By Warren Dehan
Is your hotel’s data protected? What if your hotel lost access to its data overnight? A situation like this would be more than an inconvenience, it would threaten your hotel’s operations and negatively impact your business in a myriad of ways. Loss of access to data could be the result of an on-premises system crash, which will be inconvenient, but which can be brought back into operation reasonably quickly with the help of your PMS and IT teams. The more serious threat to hoteliers is ransomware attacks, and unfortunately, thanks to their rising prevalence, should be a real concern to hoteliers.
More than 500 million ransomware attacks were estimated to have been attempted by hackers in the first nine months of 2021, making last year the most expensive for data security on record. The only way hotels can defend themselves against these incursions is by practicing good data stewardship by diligently recording backups — and by educating your hotel’s staff about potential vulnerabilities going forward.
Ransomware is a category of malicious software designed to prevent users from accessing infected machines. Once infected, users find themselves unable to access their data and are prompted to pay a “ransom” to regain access to their files. While paying a hacker for access to your own computer is difficult to believe, impacted users are encouraged not to interact with the anonymous originator of the virus or provide payment. These activities will embolden hackers, enabling them to compromise further machines in the future and fail to guarantee your machines will remain safe from repeat hacks in the future.
Rather than play along with a hacker and hope they hold up their end of the bargain, the only reliable way to defend your property against a ransomware attack is to delete your files and restore to the most recent backup. That said, prevention remains the best cure.
A hotel’s first defense against ransomware is preventing it from gaining access to the property’s system. This can be difficult in the era of phishing scams, whereby hackers impersonate trusted sources in digital communications such as email in order to trick users. Phishing emails are often full of loaded links which, once clicked, are designed to provide hackers with unauthorized access to a business’ systems.
Phishing scams are effective when users are busy, stressed, or unable to pay attention to small details. Unfortunately, the current hospitality and labor environment is perfect for this type of exploitation to flourish. Hoteliers should exercise caution when interacting with suspicious accounts, or by refusing to click on links inside email exchanges that may not be trustworthy. For example, if a website sends a password change request directly to your email, users are urged to change their password directly on that website rather than navigating to the web address through any links in the email, bypassing potential attempts from hackers to steal passwords or other information.
As part of your data defense initiatives, it is also important keep your antivirus up to date and stay current with operating system and network security updates.
More sophisticated scams are appearing each year, with modern hackers using publicly available information about a hotel to trick members of its staff or guests into providing them with private guest information. Known as vishing scams (voice phishing), these cons, more akin to social engineering, impersonate hotel leadership to obtain guest credit card information, phone number, email, and even home addresses by engaging in deceptive phone conversations.
Employee training is the most crucial part of data security, as it can dissuade habits that could potentially open your property up to vulnerabilities. The goal of cyber security, after all, is to make accessing your property’s data more trouble than it’s worth, prompting hackers to move on in search of low-hanging fruit. This is important because every hotel across the industry, independent and branded, are potential targets for cyber scams and should have a plan in place should their property’s data become compromised.
Bring a Backup
So, you’ve been hacked; now what? In a best-case scenario, your property has a comprehensive data storage plan in place, which saves a fresh backup every night in addition to recording transaction log backups regularly throughout the day. Armed with this, a hotel could confidently delete its compromised data and restore to a backup, losing at most a handful of hours of business in exchange for cutting the hacker loose from your system. If you are hosted in your PMS provider’s cloud environment, your backups will be automatically done and managed, and better secured against these threats.
It’s easy to see how ransomware is a threat, but with a little extra strategizing behind your data protection strategy hotels can be better prepared to brush these attacks aside. Conversely, hotels without a way to properly retrieve or store backup data are complicating an issue that could leave them without months — or years — of data.
Hoteliers should speak with their PMS provider about setting up a data backup plan. Many of these plans can be automated, providing the confidence that hotels remain protected in the event of a ransomware attack. Thanks to data storage strategies such as these, disruptive and potentially expensive ransomware attacks can be avoided.
About the Author
Warren Dehan is the President of Maestro, the preferred cloud and on-premises PMS solution for independent hotels, luxury resorts, conference centers, vacation rentals, and multi-property groups. Maestro was first to market with a fully integrated Windows PMS and Sales & Catering solution and is continuing that trend with leading edge web and mobile based solutions. Platform and deployment independence present Maestro as an investment that will continue to grow and adapt as new technologies emerge.