Unwrapping security for the holidays: 4 tips for cybersecurity in hospitality

Cybersecurity might seem tough to understand. The things hackers can do might seem like magic if you don’t know a lot about computers and networks. But it’s not magic, it’s simply a crime. Even if you don’t get how they do it, you can understand why & when. It’s like any other crime. There are basic things that criminals do to improve their chances of success. One big way is catching people off guard when they’re busy, which is easier during the holiday season.

A con artist will talk about ‘thing A’ to get you interested in ‘thing B’ (the con). A burglar will set up a distraction so they can sneak past the guard. Subterfuge is a staple of the criminal’s tool kit. For those in the hospitality industry, the holiday season is a very busy time. It’s not just the guest traffic either. Many locations will have elaborate decorations, promotions, and events to host. This can mean more staff working and an influx of new faces as well. Criminals understand this opportunity and look to exploit it. Everyone who was at Nakatomi Tower for that holiday party in 1988 knows what I’m talking about.

Hyper-vigilance is necessary during these times. Paying more attention to things that seem suspicious needs to be second nature. When it comes to hackers, who may not be in the building, state, or even the same country, what do you look for? How do you protect yourself against what you cannot see? If you do know what to look for, what can you do about it?

Here are 4 tips you can use to protect your business this holiday season and beyond:

1. Employee Training.

People are the number one target for hackers to exploit. Educate every employee on how hackers may attempt to manipulate them. They will use them to gain access to your business and data. Email phishing shows what appears to be a legitimate email with fake links. Those links lead to hackers getting passwords or access to your systems and data. Email is not the only method. They will also use text messaging, social media, phone calls, and even face-to-face interaction. When your employees know what to look for, they are improving the security of your business. There are many tools and services available. Most can be easily used across many systems (web, mobile, computer-based, etc…). Look for ‘cybersecurity awareness training’ products & services.

2. Protect your technology.

The technology you use today is much more advanced than the systems of the past. Hackers love complexity, especially when it’s not managed. It’s important to have the right controls in place. The days of needing only anti-virus on PC’s are gone. You need a better baseline for security. Having technology like Endpoint Protection and Network Security is the new foundation. There are consumer and business versions of these. They are commonly used for IT & Security teams in the corporate world.

3. Internet & email security.

It’s important to stop employees from visiting harmful websites. This can prevent malicious activity from emails or other methods. It can also protect against insider threats, intentional or accidental. These controls are not the same as network security (above). You will find some companies do offer both. These controls focus on what your employees can see online. This can lower the chances of a data breach by preventing access to false links. You can configure controls on browsers and operating systems (Windows or macOS). However, for improved protection, you want internet & email security in place. This technology controls and protects web traffic for everyone on your network.

4. Incident Response.

If you can’t check in guests, process credit cards, take reservations, or receive phone calls, then you are losing money and upsetting guests. When a hacker breaks in, this is the result. Though many means they can stop your business in its tracks. Recovery requires very specialized skills. These skills help to identify, contain, and repair your systems. These are not skills a typical IT team will have. Even many large enterprise security teams don’t have them. These specialized skills reside on what is called an “Incident Response” or “IR” team. IR teams are busy, and you need to know who you’ll use before you need them. You can’t wait until the incident to look and contract one. You cannot let your business stop functioning for days or weeks. The solution here is an “IR Retainer” with a trusted partner. This locks in that team for you to use when needed. This ensures you have the right skills working on recovery and clean up.

With any of this, you may find it difficult to find, choose, or manage any of it. If that’s the case, reach out to a trusted partner for guidance. Most of these will be available “as a Service”, “Managed Services”, or “Managed Security Services.” In hospitality, it’s common to choose this option. Consider these as an easy, cost-effective way to improve your security. It gives you the protection you need without the headache of managing it. Often, pre-vetted partners are available through a franchise corporation, cybersecurity insurance, or another technology partner. Reach out, as you may have trusted partners already available. Seek them out and start addressing security today.