HMI Autumn 2025

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

Secure & connected

Stolen data from a hotel breach can quickly go for sale on the dark web.

social engineering techniques to compromise a third- party IT vendor’s system, through which they accessed the Caesars loyalty programme database. The lesson that emerges from this is that threats are both technological and human in nature. Anything that opens a crack in a system’s defences – be it a sophisticated piece of malware, an easily duped employee, or a stolen password – can lead to major data breaches.

The attack surface of hotel technology is large. The technology stack has many touchpoints – laptops, mobile phones, PCs, POS machines, Wi-Fi routers, and many other devices have routes into the IoT framework and, therefore, into data repositories. Any one of them can provide an entry point for a cybercriminal. With larger organisations, data is frequently held in centralised data warehouses, so a breach in any one property can expose data across the whole organisation and all its brands and properties. A case in point is the hacking of Starwood Hotels that came to light in 2018, which opened access to the records of 500 million across the Marriott International group, which had bought Starwood two years earlier.

Sealing the breach With so many ways in, how can hotels prevent attackers from gaining access to sensitive data and dragging a brand’s good name through the mud? Sadly, there is no simple answer. Every kind of attack requires careful attention. When it comes to technology, POS systems are the most hacked in hotels, and the risk here is that they hold credit card data and personal information through payment processor gateways. Credit card issuers can shoulder some of the burden, and many have ramped up their security protocols over the years, but hotels must ensure that passwords are strong, remote access is tightly controlled, and any device attached to the system is checked for malware. Personal data theft over Wi-Fi systems is a growing problem, as wireless internet access is now a given for

18

all guests. Most public Wi-Fi networks are very insecure, so strong security measures such as using virtual private networks (VPNs), enabling firewalls, and diligently updating software are essential. Human monitoring for suspicious activity and educating guests on safe internet practices are also cumbersome but highly effective safeguards.

Phishing attacks – usually using scam emails – use links that, if clicked, download malware that can open up access to a hotel’s entire network. Related, but very different, are the vishing attacks, such as those used against MGM. The latter shows that hotel staff are often the biggest chink in an organisation’s armour. However complex the IT may be, there are software tools, access controls and security protocols that can seal most of the potential breaches. More difficult, however, is preventing failure due to human factors. Indeed, employees are often regarded as the most profound vulnerability in any cybersecurity assessment. People can be duped and distracted, they can be forgetful or frightened, and they can be careless in their choices. A weak password, a misplaced USB drive, a personal situation that is ripe for coercion – all these and more make people the weakest link in the chain. So, what can a hotel operator do beyond investing in the latest cybersecurity systems and hoping for the best?

Part of the answer lies in culture. Just as hotels must instil a culture of service to provide the best guest experience, so they must also drive home the importance of security to all employees at all levels of the organisation.

Human error will no doubt remain one of the biggest risks to cybersecurity, and even staff that have been highly trained can fall victim to social engineering attacks. Just as investment in new technologies for cybersecurity is essential, so is a process of continuous learning and adaptation regarding the human element, as new threats emerge. Investment in both the technical and the human element in cybersecurity is the only way forward – even though it does not come cheap. ●

www.hmi-online.com

DC Studio/Shutterstock.com

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37