Category Archives: Theft

Tech experts clarify ins and outs of door lock security

Hotel guestroom door locks and keycard systems that are connected to the internet pose security risks, technology experts say, but there’s also some widespread misconception about the nature of those risks.

hotel door key lock

The physical and digital security of hotel guestroom door locks has been a hot topic in the news lately, with the sometimes-sensationalized story of a hacker who extracted a ransom for a hotel’s keycard system.

For some clarity on the issue, Hotel News Now reached out to tech experts who explained what can and can’t happen with electronic door locks, what is vulnerable and how hoteliers can protect their properties and their guests from hackers.

Improved security
Guestroom door locks were traditionally treated as a piece of equipment maintained by a maintenance/building facilities engineer, said Armand Rabinowitz, senior director of strategy and workgroups at Hotel Technology Next Generation. This employee didn’t tend to be well-versed in technology unless they happened to be so for another reason, he said.

“That has changed as the position has become increasingly more technical,” he said. “Ten years ago, electronic locks didn’t need to be, nor were (they) connected to the internet.”

Locks were connected to an encoder or local serial connection, he said, which is a basic protocol that doesn’t travel across internet-connected devices. The physical protocol became outdated as hotels moved to IP-based connections, he said, which requires hoteliers to be careful in how they implement the system.

Everything at Greenwood Hospitality’s properties is on a guarded back-office, closed network, said Paul Wood, VP of revenue generation. The network is scanned for malware and viruses, he said. Locks are sequenced with encoders, he said, and this is a safe process as long as hotels have the system set up correctly.

The code connects the guest key with the lock, he said. Once it hits checkout time, the sequence says it’s time, and the keycard access shuts off.

“From a safety factor/feature perspective, it’s been this way more than 20 years,” he said. “The industry has it down pat.”

Systems today have a long history in the industry, Rabinowitz said, and they’re widely adopted in the world. In most cases, the communication protocols between online door locks are so limited that to transmit a code that would constitute a virus is challenging, if not impossible, he said.

“There would have to be a physical compromise to the point of replacing parts, rendering it unusual by the existing system,” he said.

Training and policies
Hotel managers should treat a door lock system like any other valuable IT asset, Rabinowitz said. That means ensuring all implementation security standards have been put in place for both physical and remote access, he said. There also should be an update process to ensure the system is running on the latest software, he said, and antivirus and security software must be installed on all machines that touch or run any of the lock system-based software.

Click here to read more about Hotel News Now Tech Impact Report Article

 

Comments Off on Tech experts clarify ins and outs of door lock security

Filed under Hotel Industry, Hotel Security, Liability, Risk Management, Technology, Theft

The Ransomware Dilemma: Is Paying Up a Good Idea?

The ongoing fight against ransomware attacks and the cyber criminals perpetuating this menace is more than a full-time job. In a cyber world without boundaries, ransomware has become a worldwide problem where no organization is immune to victimization.

According to some security experts, the first known reports of ransomware attacks took place in Russia in 2005. Over the past 10 years, these attacks have spread to all corners of the globe, successfully targeting hundreds of thousands of business systems and home PCs. And, the effects are mounting: the FBI reported ransomware-driven losses of $18 million over a 15-month period in 2014 and 2015.

The way ransomware works is by making an infected device unusable by locking the screen or system, encrypting its data and then demanding a ransom to unlock and decrypt this data. In some cases, once the user’s PC is infected, the ransomware also displays threatening messages disguised as coming from a law enforcement agency in order to appear credible while intimidating the PC owner. Payment is usually demanded in the form of bitcoins, a virtual currency that is untraceable.

ransomware

This is apparently what happened at Hollywood Presbyterian Medical Center in California in early February 2016 when it fell victim to malware, which locked the hospital’s computer infrastructure. According to reports, to remain operational and continue providing patient care, the hospital was forced to use “old school” methods including paper records, faxing, and good old-fashioned pen and paper.

In a letter regarding the attack, following a bitcoin payment of $17,000, hospital CEO Allen Stefanek stated “…The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

Click here to read the entire article: http://bit.ly/2c6mdvh

Comments Off on The Ransomware Dilemma: Is Paying Up a Good Idea?

Filed under Business Interruption Insurance, Claims, Crime, Hotel Industry, Insurance, Management And Ownership, Privacy, Technology, Theft

Join Petra Risk Solutions at CH&LA’s S.A.F.E Forum & Expo

Petra CH&LA SAFE

Register today at CH&LA

Comments Off on Join Petra Risk Solutions at CH&LA’s S.A.F.E Forum & Expo

Filed under Conferences, Crime, Guest Issues, Hotel Employees, Hotel Industry, Risk Management, Theft, Training

Successful Education Session at CH&LA SoCal Conference

Petra Risk Solutions had a successful education session at CH&LA‘s SoCal Conference. Todd Seiders, CLSD, Director of Risk Management, presented “Today’s Safety & Security Challenges for Hotels”. Over 100 people attended! They walked away educated and with a better understanding on how to handle phone scams, human trafficking situations, renting hotel room to minors, ADA scams, and the recent Erin Andrews/ privacy ruling.  Todd CH&LA NoCal & SoCal conference

Comments Off on Successful Education Session at CH&LA SoCal Conference

Filed under Claims, Conferences, Crime, Guest Issues, Hotel Employees, Hotel Industry, Hotel Restaurant, Insurance, Risk Management, Theft

Insurance Helps Protect Against Data Breach Fallout

data

Joshua Gold of Anderson Kill speaks about the different types of insurance coverage to protect against data breaches at the Hospitality Law Conference. (Photo: Bryan Wroten)

The past year was a big year for data breaches in the hotel industry, and industry experts say there’s no sign of it stopping any time soon. That means hoteliers not only need to work on prevention, but they also need protection in case an attack does occur.

Panelists in the session “Nailing down responsive cyber coverage that responds to hospitality industry risks” at February’s Hospitality Law Conference told attendees that everything about the current digital age that makes it great, such as connectability and massive data storage, also makes it a risk.

Attempting to list all of the data breaches in the past 12 months would overwhelm the presentation screen, said Joshua Gold, a cyber-insurance attorney at Anderson Kill, and the problem continues to grow.

“It’s getting worse, not better,” he said.

Insuring for different scenarios
Darin McMullen, an attorney at Anderson Kill, said there are four overlapping causes of data breaches at a company:

  • Accidental internal, a common cause of breaches, occurs when an employee loses a device with company business data on it, and it might fall into someone else’s benign or malicious possession.
  • Accidental external breaches occur through third-party vendors or subcontractors who have access to a company’s system or network. While they’re not trying to compromise their client’s security, they may cause harm through their own negligence.
  • Intentional internal breaches happen when a disgruntled employee creates the breach. This can be a common problem in hospitality where turnover can be high. Employees don’t necessarily have to be high-level to access sensitive data.
  • Intentional external breaches are the more traditional hacking events caused by criminal organizations or hacker activists, or hacktivists.

“Some you have control over; some you have virtually no control over,” McMullen said, who added that hoteliers should review their insurance options to protect against different risk exposures.

Gold said he’s working on an insurance claim for a client who had a former employee introduce malicious code into the company’s system. The code fried every controller, he said, causing physical damage to real pieces of hardware. For a networking company, this was a huge loss.

“The insurance company is saying electronic commands can’t cause real property damage,” he said. “It is covered under the literal language, but they don’t want to set that precedent. We will have to sue them.”

When looking for different cyber-insurance policies, Gold said, it’s important to keep in mind all the potential scenarios as some have provisions that exclude what hoteliers might need and think would be included, such as the physical damage in his client’s case. He said hoteliers should work with a savvy broker who specializes in cyber-insurance packages. There are so many different primary forms out there, he said, which can change every three to four months based on what clients face.

For more: http://bit.ly/1TZLnue

Comments Off on Insurance Helps Protect Against Data Breach Fallout

Filed under Guest Issues, Hotel Industry, Insurance, Management And Ownership, Risk Management, Technology, Theft

Enhancing Check-in and Loyalty with ID Verification Solutions

Loyalty

There’s no weariness quite like the fatigue and impatience that sets in at the end of a long day of travel. You’ve made it through security gauntlets, cramped seats, noisy kids, and traffic to arrive at your destination. What’s next, a long line of your fellow crabby travelers, or a quick trip straight to your comfy room and minibar? As an hotelier, you know which of these customer experiences translates into greater loyalty, advocacy, and revenue.

 

When it comes to business and personal travel, customer expectations have always been high; customers increasingly expect more convenience, personalization, and flexibility from hospitality brands. Online booking options, mobile technology, and social media reviews have made the market intensely competitive. Customer loyalty is a key driver for revenue growth and competitive advantage. In fact, a recent Forrester study commissioned by Sabre Hospitality found that a 1-point score increase on their Customer Experience Index provides $6.52 in annual incremental revenue per customer—a significant cumulative impact, especially for larger brands.

The same study found that two-thirds of leisure travelers and more than half of business travelers claim they are not loyal to any hotel brand. The study’s findings point to intelligent applications of technology and data as primary avenues for improving customer experience and loyalty, with an emphasis on integrated enterprise solutions. Feel-good experiences engender loyalty more surely than cost or convenience, and loyalty translates directly to good news for the bottom line. How can we begin to incorporate technology that leaves customers raving about their experience and returning for more the next time they travel?

One of the big pain points for customers—the dreaded check-in process—presents a huge opportunity for hotels that extends well past what happens at the front desk. Solutions for scanning and verifying IDs and passports, including mobile scanning and self-service kiosks, are transforming the check-in process and providing a key link between customers and data-driven, integrated hospitality platforms. With mobile scanning, check-in can begin anywhere (even remotely) and be completed in less time with fewer errors. Advanced scanning solutions quickly and accurately read all data off drivers’ licenses, passports, and other official identity cards, automatically populate data records and store a digital replica of the ID for regulatory and security purposes.

Once a guest’s ID data has been scanned into records, it can then be cross-checked with other databases (DMV, credit bureaus, etc.) to verify the customer’s identity. The data can also be connected with the hotel’s enterprise systems for security, billing, and customer service management, as well as personalization and loyalty programs. The ability to quickly and accurately gather this data at the point of entry eases and enriches all the subsequent processes and interactions that rely on such data. These days, customers expect that you have their information and will use it to provide them with a more polished and personal experience. The information scanned at check-in can also be used for seamless sign-up to loyalty programs. Hotels and casinos have found that insights and information gleaned from this data allow them to tailor rewards to guests’ preferences and analyze guest spending patterns in response to various promotions.

A recent Software Advice study of hotel guest preferences found that 60 percent of respondents would be more likely to choose a hotel that allows check-in and keyless entry via smartphone, and 37 percent are more likely to choose a hotel with lobby technology such as self-service kiosks. This follows the general preference of Millennials for automated customer service options. It’s also reassuringly good news for hotels striving to deliver better customer service while controlling staffing costs. Front desk agents can spend more time on personal greetings, solving exceptions, and addressing complaints when they are freed from manual data entry tasks. A serene, smoothly run lobby makes for a more welcoming space than one crammed with guests waiting to check-in.

For more: http://bit.ly/1QcmxGI

Comments Off on Enhancing Check-in and Loyalty with ID Verification Solutions

Filed under Crime, Guest Issues, Hotel Industry, Management And Ownership, Risk Management, Theft, Training

Hospitality Industry Conference Update: “Petra Hospitality Update: CH&LA Southern CA Conference”

Join Petra Risk Solutions at CH&LA’s

Southern California Hotel & Lodging Conference

Wednesday, September 23, 2015 at 8:00am – 5:00pm

This one-day event includes educational sessions, a trade show, and networking is free to all hotel staff. Each year over 500 hoteliers attend and take advantage of all that is offered at this very special event. 

Petra Risk Solutions’ very own Brad Durbin, Jennifer Lisanti and Todd Seiders will be presenting at the education sessions

click here to learn more..

[vimeo https://vimeo.com/138772085 w=500&h=281]

Petra is proud to partner with CH&LA and the endorsed broker for:

Insurance    *    Employee Benefits    *    Education

Comments Off on Hospitality Industry Conference Update: “Petra Hospitality Update: CH&LA Southern CA Conference”

Filed under Conferences, Guest Issues, Hotel Industry, Management And Ownership, Risk Management, Social Media, Technology, Theft

Hospitality Industry Conference Update: “2015 CTSSA Fraud Conference”

The 2015 California Tourism Safety and Security Conference is being held Thursday, September 17, 2015 at the beautiful Island Hotel in Newport Beach, California.  This half day conference is centered around fraud4d30d4d05aa65b796643a506d93fc01a and forgery detection and prevention at your business. With subject matter experts instructing in hands-on, nuts and bolts training format, you will see first hand how criminals forge fraudulent credit cards, wash checks, and take advantage of your unsuspecting business.

Together with several California law enforcement, security, and tourism industry organizations, the Association plans and hosts the nation’s largest training conference dedicated to issues of safety & security for visitors and visitor venues.   The annual conference features timely new training topics each year, presented by experienced practitioners and subject matter experts.   Content and logistics are planned and coordinated by a committee of CTSSA volunteers, chaired by Dave Wiggins.

The event includes a full day of training, plus the Tech Expo which showcases emerging tools & technologies, as well as a keynote address, and hosted luncheon and cocktail reception.   The conference has been praised for its timely and relevant “nuts-n-bolts” training content, as well as its valuable networking opportunities.  The conference has been held at various locations throughout California.  Participants come from all across the United States.  Participation is by pre-registration, and is open only to qualified working professionals.

For more: http://bit.ly/1Mt3G6e

Comments Off on Hospitality Industry Conference Update: “2015 CTSSA Fraud Conference”

Filed under Conferences, Hotel Industry, Management And Ownership, Risk Management, Theft

Hospitality Industry Technology Update: “Security Flaw In Hotel Wi-Fi Routers Could Put Devices At Risk”

“This is the second time in recent months that security researchers have warned of hotel Wi-Fi networks being a potential vectorWireless data security of attack for cybercriminals, providing a not-so-subtle reminder that individuals must be ever-vigilant regarding the security of their devices and access points.”

Cylance, a security vendor, says that its security researchers at the Sophisticated Penetration Exploitation and Research team (SPEAR) have uncovered a flaw in the InnGate Wi-Fi router commonly used by many hotels that could be placing the devices of guests at risk. According to Wired, the Cylance team reports, the vulnerability could threaten not just guests, but could also spread to the hotels themselves if hackers are able to compromise the router to allow them to access other parts of the hotel network. Cylance says this could potentially impact reservations and billing.

The vulnerability, dubbed CVE-2015-0932 gives an attacker full read and write access to the file system of an ANTLabs’ InnGate device, Cylance reports.  Cyber thieves gain remote access through an unauthenticated rsync daemon running on TCP 873, which then allows them to read and write unrestricted to the file system of the Linux based operating system.

For more: http://bit.ly/1yYJZK7

Comments Off on Hospitality Industry Technology Update: “Security Flaw In Hotel Wi-Fi Routers Could Put Devices At Risk”

Filed under Crime, Guest Issues, Hotel Industry, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Security Update: “New Security Mindset: Focus On The Interior”

“We continue to be more focused on perimeter protection than on internal controls and monitoring. It’s clear that attackers are already inside or could be anytime they want and there’s nothing you can do about it on the perimeterJason-Straight-LG…You would think external attacks cause all the damage. But study after study, two-thirds of attacks are mundane insider errors, lost equipment, technology failures, or lack of oversight over vendors.”

Chief privacy officer Jason Straight shares his insights on why organizations are struggling to stop the breach wave — and manage the aftermath.

Hackers keep on hacking, breaches keep on happening. The cycle continues, as major corporations now routinely get successfully compromised. A key element of the equation now is properly and efficiently responding to an attack as well as managing its aftermath.

The same old security missteps–falling for phishing attacks, not locking down sensitive data internally, giving users too much access, for instance–keep recurring. That’s because many organizations aren’t putting their security energy in the right places, according to Jason Straight, senior vice president and chief privacy officer at UnitedLex, which provides outsourcing services and support for the legal industry.

For more: http://ubm.io/1BTm7L2

Comments Off on Hospitality Industry Security Update: “New Security Mindset: Focus On The Interior”

Filed under Crime, Employee Practices, Guest Issues, Hotel Employees, Hotel Industry, Maintenance, Management And Ownership, Risk Management, Technology, Theft, Training