Tag Archives: Crime

Tech experts clarify ins and outs of door lock security

Hotel guestroom door locks and keycard systems that are connected to the internet pose security risks, technology experts say, but there’s also some widespread misconception about the nature of those risks.

hotel door key lock

The physical and digital security of hotel guestroom door locks has been a hot topic in the news lately, with the sometimes-sensationalized story of a hacker who extracted a ransom for a hotel’s keycard system.

For some clarity on the issue, Hotel News Now reached out to tech experts who explained what can and can’t happen with electronic door locks, what is vulnerable and how hoteliers can protect their properties and their guests from hackers.

Improved security
Guestroom door locks were traditionally treated as a piece of equipment maintained by a maintenance/building facilities engineer, said Armand Rabinowitz, senior director of strategy and workgroups at Hotel Technology Next Generation. This employee didn’t tend to be well-versed in technology unless they happened to be so for another reason, he said.

“That has changed as the position has become increasingly more technical,” he said. “Ten years ago, electronic locks didn’t need to be, nor were (they) connected to the internet.”

Locks were connected to an encoder or local serial connection, he said, which is a basic protocol that doesn’t travel across internet-connected devices. The physical protocol became outdated as hotels moved to IP-based connections, he said, which requires hoteliers to be careful in how they implement the system.

Everything at Greenwood Hospitality’s properties is on a guarded back-office, closed network, said Paul Wood, VP of revenue generation. The network is scanned for malware and viruses, he said. Locks are sequenced with encoders, he said, and this is a safe process as long as hotels have the system set up correctly.

The code connects the guest key with the lock, he said. Once it hits checkout time, the sequence says it’s time, and the keycard access shuts off.

“From a safety factor/feature perspective, it’s been this way more than 20 years,” he said. “The industry has it down pat.”

Systems today have a long history in the industry, Rabinowitz said, and they’re widely adopted in the world. In most cases, the communication protocols between online door locks are so limited that to transmit a code that would constitute a virus is challenging, if not impossible, he said.

“There would have to be a physical compromise to the point of replacing parts, rendering it unusual by the existing system,” he said.

Training and policies
Hotel managers should treat a door lock system like any other valuable IT asset, Rabinowitz said. That means ensuring all implementation security standards have been put in place for both physical and remote access, he said. There also should be an update process to ensure the system is running on the latest software, he said, and antivirus and security software must be installed on all machines that touch or run any of the lock system-based software.

Click here to read more about Hotel News Now Tech Impact Report Article

 

Comments Off on Tech experts clarify ins and outs of door lock security

Filed under Hotel Industry, Hotel Security, Liability, Risk Management, Technology, Theft

Husband and wife cheated workers’ compensation

Tip: This is why it is important for hotels to request certificate of insurance from their vendors. 

 

Indicted for hiding the existence of 800 hotel workerslaw, justice

Hyok “Steven” Kwon and his wife, Woo Hui “Stephanie” Kwon, were sentenced to prison yesterday (March 15) for concocting and carrying out a complicated scheme to avoid paying workers’ compensation insurance premiums and employment taxes for their janitorial company, Irvine-based Good Neighbor Services. He was sentenced to eight years in custody and she got four years and eight months. Each has been ordered to pay $5 million restitution to insurance carriers and the California Employment Development Department.

They were indicted in December for hiding the existence of 800 hotel workers and thereby evading personnel-related taxes. At the time of the indictment, their caper was considered the largest insurance premium fraud in San Diego history.

Among the hotels serviced by the company were the Hotel Del Coronado, Grand Del Mar, La Costa Resort & Spa, Loews Coronado, and L’Auberge Del Mar.

See article at SanDiegoReader.com

 

 

 

Comments Off on Husband and wife cheated workers’ compensation

Filed under Hotel Industry, Injuries, Management And Ownership, Workers' Compensation

How to Prepare for Potential Threats to Security

Daniel Johnson, CHA, serves as a hotel analyst for Travel Channel’s Hotel Impossible and is vice president of operations for Argeo Hospitality. Here, he sits down with LODGING to answer one of the most pressing issues he believes hoteliers face.

hotel security

In light of recent security issues, as a hotel outside the U.S., what should we be considering in our day-to-day operations?

There have been numerous incidents in the U.S. and abroad and, in October, a celebrity had her room intruded upon by individuals dressed as police officers in Paris. Preparedness is not something that comes when there is a news story to scare you into a concern. It has to be an integral part of the operation from day one in an unending and enduring effort to remain vigilant. You have to have a plan. Period. It’s not a suggestion, it’s not a recommendation, it’s a requirement. When it comes to your hotel, devise a plan for the possibilities you face and tailor reactions for your specific operation. First, remember that you can plan but you can’t plan for every eventuality. You can, however, train, train, train. Once your plan is in place, train your staff on it, then train again, then analyze the results, then train again. Having a third party review your plan is never a bad idea.

Second, know your hotel’s exterior like the back of your hand. In order to gain access, individuals have to cross your grounds, parking lot, delivery points, or some other means of entry. What are your strengths and weakness? How is the lighting? Is there anything that needs to be addressed with security or surveillance?

Third, encourage your staff to meet and greet. Every guest, every visitor, every vendor should be greeted with a smile and a question, “May I help you?” These are opportunities to wow your guests that also double as a chance to pay attention to the comings and goings within the building.

 

See complete article from Lodging Magazine

Comments Off on How to Prepare for Potential Threats to Security

Filed under Guest Issues, Hotel Employees, Hotel Industry, Hotel Security, Risk Management

The Ransomware Dilemma: Is Paying Up a Good Idea?

The ongoing fight against ransomware attacks and the cyber criminals perpetuating this menace is more than a full-time job. In a cyber world without boundaries, ransomware has become a worldwide problem where no organization is immune to victimization.

According to some security experts, the first known reports of ransomware attacks took place in Russia in 2005. Over the past 10 years, these attacks have spread to all corners of the globe, successfully targeting hundreds of thousands of business systems and home PCs. And, the effects are mounting: the FBI reported ransomware-driven losses of $18 million over a 15-month period in 2014 and 2015.

The way ransomware works is by making an infected device unusable by locking the screen or system, encrypting its data and then demanding a ransom to unlock and decrypt this data. In some cases, once the user’s PC is infected, the ransomware also displays threatening messages disguised as coming from a law enforcement agency in order to appear credible while intimidating the PC owner. Payment is usually demanded in the form of bitcoins, a virtual currency that is untraceable.

ransomware

This is apparently what happened at Hollywood Presbyterian Medical Center in California in early February 2016 when it fell victim to malware, which locked the hospital’s computer infrastructure. According to reports, to remain operational and continue providing patient care, the hospital was forced to use “old school” methods including paper records, faxing, and good old-fashioned pen and paper.

In a letter regarding the attack, following a bitcoin payment of $17,000, hospital CEO Allen Stefanek stated “…The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

Click here to read the entire article: http://bit.ly/2c6mdvh

Comments Off on The Ransomware Dilemma: Is Paying Up a Good Idea?

Filed under Business Interruption Insurance, Claims, Crime, Hotel Industry, Insurance, Management And Ownership, Privacy, Technology, Theft

Join Petra Risk Solutions at CH&LA’s S.A.F.E Forum & Expo

Petra CH&LA SAFE

Register today at CH&LA

Comments Off on Join Petra Risk Solutions at CH&LA’s S.A.F.E Forum & Expo

Filed under Conferences, Crime, Guest Issues, Hotel Employees, Hotel Industry, Risk Management, Theft, Training

Safety & Security Tips for Hotel Management

Providing an accommodating atmosphere that doesn’t compromise safety is the biggest challenge that hotels face. Achieving these goals requires a multifaceted plan that starts with staff training and guest education about safety and security issues. Management must also consistently enforce established security policies, such as allowing only registered guests on hotel property. Constant planning to stay ahead of these issues is also a must, especially when the hotel hosts public events.

hotel security

Control Access
Controlling access is an important part of hotel security planning to prevent criminals from stealing money and valuables from guest rooms. Management must train contractors and staff in controlling room key distribution and restricting access to registered guests only. During off-hours, security personnel should be stationed at all main access points to greet people, while deterring anyone with no business on the property, including disruptive or intoxicated non-guests.

 

Educate Guests
Hotel staff has a responsibility to educate guests about safety and security responsibilities. The challenge is getting the message across without negatively affecting the customer’s experience. For example, the bellman can stress the importance of locking hotel room doors to prevent strangers from entering. Front desk clerks can also discourage guests from actions that leave them vulnerable to thieves, such as flashing room keys or yelling room numbers across the lobby.

Patrol Public Areas
Technology has come a long way in helping hotels to upgrade basic security measures. Closed-circuit TV cameras with recording systems are essential for securing such busy public spaces as bars, docks, lounges, and parking lots. However, these areas also allow open access for disruptive persons, muggers and pickpockets. Active monitoring of the camera images by staff and proper lighting reduces the opportunities for such crimes. Offering a security concierge to escort guests also minimizes the risk of non-assaultive crimes, such as luggage thefts.

Advance Measures
Communicating basic safety and security measures becomes even more important at public events such as conventions, where travelers may feel as if they’re leaving real world dangers behind. To head off problems, management should send advance communiques to event attendees. The notices should contain basic safety tips, such as the need for locking doors, not leaving cellphones and laptops unattended, and being alert in public areas.

For more info: ( http://bit.ly/2agiHgI )

Comments Off on Safety & Security Tips for Hotel Management

Filed under Crime, Guest Issues, Management And Ownership, Risk Management

What’s your data breach response plan?

data breach

While businesses prefer to avoid cyber perpetrators entirely, these days nearly all organizations are at risk of a breach.

As the number of incidents (and claims) continues to rise, the prudent strategy is for firms to not only work diligently to prevent an intrusion, but also to have a plan in place to respond quickly and effectively if they suspect information has been compromised.

A data breach response plan proactively outlines the necessary actions a business must take, providing a framework that can be regularly matched against emerging risks and updated if the firm’s situation changes — for example, if additional staff are added in key data privacy or technology roles or if partnerships are formed that could change the way sensitive information is processed.

Developing a data breach response plan, one that is easy to follow and quick to implement, gives businesses time to prepare the necessary resources and mitigate the damage an exposure can inflict. Leaving key tasks to the last minute, such as scrambling to identify qualified outside legal counsel, is unwise and can significantly impact the timeliness and expense of a breach response. Likewise, pulling the plug on a single server without seeking guidance from an experienced technology expert may not shut down the unauthorized access that caused the exposure, thus leaving the business open to further harm. Worse, it may even erase key information a computer forensics company may need to assist the investigation. Getting the firm’s ducks in a row in advance of any breach is a far more effective cyber mitigation strategy.

One component of many small business breach response plans is accessing the financial and technical support available through a well-structured Cyber Liability insurance policy. Coverage options vary widely, so businesses (or the insurance broker) must carefully examine their needs before crafting a policy. For those firms with lean internal resources and thin financial margins, the right insurance can be a key asset when it comes to implementing a solid breach response plan. Below, three steps that will help organizations mitigate data breach disruptions before they occur.

1. Assemble the team

Who needs to be involved in responding to a breach? Before attempting to pull together more than a cursory list of post-exposure action items, it’s critical that the firm identify those individuals or groups that should be contacted in the event of a potential breach. The team will vary from one business to the next, but most organizations will want to include representatives from the executive group, legal (either internal or an outside consultant), privacy or information security, risk management, information technology, human resources and public relations.

Given the growing reliance on external partners — cloud providers, payroll processors and the like — firms should also consider where vendor touchpoints exist and how or when those third parties will contribute to the breach response process. They may need to be included on the contact list or they may even be responsible for raising the initial alarm if a breach occurs. It’s also important to ensure vendor contracts clearly spell out the company responsible when a breach occurs and who is liable for notifying those impacted. Other vendors are also commonly part of the response team, such as media relations consultants experienced in crisis management and notification firms with the resources necessary to quickly inform breach victims about the situation.

If the business has Cyber Liability coverage, the insurance company should also be part of the breach response plan. There are support services included in many policies that will be helpful in the event of an exposure, ranging from forensic investigation teams to data recovery specialists. To maximize the value of any applicable coverage, firms must be ready to access available features quickly and through the most efficient channels.

Click to read the article

Comments Off on What’s your data breach response plan?

Filed under Crime, Insurance, Liability, Management And Ownership, Risk Management

Successful Education Session at CH&LA SoCal Conference

Petra Risk Solutions had a successful education session at CH&LA‘s SoCal Conference. Todd Seiders, CLSD, Director of Risk Management, presented “Today’s Safety & Security Challenges for Hotels”. Over 100 people attended! They walked away educated and with a better understanding on how to handle phone scams, human trafficking situations, renting hotel room to minors, ADA scams, and the recent Erin Andrews/ privacy ruling.  Todd CH&LA NoCal & SoCal conference

Comments Off on Successful Education Session at CH&LA SoCal Conference

Filed under Claims, Conferences, Crime, Guest Issues, Hotel Employees, Hotel Industry, Hotel Restaurant, Insurance, Risk Management, Theft

Join Petra Risk Solutions at CH&LA’s California Conferences

CHLA Marketing Flyer 040116 FINAL

For more information on the Northern California Hotel & Lodging Conference, click here!

For more information on the Southern California Hotel & Lodging Conference, click here!

Comments Off on Join Petra Risk Solutions at CH&LA’s California Conferences

Filed under Conferences, Hotel Industry, Management And Ownership, Risk Management, Technology

Workplace Violence – How to Deal with a Disgruntled Ex-Employee

violence
You are an executive working intently in your office when your assistant calls and informs you that a disgruntled ex-employee has shown up at the facility with a weapon and is threatening violence.  Will you know what to do, or better yet, what not to do?

 

Workplace violence can be defined as any act that creates intimidating, hostile, and offensive or a threatening work environment through unwelcome words, actions or physical contact.  As we have seen on multiple occasions, workplace violence and active shooter occurrences have been on a steady incline in this country.  Are you and your company prepared?

There are two types of workplace violence that need to be taken into consideration. First is the external variety – criminal activity from a non-employee, client or customer.  Second is the internal variety of a problem employee, employee personal relationship, hostile individual due to disciplinary actions or a facility closing.  Be prepared by taking some very easy measures:

  • Have a  written policy that is known throughout your organization
  • Take the position of ‘no tolerance’ for this activity
  • Train employees and provide ongoing training
  • Make sure your plan protects first, then concentrates on compliance
  • Understand and effectively communicate the legal implications

The potential deadly situations are reasonably foreseeable and this should be the standard used for compliance and determination of liability. Understand what data you need to assist in the prevention of workplace violence.  You not only have a legal responsibility but the obligation to your workforce.  Negligent hiring, high-risk terminations, retention, security, and poor training open you and your organization to the possibility of a workplace violence incident.  Human resources plays a key role in your workplace violence plan through effective pre-employment screening, establishing discrete communications channels, an Employee Assistance Program and coordination with your security personnel regarding response plans.

Do not allow yourself to make these five critical mistakes:

  • Denial and avoidance
  • Not having a threat response plan
  • Acting too hastily
  • Lack of total workforce participation
  • Insufficient assessment process

Coordinate a case assessment team and make sure they understand their purpose, make-up, objectives, and documentation measures.  The need to recognize the behavioral warning signs that signal potential trouble and that evaluation of behavior is not ‘profiling’.

Protective measures include:

  • A facility security audit
  • Obtaining local crime statistics
  • Recording a history of incidents
  • Personnel training
  • General security awareness training
  • An established liaison with local law enforcement.

Remember, ignorance does not relieve an organization of responsibility.  In summation, an organization has a Duty of Care responsibility to their employees and must plan, train, recognize, manage and respond to this growing problem within the business community.

For more: http://bit.ly/1XAJN02

Comments Off on Workplace Violence – How to Deal with a Disgruntled Ex-Employee

Filed under Crime, Hotel Employees, Hotel Industry, Labor Issues, Management And Ownership, Risk Management, Training