Given the volume of personal data routinely collected by restaurants, spas and fitness centres, the very nature of the hospitality industry makes it particularly vulnerable to experiencing a cyber-related security incident.
In light of recent events, such as the PayAsUGym attack in 2016 that saw one of their servers hacked, with around 300,000 user email addresses and passwords compromised, hospitality operators should take measures to understand the risks of cybersecurity as well as the obligations they hold as a reputable business, in order to protect their customer’s personal and financial data.
Without adequate precautions put in place to minimise the risk of a breach, operators leave both their reputation and ultimately the success of their business on the line. Failing to put necessary preventative measures in place runs the risk of a business receiving regulatory fines and suffering irreparable damage to brand reputation.
Keep reading our guide to cyber-related incidents in the hospitality industry at Ashley Page, as we highlight the most common causes of a cybersecurity breach and what hospitality industries can do to identify and minimise the loss of data and operational capacity.
The threat of operating online
Hospitality organisations such as health spas, fitness centres, restaurants and hotels frequently operate online, either through digital booking systems, check-in services or online management of gym memberships. However, by operating online, organisations using online servers are potentially leaving themselves vulnerable to various security threats and attacks. In recent breaches, point-of-sale systems (such as online reservations, check-in desks and bar tills) were the focus area for cybercriminals, where malware was installed to acquire customers personal financial details, as well as cardholder names and expiration dates. POS systems are relatively weak areas that cybercriminals often choose to manipulate, due to the nature that these systems are constantly in use, which means they are often overlooked and not updated with adequate security barriers as often as they should be. If left without proper cybersecurity measures in place, these systems can be exploited and all data held on servers can fall into the hands of malicious cybercriminals.
Customers’ personal information is just one of the wider concerns for businesses in the hospitality industry. Especially if a business is part of a wider franchise group with access to a regional or global data system – as this can then cause a mass breach that can cost the entire company greatly, even if only a singular system is initially affected. One of the most common cybersecurity threats to the hospitality industry involves bot-based attacks, that are mostly referred to as Distributed Denial-of-Service (DDoS) attacks. Akamai’s latest security report documents that businesses have seen a 16% increase in the number of DDoS attacks recorded since 2017.
What are DDoS cybersecurity threats
DDoS cybersecurity threats are a malicious attempt to disrupt your business’s normal level of traffic to a targeted server. This is a major threat for hospitality businesses operating online and storing customer data on the internet, as customers credentials, such as identities, addresses and financial details can be captured online and exploited. Once a site has been flooded with malicious traffic and the attacker manages to gain control of an operating network, attackers are then able to infect your site with malware, which can then target your customers IP address and compromise your customer’s personal data.
The risk of DDoS attacks across the hospitality industry continues to rise as the world grows increasingly connected and enterprises should take proper precautions to ensure their sensitive data and company assets are protected from the risk of a breach. Not only does this type of cybersecurity threat have the ability to completely disrupt a company’s server, but it could also cost a business greatly, due to both potential fines as well as the loss of online business whilst servers are down. DDoS attacks are very serious as they can affect several touch points in a hospitality business’s premises and extract personal data which could result in compromising victims’ privacy through identity theft, credit card fraud and more.
How to prepare for a cybersecurity incident in the hospitality industry
In order to prepare for a cyberattack, because of the unique and damaging vulnerabilities, cyber threats pose to a business owner, the most reliant way to handle a breach is to ensure that business owners have preventive measures in place, as well as being covered with an appropriate level of insurance.
Investing in these services minimises the risks that come with experiencing a cyber attack ensuring that should you fall victim to one, you’re covered by insurance and also know what steps to take in order to cope with the consequences. Without some form of cybersecurity insurance, businesses are liable to cover all damage and reputation control costs involved, which could be detrimental to a business and its success.
Although you can’t protect yourself 100% from the threat of a cyberattack due to the complex and ever-evolving nature of threats, you can implement a robust risk management plan that can help with prevention, detection and response time. Alongside cyber insurance, having a cyber risk management plan in place can ensure business owners are well equipped to manage the threat of a cyberattack, as well as the potential consequences that may arise as a result.
Cybersecurity insurance at Ashley Page
At Ashley Page, we understand the importance of taking proper precautions to ensure that business assets are protected from the risk of a cybersecurity breach. Because of these highly advanced, targeted DDoS bot-attacks and the potentially damaging consequences involved, we recommend business owners in the hospitality industry take necessary steps to make sure systems are secured and customers’ personal information is safeguarded.
At Ashley Page, we can offer business owners expert advice and match you with a unique cyber insurance solution that offers the right amount of cover. Ultimately, expert knowledge and the right cover can help to protect a company following any harmful threats and cover costs and damages, to quickly get your business back up and running in the event of a breach. Our award-winning cyber insurance is both comprehensive and straightforward, so business owners have peace of mind that their business and customers are protected, should the worst happen.
As well as providing award-winning cyber insurance, our team of experts at Ashley Page can provide business owners with an individually tailored cyber risk management plan, to reduce the likelihood of experiencing a cyber-related incident. Joining forces with cyber risk management company, Risk Factory, Ashley Page can create a comprehensive cybersecurity model that covers all your business’s cyber needs. Our experts pride themselves on helping and supporting business owners and regularly work with companies to create strategic cyber safety policies. Get in touch to receive your Cyber Risk management quote today.