According to Hospitality Technology’s 2014 Customer Engagement Technology Study, 80 percent of hotels plan to have a mobile app by the end of 2015 and 49 percent will focus on developing tablet-based check-in in 2015. According to the report, large brands are leading the way: Marriott has implemented mobile check-in and check-out at 500 hotels and Starwood is piloting the use of smartphones as room keys.
Technology that appeals to customers either because of convenience and or modernity can translate into new business opportunities and increased loyalty from existing customers. As with other enterprises, mobile platforms and devices used by hotels to support guests add IT complexity.
Hospitality IT Risks Rising
IT organizations that support hotels are tasked not only with supporting geographically dispersed computers and mobile devices, but also POS systems and kiosks, which may be unattended. In large chains these systems may be spread across the globe and hundreds of networks, and most hotel corporations require frequent support from third party vendors. To make support even more challenging, hospitality organizations are prime targets for cybercriminals.
According to the 2014 Global Security Report by Trustwave Spiderlabs, the retail, food & beverage, and hospitality industries were the top three targets in reported data breaches in 2013. The report showed that across all industries, one in 10 hospitality companies surveyed were compromised. But despite the loss of money and customer trust that result from compromised payment data, many companies are failing to defend against even relatively simple hacking methods.
Some of these methods exploit remote control tools to gain access. The 2014 Verizon Data Breach Investigations Report found that third party-hosted desktop sharing and point-to-point remote access tools were the two leading hacking vectors used for POS data breaches.
To reduce operating expenses, many companies outsource some or all of their IT support functions to third-party providers. While outsourcing provides efficiency gains and benefits the bottom line, it can also introduce serious vulnerabilities if the outsourcer is using unsecured tools or practices. The Trustwave Report also found that in 63 percent of data breaches a major component of IT support was outsourced to a third party. Additionally, the report stated the tools commonly used by outsourced IT support to access a company’s network—RDP, pcAnywhere and VNC for example—are the chief way hackers are infiltrating systems.
Because many hospitality organizations aren't aware of the security risks posed by these tools, they may not think to ascertain what solutions their third-party providers are utilizing on their behalf and if they’re following security best practices. For example, it’s not uncommon for IT outsourcers to share logins and passwords across technicians to avoid purchasing multiple licenses. Not only does this make it easy for hackers to guess and exploit these credentials, it also means former employees often still have access to the tools. Particularly in a high turnover industry like IT outsourcing, this can introduce a serious security vulnerability.
Detection is another element of concern. The overwhelming majority of data breach victims do not detect a data breach themselves. In two recent retail cases—the Home Depot breach and the 2011 breach of a Subway franchise—the breach was ongoing for months and years, respectively, before these retailers became aware that hackers had remotely infiltrated the system. The incidents are examples of the importance of frequently auditing and monitoring how remote access is being utilized—and by whom. Modern solutions enable organizations to capture audit logs and video recordings of all remote access activity, and also implement policies and guidelines around when external groups can access which systems and when.
Vendor Access Issues
Third-party groups—including service providers, contractors and vendors—need access to corporate networks to conduct essential business and IT operations. However, this access should not be as simple as “on” or “off.” To protect against security threats, organizations must be in control of centralized vendor access pathways allowing them to enforce access control policies and monitor and record all third-party activity.
Even when an organization’s vendors are utilizing modern remote access tools, central control over access remains essential.
Vendors will often use simple or shared login credentials with no multi-factor requirement, making them an easy target for hackers with keystroke loggers. Once hackers have legitimate credentials for the remote access system, they can pose as a legitimate support technician and potentially gain direct access to remote systems available to that account. From there, experienced cyber criminals often know how to use malware and other tactics to navigate from that individual system to the rest of the corporate network. This puts the entire company at risk of a major data breach, which can be catastrophic for a brand.
In addition to consolidating and centralizing remote access solutions, hospitality organizations should block access from any unapproved tools. Companies should also require that every individual who accesses the network use unique credentials and multi-factor authentication. This will not only make it difficult for a hacker to use stolen vendor credentials, but also improve compliance with regulations concerning payment information and personal data.
Protecting IT networks with secure remote access
Hospitality IT departments are responsible for efficiently supporting all of their systems and networks without opening the door to hackers. They also need the ability to support devices, servers and other elements of the IT network remotely, as cost, timing and distance all present challenges for on-site IT visits.
A secure remote access solution such as Bomgar allows hotels and hotel chains to gain a number of advantages. Bomgar is an appliance-based remote support solution that allows IT to access and fix nearly any system or device, anywhere, while keeping sensitive data behind the customer’s own secure firewall. Some of the benefits include:
- Efficiency - IT service desks can remotely access and fix nearly any computing device, from laptops to smartphones to POS systems, whether down the hall or on the other side of the world, eliminating costly on-site visits.
- Multi-platform flexibility - Reps can provide support to Windows, Mac and Linux systems as well as iOS, Android, BlackBerry and Windows Mobile devices.
- Mobility - Reps can provide support from their own iPad, iPhone and Android devices—keeping them productive even when away from the help desk.
- Security - Session access and data never passes through a third-party server, ensuring sensitive customer and payment data stays safe and the organization remains compliant with regulations, such as PCI. Bomgar also offers integrations with identity management systems, allowing the organization to greatly reduce the chance of hackers accessing systems through stolen or easily guessed credentials.
- Vendor access control - Ensure secure, auditable, cross-platform remote access to vendors who need to regularly access IT systems. Reps can monitor and report on all vendor activity by both internal and external individuals.
The flexibility provided by a secure remote access solution can help hotels make the strides necessary to complete their transition into a technology-friendly environment for guests, while also ensuring that the devices and IT network serving as the bedrock of this technology-based relationship operates as seamlessly and securely as possible.