Targeting the hospitality industry
While traditionally attackers have focused on financial institutions where the money is, hotels and hospitality institutions are now being targeted for the valuable data that passes through them. With the hotel industry utilizing more technology than ever, hackers have multiple access points to obtain valuable information, such as through niche smart devices like remote-controlled curtains.With the hotel industry utilizing more technology than ever, hackers have multiple access points to obtain valuable information, such as through niche smart devices like remote-controlled curtains
Before you travel
Companies must do more to educate employees on how to protect themselves from cyber threats whilst on business trips. The more savvy and secure an employee is when it comes to travel, the less risk the company may face from external threats.
Different countries offer varied levels of risk, and companies should make ensuring they have appropriate risk appetite for regions a top priority. In some instances, high risk countries wouldn’t warrant taking corporate phones or devices, and instead employees should be offered clean devices for travel.
Most business employees have hard disk encryption on their devices which can provide a key security layer; however, in certain countries, border control may well ask travelers to provide the key to unencrypt a device and take an image of it. Data is now worth more than gold, and not every country or company plays by the rules.
During your visit
Hotels are commonly used to target executives and business travelers from companies using the shared Wi-Fi networks present all around the hotel. Attackers can easily pull up the history on business lounge devices to obtain valuable information on a person; anything from what people are interested in, to the common passwords they use for personal emails.
All of this data can then be used as part of a larger phishing campaign to attack individuals and gain access on both a personal and professional level. The hackers may choose to target the individual’s banking and credit information, or to access the corporate network and steal valuable business information from their company. Using a virtual private network (VPN) should be common practice for all business travelers when connecting to the internet.
In addition to using the Wi-Fi networks, attackers can use malware attacks to log credit card swipes or access hotel rooms by hacking the electronic door systems. Whilst travelers should be responsible for ensuring they are using appropriate security measures as an individual, they must also ensure they trust the cybersecurity of the accommodation where they are staying.