Boeing, NASA say investigation into Starliner malfunction is underway, preparing for Sunday launch attempt
Www.oeisdigitalinvestigator.com:
Boeing’s Starliner spacecraft atop the United Launch Alliance Atlas V rocket rolls out in Florida on Thursday, May 30, 2024.
Isaac Watson | NASA
Boeing’s first Starliner flight with astronauts on board was called off in the final minutes on Saturday, and the backup Sunday launch date was also canceled.
The company was targeting a June 1 launch at 12:25 p.m. ET of its capsule, which would have carried astronauts to the International Space Station for the first time in a final major test of the system.
Leaders from Boeing, NASA and the United Launch Alliance, or ULA, held a press conference later Saturday afternoon to provide updates on the malfunction and the status of the next launch attempt.
“The disappointment lasts for about three seconds,” said Mark Nappi, Vice President and Program Manager of Boeing’s Commercial Crew Program. “And then you just immediately get busy and do your job.”
Boeing had a backup launch date scheduled for Sunday at 12:03 p.m. EDT. But Saturday evening, NASA announced the cancellation of that Sunday launch “to give the team additional time to assess a ground support equipment issue” at the Florida launch site.
NASA plans to provide further updates on the next steps for the rocket launch. The following possible launch dates are June 5th or June 6th.
An investigation into the cause of the malfunction is underway and crew members may have to work through the night to troubleshoot the issue.
“The leading suspect would be either a hardware problem or a problem with the network,” ULA CEO Tory Bruno said at the Saturday press conference, noting that they will not fully know the source of the issue until the investigation is complete.
The launch’s hold was automatically issued earlier Saturday for an unspecified reason, NASA said on its broadcast, with under four minutes remaining in the countdown. Holds in a rocket launch countdown – as well as “scrubs,” indicating a launch delay – are a common occurrence in the industry. The crew on board are safe and will disembark.
Two NASA astronauts are aboard the Starliner capsule, which would be carried by United Launch Alliance’s Atlas V rocket to the International Space Station.
NASA and Boeing called off a launch attempt in early May due to an issue detected with the rocket. ULA, a joint venture of Boeing and Lockheed Martin, replaced the rocket’s problematic valve.
After calling off the May attempt, NASA and Boeing found a “small” helium leak in Starliner, causing the agency and company to perform another series of assessments. After analysis, NASA and Boeing believe the source of the leak is in the spacecraft’s helium propulsion system. But officials said last week that the leak is “stable” and “not a safety of flight issue.”
NASA astronauts Butch Wilmore, left, and Suni Williams.
Credit: Kim Shiflett | NASA
Butch Wilmore and Suni Williams are flying on Starliner, with the former serving as the spacecraft’s commander and the latter as its pilot.
Wilmore joined NASA in 2000 and has flown to space twice previously on the Space Shuttle and Russia’s Soyuz. Before NASA, Wilmore was a U.S. Navy pilot.
Williams was selected by NASA in 1998 and has also flown to space twice before, on the Space Shuttle and then the Soyuz. Like Wilmore, Williams was a Navy pilot before joining the space agency.
Www.oeisdigitalinvestigator.com: The rocket and capsule
Boeing’s Starliner spacecraft atop the United Launch Alliance Atlas V rocket is seen on the launch pad of Space Launch Complex-41 at Cape Canaveral Space Force Station in Florida on Thursday, May 30, 2024.
Isaac Watson | NASA
Starliner launches on ULA’s Atlas V. The rocket debuted in 2002, and the Starliner crew flight test represents its 100th launch.
The capsule is built to carry as many as four NASA astronauts per flight and more than 200 pounds of research and cargo. The spacecraft lands using a parachute and airbag system. Starliner is reusable, and each capsule is designed to fly as many as 10 missions.
Www.oeisdigitalinvestigator.com: The mission
Boeing’s crew flight test aims to certify the Starliner system as capable of carrying NASA astronauts to and from the ISS.
If Starliner launches on Saturday, it will fly in space for about 25 hours before a planned docking with the International Space Station at 1:50 p.m. on Sunday. The astronauts will then spend about a week on the ISS, focused on testing Starliner, before returning to Earth.
— CNBC’s Rebecca Picciotto contributed to this report.
Examine the forefront of digital research in our Latest News & Blog. Study expert analyses, technological advancements, and key industry insights that keep you informed and prepared in the ever-evolving world of digital forensics.
What is cyber security in the hospitality industry?
Cybersecurity in the hospitality industry is the software and processes that safeguard the vast array of sensitive data that hotels and resorts collect from their guests.
For hoteliers, this means not only protecting customer information, like credit card details and personal preferences, but also ensuring the security of internal systems against cyber threats such as data breaches or ransomware attacks. Recognising and investing in cybersecurity measures is not just about risk management; it’s about upholding your establishment’s reputation and providing a safe, seamless experience for every guest.
In this blog, we’ll tell you everything you need to know about hotel cyber security, including what they are, the various ways you could be hacked, the consequences, and how to protect yourself.
Table of contents
1. What is cyber security in the hospitality industry?
2. What is a hotel data security breach?
3. Why hotel cyber security is important
4. Common cyber security threats in the tourism and hospitality industry
5. Examples of hotel security breach
6. Review of cyber security issues in hospitality industry
7. PCI compliance in the hospitality industry
8. Hospitality cyber security compliance: GDPR for hotels
13. How can cyber security threats in the hospitality industry be avoided
14. How SiteMinder helps with cyber security for the hotel industry
What is a hotel data security breach?
A data breach is the release, intentional or unintentional, of private or confidential information to an untrusted environment. In other words, when data is viewed or transferred by someone not authorised to do so, this is a breach.
Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. Most data breaches involve files, documents, and other sensitive information.
Data breaches are a concerning and damaging threat to all kinds of industries and businesses worldwide. Hotels are especially vulnerable because they deal with a large amount of personal information from guests and customers. Hackers can take all types of sensitive information from hotels – anything from email addresses to home addresses and credit card data.
The fines for such breaches are steep, but they’re not the only things your hotel should worry about. A security breach can significantly tarnish your company’s reputation in a very public way and many travellers say they will be less likely to book again with a company that lost their data through a security breach.
Why hotel cyber security is important
In this digital era, the hospitality industry must hurdle a critical challenge: safeguarding the extensive sensitive information generated by day-to-day online dealings and digital interactions. For hotel brands, the imperative to shield their own and their customers’ data has escalated to unprecedented levels.
The recent surge in online business and internet transactions has not just been a boon but a call for heightened vigilance. Hotel brands are now more than ever, under the obligation to ensure the security of their own and their customers’ data. Today’s cyber-criminals are devising newer, more sophisticated methods to infiltrate and extract sensitive customer information from hotel websites, internal systems, servers, and even mobile platforms – your front desk is not exempt from these threats.
So, what could be the fallout of a security breach in your hotel’s systems or those of your partners? The aftermath is often grim: thorough investigations, severe damage to your brand’s reputation, a significant erosion of consumer trust, and these are just the immediate repercussions. The financial implications are no less daunting, often involving thousands of dollars in penalties and fines.
To outpace these relentless hackers, hoteliers must intensify their focus on how they collect, store, and safeguard customer data, and how they manage their systems. Installing firewalls or updating antivirus software is a start, but it isn’t the end. Cybersecurity in your hotel is about cultivating a culture of cybersecurity awareness throughout the organisation, from the executive suite to the front desk. Your hotel’s reputation, customer trust, and financial health depend on this vigilance.
Common cyber security threats in the tourism and hospitality industry
Here are three of the most common forms of online security breaches that may occur – along with some tips to avoid a hotel data breach where you are…
1. Hotel malware
Malware is any piece of software that was written with the intent of doing harm to data, devices or to people. Malware is perhaps the most common and most dangerous online security threat thanks to its diversity.
Officially standing for malicious software, malware incorporates many different types of potential dangers to hotel technology such as reservations systems.
These include:
Viruses
Just like a virus you might contract, a computer virus will infect files on your system and then spread uncontrollably, eventually crippling the machine if left unchecked.
Trojans
Trojans are chameleons, disguising themselves as all types of legitimate software or hiding with legitimate software that’s been tampered with. Once installed, they will then attack the system.
Spyware
Somewhat obviously, spyware is designed to linger undetected in the background of your system and take note of what you do online. It will look for passwords, payment card data such as credit card information, names and addresses, and other private details.
Worms
These have the ability to infect a whole network of connected devices, and then use all of them to infect more, either locally or across the Internet.
Ransomware
Again self-explanatory, this malware essentially locks your computer and threatens to destroy everything unless you pay a ransom to the owner. (Talk about dramatic.)
Adware
This is not the most hostile of the group, often it will simply serve you annoying ads or pop-ups, but it can also open a way for other malware to get in.
The problem is that all of these types of malware require slightly different methods of removal and protection if a breach does take place at affected hotels. It’s always good practice to avoid engaging with suspicious emails and clicking insecure links, but the only way to be completely safe is to ensure you have anti-malware and antivirus software installed on all the devices you conduct your business with.
2. Spam
Spam has its origins way back in 1970 thanks to a Monty Python sketch and is the sending of an unsolicited message, mostly advertising via email.
The term can also apply to other media such as instant messaging spam, search engine spam, spam in blogs, wiki spam, online ads spam, text message spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam.
It’s all very unwelcome usually and in some cases carries more dangerous malware with it.
However, there are plenty of ways to ensure you’re not bothered by spam at your hotel. Here are some tips:
Avoid opening emails that look like scams or spam
Never give in to spammers by purchasing something or accepting an offer
Don’t bother replying. Simply delete and/or block
Don’t be tricked into clicking. Even if a link is labelled ‘unsubscribe’ it will just confirm the email address is active and encourage more spam
Use a disposable email address for purposes that may attract spam such as online purchasing
In fact, be very wary where you put your main email address and who you give it to
Try to use web contact forms instead of actually posting your email address on your website publicly
When communicating your email address, present it in a way a person will understand but a spambot won’t. For example, test at test.com instead of [email protected]
3. DoS attacks
A denial-of-service (DoS) attack occurs when a hacker or virus shuts down a machine or network and prevents it being accessed by its intended users. This is usually done by flooding the system with an unprecedented amount of traffic or by sending information that triggers a crash.
The victims of DoS are usually high-profile organisations who people have a slight against.
A few different methods of DoS attacks exist. They include:
Buffer overflow attacks sending more traffic to a network address than the programmers have built the system to handle
ICMP floods that leverage misconfigured network devices by sending spoofed packets that ping every computer on the targeted network
SYN floods that send a request to connect to a server, but never complete it. This continues until all open ports are saturated with requests
DoS attacks are very hard to predict or prevent. Usually solutions depend on countermeasures once the attack has been noticed.
Examples of hotel security breach
Some of the world’s largest companies have fallen prey to data breaches, costing millions of dollars in damages. In 2013 Yahoo was attacked and three billion user accounts were compromised. In the same year eBay had almost 150 million customer accounts accessed illegally.
Hotels and bed and breakfast properties have also been key targets of data breaches for many years – and there is one main reason for this: credit card payments. The security breach happens online, because that’s where your guests are making their bookings, or where your front desk staff are making bookings on their behalf. Unfortunately, going ‘off the grid’ isn’t a feasible solution to the issue – the online space is too big to ignore and credit card usage continues to grow.
And while not a strict data breach, Booking.com paid about 10,000 customers who fell victim to a scheme which conned customers out of data.
Marriott hotel security breach
In 2018 Marriott announced that hackers had attempted to access its Starwood Hotels & Resorts Worldwide guest reservation database. Further investigation revealed unauthorised access to the system as far back as 2014, two years before Marriott acquired Starwood.
A valuable lesson here is that businesses should always scrutinise the cybersecurity and data handling of other companies before they enter into any type of deal. Even though the hack happened before the acquisition, it’s still Marriott’s reputation that is compromised. The same principle should be applied when a company acquires new infrastructure, applications, and systems. While these seem like assets, they should also be treated as potential liabilities.
Estimations said up to 500 million guests, including 327 million guests whose data includes “some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date and communication preferences, may have had their information at risk in the period between 2014 and 2018. Marriott also confirmed some compromised guest data includes payment card numbers and expiration dates.
IHG hotel security breach
Front desk cash registers at more than 1,200 hotels in the InterContinental Hotels Group, which includes the Holiday Inn and Crowne Plaza brands, were infected with malware that stole customer debit and credit card data between September 29, 2016 and December 29, 2016. The company has a network of more than 5,000 hotels in over 100 countries so that could mean more than one-fifth of its hotels were affected.
The malware stole information read from the magnetic stripe of a payment card as it travelled through the affected hotel’s server. That information could have included the cardholder’s name in addition to card number, expiration date, and internal verification code.
Hilton hotel security breach
In 2017 BBC News reported Hilton was fined $700,000 for mishandling data breaches in 2014 and 2015.
The company discovered the first breach in February 2015 and the second in July 2015, but first went public with the breaches in November 2015. US federal investigators said Hilton had taken too long to warn customers and lacked adequate security measures.
Wyndham hotel security breach
Wyndham Worldwide were involved in a lawsuit after failing to properly safeguard customer information, in a case arising from three data breaches affecting more than 619,000 customers.
The Federal Trade Commission wanted to hold Wyndham accountable for breaches in which hackers broke into its computer system and stole credit card and other details from customers, leading to over $10.6 million in fraudulent charges.
Under the order, Wyndham established a comprehensive information security program designed to protect cardholder data including payment card numbers, names and expiration dates.
Expedia security breach
Expedia subsidiary Orbitz disclosed that about 880,000 payment cards had been impacted by a security breach that potentially exposed customers’ information to hackers.
The travel booking site said an investigation determined that an attacker may have accessed personal information of people who made purchases between January 1 2016 and December 22 2017.
The personal information potentially exposed includes credit card information, addresses and phone numbers of customers. The information attackers “likely accessed” included people’s names, dates of birth, email addresses, street addresses, and genders, Orbitz said.
Review of cyber security issues in hospitality industry
In the hospitality industry, adhering to the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR) is essential for safeguarding sensitive customer data.
PCI DSS, enforced by major credit card companies, mandates secure processing, storage, and transmission of credit card information, affecting every credit card transaction in hotels.
GDPR, implemented in the EU, emphasises the protection of personal data and impacts hotel marketing strategies, especially concerning guest databases and email campaigns.
HTTPS website security is crucial for building guest trust and securing online transactions.
Hoteliers must take proactive steps, including appointing a compliance champion, educating staff, controlling data access, and collaborating with PCI-compliant vendors, to adhere to these standards and protect against data breaches and hefty fines.
PCI compliance in the hospitality industry
The PCI Compliance Guide defines PCI DSS (Payment Card Industry Data Security Standard) as a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.
PCI DSS has changed the way the travel industry approaches safety standards relating to how credit card payments are handled and processed. The standard is enforced by major credit card companies – including Visa, MasterCard, American Express, Discover and JCB – as part of their merchant agreements.
Designed to help prevent payment card fraud, the standard applies to any business involved in the processing, storing or transmitting of cardholder data, regardless of the transaction volume or dollar value involved. Should a guest use their credit card to pay for something at a hotel, for example – be it a room reservation, spa treatment or coffee – PCI DSS applies to that purchase.
PCI DSS compliance is not a ‘nice-to-have’, but an absolute necessity. A security breach not only damages your reputation, but it could potentially wreak havoc on the lives of your guests, and cost you a significant amount in the way of data breach fees.
Hotel PCI DSS requirements
Here’s your quick start list on PCI DSS compliance for hotels:
Name an owner or champion of PCI DSS compliance within your organisation: This person within your hotel can work with the various departments to ensure PCI DSS compliance is understood and act as ‘go to’ person if staff have questions.
Be proactive: Teach staff why data security is important and the impact any breach may have. Show them how they can be proactive in managing security every day.
Protect physical data: Control access to the back office and anywhere receipts are filed. Provide secure disposal bins or a shredder for disposal sensitive paperwork.
Proactively manage access to systems: Restrict access to payment or personal data to only staff who require this information to do their job. Use individual logins and access codes to systems.
Check your vendor’s approach to data security: Clarify the role vendors play in terms of compliance with data-related standards, and seek PCI DSS compliant partners.
Secure online booking data: While you may need a paper copy of a reservation, do not print credit card details of customers from your online systems. Select an online booking engine that is fully PCI DSS compliant.
To help businesses determine their level of PCI DSS compliance, the PCI Security Standards Council provides various Self-Assessment Questionnaires (SAQs) online, as well as professional training for firms and individuals.
The cost of becoming PCI DSS compliant depends on a number of factors, including the size of your business, existing IT infrastructure among other factors.
To achieve PCI DSS compliance, follow these steps:
Speak with your acquiring bank(s) to determine the correct SAQ for your business (e.g. Visa, MasterCard, AMEX)
Complete the appropriate SAQ for your business
Submit the SAQ, evidence of a passing scan (if required), the Attestation of Compliance and any other requested documentation to your acquiring bank(s).
Hospitality cyber security compliance: GDPR for hotels
It was implemented to strengthen and unify data protection in the European Union (EU) and could directly affect your hotel.
The GDPR gives more control to residents over their personally identifiable information and aims to simplify the regulatory environment for international business.
Hotels need to ensure they review their connections to third party data processors (such as technology vendors), their own security policies, and if they have the necessary qualified staff on hand to cope with the new laws.
The GDPR dictates that all of these must be reviewed and it’s likely that data agreements will have to be renegotiated to remain compliant.
As is widely reported, serious penalties may apply to companies who aren’t compliant. At worst, a fine of €20 million may be issued, or 4% of the company’s worldwide annual revenue of the prior financial year – whichever is bigger.
What hotels need to know about GDPR
For hotel marketers the new GDPR rules could be especially impactful on their guest databases – particularly in regards to running email campaigns and sending prospective guests promotional offers enticing them to book a room.
Under the GDPR, your prospective guests must explicitly opt-in to having their details stored and they should understand what they are being used for. If you’re looking to send email campaigns with offers to people who haven’t stayed at your hotel previously, these people must have consented willingly to being communicated with.
One example is enquiry forms with a checkbox to receive a newsletter with your hotel’s offers should not be ticked by default, assuming that unless the user selects this they do not wish to opt in to your promotional email messages.
What can your hotel do to keep your guest database intact?
Hotels must have regained consent from prospective guests they’re currently sending promotional emails to – and it will need to be clearly explained what content they will receive and how their data will be used.
One way to do this, is for hotels to run a campaign seeking permission to email prospective guests and ask them to opt-in to promotional communications.
This can actually be a positive way to cleanse databases of disengaged contacts and increase your future email conversion rates.
Here’s what you should include in the initial email of these permission pass campaigns:
Why you are emailing the contact
A valuable reason for them to opt-in
What they will continue to receive if they do opt-in
A link to re-subscribe
An option to unsubscribe and have their data removed
A sign-off from a real person such as your general manager
You should always A/B test your email, trying different variations to see what will garner the most success.
And a last chance follow-up email should be sent, reiterating what was stated in your initial communication, to the people who did not respond. They’ll need a reminder.
You will also need to review and update your privacy statement to comply with GDPR requirements. Is the content in your privacy statement difficult to read? Or are you purposefully using terminology so that potential guests are not clear about what they’re signing up for? If so, rewrite it and make it clearer.
Privacy policy templates are readily available for free online if your hotel website doesn’t have one already. If you think it needs rewriting to comply with the GDPR, SEQ Legal provides a free template privacy policy, subject to certain conditions. You can read more on that template here.
HTTPS website data security for hotels
Creating a safe hotel website experience should be treated as a duty of care for your guests; can you imagine the consequences of a traveller being defrauded via your website? There’s also the very real danger of travellers abandoning or not even landing on your homepage in the first place.
The majority of websites use SSL encryption to protect any data that’s transmitted between a website and a shopper.
The SSL encryption requires a secure form of communication between a website and the consumer, known as HTTPS – where the ‘s’ stands for secure. This is indicated to the user in the URL which displays ‘https’ in place of the standard ‘http’.
It also shows the padlock symbol on the left-hand side of the URL bar which reassures people their data is secure when entering bank details or viewing their account online. It looks like this…
What does it mean for your hotel’s website? Basically, Google shows a huge bias towards websites that are HTTPS secure. In fact, if your website isn’t secure, Chrome will actively warn users it isn’t safe and could even restrict access to your website pages.
The reality is at some point you will probably collect data from visitors, even if it’s just an email address. It’s also been proven that HTTPS sites will load faster than HTTP, another factor influencing user experience.
Surveys say 84% of users would abandon a purchase if data was sent over an insecure connection, and a large majority are concerned about their data being intercepted or misused online. So, if you’re a hotelier that wants to convert direct bookings and maintain a high ranking on Google’s search results, it’s vital you’re HTTPS secure.
In the psychology of a prospective guest, seeing that little green padlock will give them peace of mind and an immediate sense of trust in your hotel business.
How to make a website HTTPS secure
The steps to follow when migrating your website to be HTTPS secure include:
1. Host your website with a dedicated IP address
With a dedicated IP, you ensure that the traffic going to that IP address is only going to your website and no one else’s.
2. Buy an SSL certificate
An SSL certificate will prove your website is your website. When people visit your site via HTTPS that password is checked, and if it matches, it automatically verifies that your website is who you say it is.
3. Activate the certificate
Your web host may do this step for you – check with them before proceeding. This can get complicated and if you can wait 1-2 days it may be best to let them do it.
4. Install the certificate
When installing an SSL certificate on a hotel website, the approach will largely depend on your hosting environment and server software, which is particularly vital for ensuring guest data security and trust in your online booking systems. Here’s how you might proceed in different scenarios:
Installation on shared hosting: If your hotel website is on shared hosting (a common option for smaller hotels), log in to your hosting control panel (like cPanel). Find the SSL/TLS section and follow the steps to upload your new SSL certificate.
Installation on dedicated/VPS hosting: For larger hotels with dedicated servers, you’ll need to access your server through SSH (a secure network protocol). Upload the SSL certificate files to your server and configure your web server (like Apache or Nginx) to use these files. This might require some technical know-how or assistance from your IT team.
For managed or cloud-based hosting: If your website is on a cloud platform (like AWS) or managed hosting, you’ll typically use their interface to upload and activate your SSL certificate.
5. Update your site to use HTTPS
At this point if you go to https://yoursite.com you should see it load! Congrats, you’ve successfully installed SSL and enabled the HTTPS protocol. Keep in mind that you only need to protect a few pages, such as your login or checkout.
If you enable HTTPS on pages where the user isn’t submitting sensitive data, it’s just wasting encryption processing and slowing down the experience
One of the easiest ways to ensure your website is secure, along with many other benefits, is to invest in a professional website builder tool. These solutions will automatically come with secure encryption and will also help you maintain a functional, SEO-friendly, and charming hotel website.
The beauty of using a customisable website builder is that you’ll have your brand new website within days and it will automatically keep up with Google’s updates as time goes by.
The rise of the hotel credit card breach
Statistics show that 74% of travellers from the US alone make use of credit cards while travelling – citing convenience, theft protection, and easier tracking of purchases as the top reasons.
According to data from payment systems industry information provider Nilson, credit card use in the US jumped 42% from 2012 to 2018, accounting for US $120 billion in transactions.
Unfortunately, these transactions are vulnerable to cyber-criminals who specifically target travellers with disposable incomes. Indeed, hotels are an active hotspot for credit card fraud; according to a study by Trustwave’s SpiderLabs, of 218 data breach investigations from 24 countries, 38% of the attacks occurred on hotels and, of the data stolen, 98% was credit card information.
How hotels can avoid credit card fraud
With so much travel now being booked online – and through a variety of channels – the opportunity for hotels to increase sales is getting bigger all the time. However, it also creates challenges in making sure customer payment data is protected and that no breach occurs at the hands of hackers or fraudsters.
The vast majority of security compromises (91%) occur at point-of-sale systems and are most often Card Not Present (CNP) fraud.
Because CNP transactions are so prevalent in the travel industry and much information is exchanged between hotel and customer, it’s important to know when you might be at risk and how to prevent any data breaches from happening. Since guests expect a hotel to be a safe place to escape to, even a single instance of failing to protect a customer’s data could have huge ramifications on your reputation and finances.
Here’s what to look out for:
1. Hurried purchases
It’s common for fraudsters to contact you in a panic, wanting to rush to set up their accommodation.
It’s important you don’t get flustered. Take the adequate time to verify their credit card, passport details, and other relevant documents to make sure they’re genuinely are who they say they are.
Take the adequate time to verify credit cards, passport details, and other relevant documents to make sure people genuinely are who they say they are.
2. First-time guests
It makes sense to be more cautious of people who haven’t booked with you before. With regular customers you can build a relationship and learn their purchase habits.
Be aware of a first-time customer who contacts you online to make a large purchase. Collect all the necessary verification information. For greater security, adopt a payment solution that is designed to capture transaction data in an intelligent manner.
3. Purchaser location
These days many fraudsters have become adept at hiding their true location and stopping themselves being tracked.
If you do have suspicions about a customer, do everything you can to verify their legitimacy, including calling and emailing them to collect data and confirm their identity.
4. Inconsistent addresses
One of the biggest warnings that everything is not what it seems is when someone wants to use different addresses for billing and shipping, which may not apply as strongly to hotels but is very relevant for the travel industry in general.
Given 15 million online hotel reservations are made on bogus third-party sites every year, travellers and guests are on high alert about being scammed.
These rogue websites trick people into thinking they’re reserving directly with their hotel of choice then go on to steal their information and money.
Let’s go through what it is, what it may look like, and how to prevent your hotel falling victim to email scams and phishing.
What is a phishing scam?
As the name suggests, phishing is quite similar to ‘fishing’ although far more malevolent.
Whoever the phisher or hacker is attempts to lure their target into opening a malicious download, clicking on fake links, or entering personal information in order to steal data or identities. The end goal, of course, is to make money at someone else’s expense.
In the case of a business like your hotel, the most common form of phishing would come via email. Likely to be posing as a friend, co-worker, manager, or trusted company the email would make a seemingly reasonable request to open an attachment or verify information but would then infect your computer and capture valuable data.
Example of phishing scam
Often a phishing email will look very similar to a normal email you would expect to receive, which is why people can get caught out. Usually the email subject will be around changing a password, discussing transactions, updating information, important notifications etc.
Consider this example of a phishing email from scammers posing as eBay:
Seems perfectly legitimate at first glance but it’s hiding some concerning secrets.
Here are some clues that may indicate this is a phishing email:
It’s simply addressed to ‘sir’, rather than anyone in particular
The threat of account suspension – if eBay truly believed the account was being used for fraud they would suspend it immediately
Spelling and grammar errors – note ‘advise’ is misspelled as ‘advice’. Phishing emails commonly contain errors like this
The link reveals itself to be a fake website if you hover over it, instead of clicking it
You should also carefully check the incoming email address. Sometimes it’s complete nonsense, but often it will closely mimic the real address it’s passing itself off as.
Looking for these clues will help your hotel to avoid being caught by these online scams.
How to prevent email phishing attacks at your hotel
It’s particularly important you keep your data safe as a security compromise could also endanger the information of your guests, which could do catastrophic damage to your hotel’s reputation and brand image.
There’s a whole range of actions you can take to reduce the amount of phishing emails you receive, and also how to make sure you delete them immediately if they make it to your inbox.
Here’s a list of preventative measures for any email you suspect might be fake:
Ensure anti-spyware, anti-virus, and anti-malware tools are installed and up-to-date on your systems
Make sure all your applications are regularly updated
Check the spelling and grammar of emails you receive
Test links and attachments before opening them
Pay close attention to email addresses and the specificity of email content – authentic emails will include your name, account information/numbers etc.
Be wary of fake login screens trying to capture information – the website URL will not be legitimate
Run an education session for all hotel employees, since less informed staff members may take the bait
Once you know how to spot general phishing emails you should be relatively safe from harm.
There are more complex attacks, known as ‘spear phishing’, which target high profile figures (whales) such as celebrities, but these should affect your hotel far less.
How can cyber security threats in the hospitality industry be avoided
No hotel is too big or small to be a target. In fact, smaller independent properties may be even more vulnerable to attack, and less able to bounce back from the loss of reputation and damages paid.
It’s not enough to have an SSL certificate on your website, or rely solely on third-party payment services such as Paypal or Google Checkout to handle your guests’ credit card security. Each program you use must be securely locked down.
After all, sensitive data can be intercepted at any point in your guests’ booking process. For example, if your online booking system vendor is not PCI DSS compliant, a wayward employee could easily decide to steal credit card data. This is why the standard was invented.
Furthermore, allowing your guests to pay securely helps to stop abandoned website bookings. Worldpay reports that nearly one in five online shoppers have dropped out of online travel bookings because of security concerns around payment.
If you are not actively protecting your guests credit card data, you are putting your business and customers at serious risk.
1. Keep your devices and systems up-to-date
One of the biggest risks to security is allowing your devices and systems to go too long without updates and software patches intended to improve and keep them safe. This makes them much more vulnerable to attack from hackers.
2. Regularly backup your data
The updates issued by your software providers are designed to protect you so it’s important to set your computers to automatically accept and install them periodically.
To eliminate the risk of losing data or having it irretrievably damaged, it’s essential to make a habit of backing it up. This will include financial records, business plans, customer data, personal information etc. Backing up your data is generally easy and cost-effective, meaning there’s no excuse not to do it.
Here’s a recommended strategy:
Daily backups to a portable device and/or cloud storage service
Weekly server backups
Quarterly server backups
Yearly server backups
3. Protect against malware and viruses
Often emails, pop-ups, fake accounts and profiles, and actual hackers will try to infect your computer and other devices with software designed to cripple your business or steal from you. Regularly check your bank and billing records to make sure this isn’t happening.
It’s important to install antivirus and anti-spyware and always update when prompted. Additionally you should keep track of all the equipment used by your business and who uses it.
Educate all your employees on the risks and best practices, and never allow them to take sensitive material home with them, or use personal devices for work purposes.
4. Prioritise password security
Some easy-to-remember tips here include frequently updating your passwords, never use the same password for everything, and use unique passwords.
Once a hacker has used one password, every account you own could be under attack if you’ve always used the same one. The same goes if you’re using weak passwords that are easily guessed. The best idea is to change your passwords every few months.
Do not reuse passwords on different business-related accounts. Ideally, use a different, complex password for each online account you have where you have sensitive customer or financial data processed.
5. Know when to trust your software provider
It’s vital that you don’t take every correspondence with your hotel technology providers at face value. Phishing emails are very good at seeming legitimate when in fact they’re fake emails trying to steal information.
So if your provider sends an email they have never sent before, there could be a good reason not to trust it.
6. Use different emails
Try not to use an email address listed on your site as your online system login or username. That potentially makes it easier for a hacker to identify you as their target.
Don’t use email accounts shared between employees, for example [email protected], to log in to any online platforms and solutions. If an employee is accidentally careless online with the shared password, it can make you that much easier to hack.
How SiteMinder helps with cyber security for the hotel industry
Data and security breaches in the hotel industry are incredibly serious and have been too common for comfort in recent years. Whether it’s been major brands like Marriott and Hilton, or software providers such as Prestige, large amounts of information and data has been exposed, resulting in the risk of it being stolen or exploited.
Being the industry’s leading tech provider, SiteMinder places extreme focus on the security and stability of its platform, ensuring the data of its hotel customers and the hotel’s guests is safe at all times.
Here are 10 measures SiteMinder makes so your hospitality business can feel assured.
SiteMinder has full Payment Card Industry Data Security Standards (PCI DSS) compliance, minimising payment card fraud and hacking.
SiteMinder is completely General Data Protection Regulation (GDPR) compliant, to ensure the safety of data belonging to EU residents.
SiteMinder has implemented over 350+ security controls to maintain our certifications and we continue to improve in other key areas across our corporate systems.
SiteMinder products are hosted on Amazon Web Services (AWS). The AWS environment maintains multiple security certifications, including ISO 27001, PCI DSS and SOC.
SiteMinder engages respected external security firms to perform regular audits of the products to verify that our security practices are sound and to monitor for new vulnerabilities.
All SiteMinder staff undertake privacy and security training.
SiteMinder employs stringent security to physical premises and access to physical premises is restricted.
All SiteMinder computer hardware is password protected, with encryption and default security firewalls in place to ensure data is always secure.
SiteMinder has detailed protocols in place to monitor and respond to any data breaches which happen on our systems as soon as practicable after they arise.
SiteMinder’s capabilities are measured against the NIST Cybersecurity Framework.
Improve cyber security measures in your hotel and optimise your time with SiteMinder
Elevate your hotel’s cyber security and streamline your operations effortlessly with SiteMinder, a leading-edge hotel management software dedicated to safeguarding guest data and enhancing operational efficiency.
Here’s how we can help boost your revenue and keep your customer data safe
Enhanced data security: SiteMinder’s robust security protocols ensure the utmost protection of your guests’ personal and payment information. With industry-leading encryption and continuous security updates, our platform guards against data breaches, providing peace of mind for both hoteliers and guests.
Streamlined operations: Streamline your hotel’s operational processes with SiteMinder’s intuitive interface. Our platform simplifies booking management, room allocation, and rate adjustments, allowing you to focus more on guest experience and less on administrative tasks.
Increased revenue opportunities: Unlock new revenue streams with SiteMinder’s powerful analytics and market insights. Understand guest preferences and booking trends to tailor your offerings, optimise pricing strategies, and maximise occupancy rates.
SiteMinder Limited (ASX:SDR) is the name behind SiteMinder, the only software platform that unlocks the full revenue potential of hotels, and Little Hotelier, an all-in-one hotel management software that makes the lives of small accommodation providers easier. The global company is headquartered in Sydney with offices in Bangalore, Bangkok, Barcelona, Berlin, Dallas, Galway, London and Manila. Through its technology and the largest partner ecosystem in the global hotel industry, SiteMinder generates more than 115 million reservations worth over US$45 billion in revenue for its hotel customers each year. For more information, visit siteminder.com.
NEW YORK — The Dow Jones Industrial Average topped the 40,000 level for the first time Thursday, as U.S. stocks drifted around their records set a day before.
The Dow was up 69 points, or 0.2%, at 39,967, in afternoon trading. It topped 40,000 earlier in trading, making its last leap of 10,000 points in about three and a half years, as the U.S. economy and corporate profits crawled out of the crash caused COVID-19. They’ve continued to hold up so far despite the worst inflation in decades, the punishing effects of high interest rates and worries about a recession that seemed inevitable but hasn’t arrived.
The S&P 500 index, which is much more widely followed on Wall Street and dictates the performance of many more 401(k) accounts than the Dow, was 0.1% higher, as of 1:22 p.m. Eastern time. The Nasdaq composite was down 0.1%. They had rallied on Wednesday to all-time highs.
Walmart was one of the strongest forces lifting the market, and it rose 6.5% after reporting stronger profit for the latest quarter than analysts expected. It also said its revenue for the year could top the forecasted range it had earlier given.
Walmart’s strength could be an encouraging signal for the broader economy. Worries have been rising about whether U.S. households can keep up with still-high inflation, even if it’s not as bad as before, and more expensive credit-card payments, particularly those making lower incomes.
Target, which reports its quarterly results next week, climbed following Walmart’s report, along with other retailers like Dollar General and Dollar Tree. Each added at least 2.9%.
Chubb climbed 4.2% after Warren Buffett’s Berkshire Hathaway disclosed it had built an ownership stake in the insurer.
Stronger-than-expected profit reports have been one of the main reasons U.S. stock indexes jumped through May to records following a tough April. Another has been revived hopes that the Federal Reserve will be able to cut its main interest rate at least once or twice this year. The Fed has been keeping its federal funds rate at the highest level in more than two decades.
A string of worse-than-expected reports on inflation at the start of the year had put the potential for such cuts in jeopardy, but some more encouraging data has since arrived.
Treasury yields have eased in May as hopes rose that the economy could hit the hoped-for sweet spot, where it cools enough because of high interest rates to stifle inflation but not so much that it causes a bad recession. Yields were edging higher Thursday following some mixed data on the economy.
One report showed slightly more workers applied for unemployment benefits last week than economists expected, though the number remains low compared with history. Others said homebuilders broke ground on fewer projects last month than expected, manufacturing growth in the mid-Atlantic region was weaker than hoped and import prices rose more than forecast.
“Today’s numbers were in line with the overall theme of the week — nothing dramatic, but showing signs of a steady-to-cooling economy,” said Chris Larkin, managing director, trading and investing, at E-Trade from Morgan Stanley.
The yield on the 10-year Treasury ticked up to 4.37% from 4.35% late Wednesday. The two-year yield, which moves more closely with expectations for action by the Fed, rose to 4.78% from 4.72%.
On the losing end of Wall Street, Deere fell 4% despite reporting stronger profit for its latest quarter than expected. It cut its forecast for profit over the full fiscal year below analysts’ estimates, as farmers buy fewer tractors and other equipment.
Homebuilders fell following the weaker-than-expected report on housing starts. They gave back some of their big gains the day before, when hopes for lower mortgage rates had sent them sharply higher. Lennar fell 2.1%, and D.R. Horton slipped 2.5%.
GameStop and AMC Entertainment slid for a second straight day, pulling back further from their jaw-dropping starts to the week. They’ve been moving more on excitement drummed up by investors than any changes to their financial prospects.
GameStop fell 20.72%, though it’s still up nearly 80% for the week so far. AMC Entertainment lost 10%.
Under Armour swung between losses and gains after it warned that its revenue will be likely down by “a low double-digit percentage rate” this upcoming fiscal year, citing weaker demand from wholesalers and “inconsistent execution across our business.” The company announced a restructuring plan to cut costs and also announced a program to buy back up to $500 million of its stock. It was down 0.6%.
In stock markets abroad, indexes were modestly lower in much of Europe after mostly rising in Asia. Hong Kong’s Hang Seng jumped 1.6% after reopening following a holiday, while Japan’s Nikkei 225 rose 1.4%.
___
AP Business Writers Matt Ott and Elaine Kurtenbach contributed.
HONG KONG — Asian stocks were mostly higher on Wednesday after a rally on Wall Street that took the Nasdaq composite index to a record high.
A report Tuesday showed that prices remain stubbornly high at the wholesale level in the United States, before many price changes are passed along to consumers, with the producer price index reading for April reaching 0.5%, higher than forecast.
The rate of inflation has been ticking higher in 2024, raising concerns that the Federal Reserve could have a hard time taming inflation to its goal of 2%.
But investors were reassured by comments made by Fed Chair Jerome Powell. Speaking at a panel discussion in Amsterdam on Tuesday, he reaffirmed that the U.S. central bank won’t likely raise its key interest rate to respond to stubborn inflation. But he also said that his confidence that inflation will ease is “not as high as it was” because price increases have been persistently hot in the first three months of this year.
A bigger test for markets comes later Wednesday, when the U.S. will release its monthly update on consumer prices, or inflation faced by households. Economists expect the consumer price index to ease to 3.4% in April on a year-over-year basis.
In Asian trading, Tokyo’s Nikkei 225 index climbed 0.4% to 38,491.15 and Australia’s S&P/ASX 200 advanced 0.4% to 7,760.40.
In China, the Shanghai Composite index slipped 0.4% to 3,133.47 after the central bank kept a key lending rate unchanged Wednesday, signaling Beijing’s focus on maintaining monetary stability.
Elsewhere, Taiwan’s Taiex gained 1.4% and in Bangkok the SET was virtually unchanged.
Markets in South Korea and Hong Kong were closed for a holiday.
On Tuesday, the S&P 500 index rose 0.5% to 5,246.68, and the Dow Jones Industrial Average rose 0.3% to 39,558.11.
The Nasdaq composite, which is heavily influenced by technology stocks, jumped 0.8% to 16,511.18. The tech sector has been a driving force for much of the broader market’s gains this year.
Several “meme” stocks, including GameStop and AMC Entertainment, raced higher in a reprise of the social-media driven frenzy of three years ago. GameStop jumped 60.1% and AMC rose 32%. Both stocks gave back much of their gains from earlier in the day.
Bond yields edged lower. The yield on the 10-year Treasury slipped to 4.44% from 4.49% late Monday.
Investors have been curtailing their expectations for the speed and frequency of interest rate cuts this year as inflation remains hotter than expected. Traders are betting on one or two rate cuts this year, according to data from CME Group.
Wall Street is still hoping the Fed can pull off its “soft landing,” where high interest rates work to cool inflation without slowing the economy into a recession. The economy remains strong, but consumers might be showing signs of fatigue under the weight of stubborn inflation. Economists expect a retail sales report on Wednesday to show that consumer spending softened in April, just as it has over the last several months.
In other trading, benchmark U.S. crude added 72 cents to $78.74 a barrel in electronic trading on the New York Mercantile Exchange. Brent crude, the international standard, rose 65 cents to $83.03 a barrel.
In currency trading, the U.S. dollar slipped to 156.38 Japanese yen from 156.42 yen. The euro cost $1.0824, up from $1.0820.