solutions to hotels, with added features to address the 24 hour needs of these businesses.   

• Managed Technology Security Partner 

A managed technology provider is essential for the security and compliance of all connected hardware, software, and other technologies at hotels. The diverse landscape of technology at hotels demands a professional touch when it comes to securing these systems. 

A managed I.T. partner can offer excellent tech insights, recommendations on securing technology, offer compliance advice, map out a protect network design, provide internet support to guests, and maintain the integrity of your hotel technology with 24/7 monitoring. 

These experts are equipped with all necessary knowledge to secure hotel technologies, in addition to anticipating evolved attacks in the future. A managed technology company can easily organize staff training, conduct routine maintenance, and deliver all important observations in meaningful reports to hotel owners. 

• Employee Training 

Employee training remains one of the more crucial aspects of managing and securing hotel technology, especially the ones that record guest data. Handling devices, managing office computers, authorizing access, making payments, etc. all require careful handling of data and ensuring that the device being used is secure. 

Routine training is essential for hotel staff to grasp the concept of data protection laws and the significance of cybersecurity tools. Staff should be trained when new tools are integrated, new systems are deployed, and new authorization policies are enacted.  

• PCI Compliance for Payment Systems  

PCI Compliance is simply, NECESSARY. There is no other way to ensure payment security on POS machines than the 12 guideline Payment Card Industry compliance standards. The guidelines establish 12 areas that a business should strategize to ensure complete payment card and personal card user data. 

To read more about PCI compliance have a look at our official summary of the compliance standard.   

Conclusion 

I hope you enjoyed this edition of our cybersecurity blogs. For more interesting reads, the latest news, insights, and trends visit us again soon. Remember to share our blog if you liked it and be sure to contact our amazing technology consultancy team for interesting cybersecurity advice.