In the current age of digital dominance, hospitality leaders are working to make a robust eCommerce journey available to guests from around the world, on any device, and for good reason. eCommerce accounted for nearly 20% of total retail sales in 2020 alone, and growth shows no sign of slowing down.
Unfortunately, as eCommerce grows, so does the threat of fraudulent activity, and cyber criminals are becoming increasingly more sophisticated. Last year alone, 86% of consumers fell victim to identity theft, and cybersecurity professionals report a new cyber attack every 39 seconds. On a larger scale, cybersecurity damages are projected to reach $10.5 trillion annually by 2025.
The volume of cybersecurity threats, combined with the modern consumer’s ever-increasing reliance on technology, makes it more crucial than ever before for operators to think ahead when it comes to safeguarding themselves and their guests in the digital realm. By taking a few actionable steps, operators can significantly reduce day-to-day threats and set their venues up for cyber-secure success.
A staggering 95% of cybersecurity breaches are due to human error. While it is wise (and highly recommended) to invest in technology systems to comprehensively protect your business, studies have shown that attackers often target the most vulnerable part of any company: its employees. Prioritizing the education of internal and external audiences – employees and guests – should be the first line of defense when it comes to thwarting attacks.
It’s important to make cybersecurity an ongoing conversation. And when it comes to guests, laying out the value proposition when a new system or protocol is implemented will be key. Make sure you take the time to think through “what’s in it for them” and communicate those benefits fully. Transparently explaining not only what is required, but also why new requirements work in guests’ ultimate favor, will ease communications and speed up guest buy-in of a new process.
Internally, hosting periodic, recurring training sessions helps keep employees abreast of the latest cyber threats, while encouraging them to become more invested in organizational security and to vigilantly identify fraudulent activity. (In many cases, a company’s IT partner can help facilitate these sessions.) An employee that is trained on how to spot a potential threat and report suspicious activity is an invaluable asset when it comes to maintaining cybersecurity on a corporate level.
As cyber-related crimes escalate in frequency and complexity, the best defense strategy is a proactive one. It’s imperative for an organization to know what is happening inside its network and learn how to anticipate if and when an attack could happen.
A skilled and competent IT team who is in-the-know on current trends and threats to security can greatly assist with making well-informed cybersecurity decisions – making sure the company’s infrastructure is sound and secure. In the event of a security breach, in-place protocols and previously agreed-upon processes will make a world of difference in managing or recovering from a malicious attack.
Invest in the Right Tech
Today, much of the business world is navigating unchartered territory as companies are now responsible for tracking guests’ COVID information, managing a remote workforce and dealing with staff turnover – sometimes, all at once. These challenges can lead to gaps in institutional knowledge and, ultimately, create new vulnerabilities for attackers to exploit.
Operators should consider taking a “defense-in-depth” approach when it comes to their venue’s cybersecurity – one through which a hacker would need to circumvent multiple layers of defensive mechanisms to infect a system or access sensitive data. In many cases, the most confidential data is the most valuable to attackers, so it’s imperative to make strategic investments in the right security tools and technology to mitigate these risks and keep operations running safely.
When exploring technology solutions for your venue, make sure you’re seeking out a solutions provider that maintains security best practices on behalf of its clients and offers “Software-as-a-Service” (SaaS) solutions. SaaS applications remove the need for hardware installation and maintenance – rather, providing simple and secure access via the internet – streamlining operations and boosting venue security in the process.
Cybersecurity threats are becoming increasingly more sophisticated, but fortunately there are a variety of actions you can take today to fortify your venue’s digital defenses. Be strategic, remain vigilant and remember – you’re not alone. With the right technology, proper training and clear communication, business leaders can effectively prevent and battle the threats that abound in our digital world.
About the Author
William Quinones leads the Information Security and Compliance programs at accesso. William has 17 years of Information Security experience, holds a B.S. in Information Systems Technology (cybersecurity specialization) and maintains the CISSP, CEH, CPT, CASP and PCIP certifications. William is also listed by CompTIA as a subject matter expert for his assistance in the development of the CompTIA PenTest+ certification exam.