Email Viruses Could Devastate
and sell your data to competitors or, worse, abuse
personal details of your guests
By Terence Ronson, Managing Director, PertLink / March 2004
With the increase in malicious emails infecting internet users worldwide, hoteliers might soon find themselves having to build “virtual moats” around their properties and position electronic guards at various checkpoints to avoid being hacked.
“So serious is the threat of malicious intrusion into one’s network or PC that just a single line of defence is definitely not good enough,” says Raymond Chu, product marketing manager with the advanced technologies group of Cisco Systems Asia Pacific.
In fact,some industry pundits claim that you can place a brand new PC on the internet and, within a few minutes, someone will try and hack into it. Now, that’s scary!
Almost every day, we hear of computer viruses that will cleverly attempt to masquerade themselves as something less sinister to try to outwit the less tech-savvy into lowering their often limited defences, or beat those we already have in place, so that they can worm their way through our networks and cause havoc.
This state-of-the-art form of terrorism is smarter and potentially more damaging to humanity than the type which brandishes a Kalashnikov. The malicious perpetrators of these viruses stealthily float around cyberspace at the speed of light – and their evil is not hindered by race, creed, religion or colour.
The list of aliases that these brats dream up is limitless, with some labelling themselves as, for example, a software patch from Microsoft “that you must immediately install to prevent hacking ”. In fact, that is exactly what they are attempting to achieve.
Most often when these damaging viruses get into our systems, they “harvest ” email addresses from local files and spoof the “from address ”. The aim is to lull us into a false sense of security when receiving emails from known senders.
Some may even attempt to download a “back door ” from a remote website, allowing them to easily get back into your machine undetected at a later date.
We used to think that passwords were the best thing since sliced bread when it came to protecting access to computers and data. To some extent, that still holds true.
But passwords are like toothbrushes, and should be changed every three months – but not with your birthday, pet’s name or favourite type of food. They should be at least eight digits in length, with a combination of letters and numbers [some people I know add in a few symbols for increased complexity].
Systems managers – through the effective use of operating systems – have the ability to force users to change passwords every so often. Do you know if this is set up on your system? When was the last time you were asked to change yours?
The establishment and enforcement of company policies plays a significant role when it comes to securing networks. For example,at the very basic level you need to know who and what has access to your networks and systems from inside and outside your hotel.
Don’t be so naive to believe that all attacks are external:disgruntled employees do exist,and they can all too easily infect your network with a virus.
It is not impossible for some unscrupulous individual to steal and sell your data to competitors or worse, abuse personal details of your guests.
Just imagine how valuable your guest history or corporate account information is on the open market – it needs to be protected, in the same way that your general cashier protects physical cash.
There have been many stories recently of rogue wireless-access points being surreptitiously connected to networks by staff, third-party engineers or intruders, which allow virtually undetected remote access to networks and siphoning of data.
In all honesty, can your security chief and information systems manager (ISM ) put their hands on their hearts and swear that these do not exist on your LAN (local-area network)?
Do they employ identity-management techniques which manage each and every LAN port to be 100% sure about what is plugged in?
If your hotel is connected to the outside world, I hope you have a computer “fire-wall”, and that stringent controls are in place to control what data can flow into and out of your property.
As responsible managers,do you know what type of data is blocked or allowed to pass through? Bear in mind that emails are not the only mechanism for viruses to penetrate your defences – instant messaging is another channel where viruses can slip in, and data can slip out without your knowledge.
While this technology can save communications costs and improve productivity, it could also be the vehicle used for acts of cyber-terrorism.
You must also consider what impact the guest broadband network has on the hotel. Do you allow your guests to download any file type they want, and visit any website they care to?
Can the guest who accesses your broad-band network see other guests on the network, or maybe the PCs on the hotel LAN? Have you checked with your ISM that, for added safety and security, each guestroom has been set up as a VLAN, meaning it’s a virtual independent network in its own right that cannot be seen or accessed by others?
“Remote access and teleworking are every day occurrences on networks and, by virtue of allowing such access to your networks, you are potentially opening yourself up to abuse,” says Cisco’s Chu.
“Do you have the policies, procedures and physical barriers in place to prevent unauthorised access?
“Remember that, if people can remotely access your network, they can also remotely access your data, and do with it what they want.”
If you want to sleep soundly at night, then you have to realise that network security is just as important as the physical security of your hotel.
“There has to be more emphasis placed upon network security,” says Chu. “Start by conducting a thorough audit of your defences and system policies. Look for the breaking points, and where there are risks.
“Consult with industry experts and seek their advice on such technologies as IDS (intrusion detection systems), IPS (intrusion prevention systems), firewalls and identity management techniques.”
Don ’t delay – the walls have ears.
Hotel Asia Pacific
158 Wong Uk Tsuen
Tel: +852 2882-7352
Fax: +852 2882-2461
|Also See||Chef In a Suit; Christian Abell explains why he hung up his chef's whites and put on a suit and tie to take over as F&B director at the JW Marriott Hong Kong / HOTEL Asia Pacific / February 2004|
|Asia Pacific Hotel Leaders Michael Issenberg, Miguel Ko, Patrick Imbardelli and Koos Klein Look at What Lies Ahead; The Greatest Challenge is Uncertainty / HOTEL Asia Pacific / January 2004|
|Senior Hotel Executives Are Scratching Their Heads Over an Annual Dilemma: What, if Any, Adjustments Should They Make to Next Year’s Payroll? / HOTEL Asia Pacific / December 2003|
|Why Indian Hotelier Jagsish Rai Sood Chose to Partner with Shangri-La to Operate His Latest Property in New Delhi / HOTEL Asia Pacific / December 2003|
|The World's Biggest Hotel Chains Planning Major Expansion in Asia; China Hotel Industry is the Certain Winner / HOTEL Asia Pacific / December 2003|
|K.P. Ho, Chairman of Asian-based Banyan Tree Hotels & Resorts, Discusses the Strategy Behind the Award Winning Brand; Building Banyan as Told to HOTEL Asia Pacific / November 2003|
|Patrick Imbardelli, InterContinental Hotel Group’s Managing Director for Asia Pacific, is ‘Divorcing’ Owners Who Don’t Fit In with the Group’s Values / Steve Shellum HOTEL Asia Pacific / November 2003|
|HOFEX Organisers Faced a Tough Choice When SARS Devastated Their Plans; Rescheduled Event Poised to Bounce Back in Hong Kong / November 2003|
|Terrorism: Who’s Liable? The Legal Status of Hotel Owners and Management Companies / Andrew MacGeogh, HOTEL Asia Pacific / October 2003|
|The Inside Story on How InterContinental Hong Kong Managing Director Jennifer Fox Teamed Up with Michelin Chef Alain Ducasse to Create a/ HOTEL Asia Pacific New Benchmark for Hotel Restaurants in Asia / Steve Shellum, HOTEL Asia Pacific / October 2003|
|Preview of the Wonderful and Wacky World of the W Seoul; Aiming to Break the Mould of Asia's Traditional Hotels / Steve Shellum, HOTEL Asia Pacific / October 2003|
|Chiller Replacement Project; How The Grand Hyatt Singapore Applied a Holistic Commercial View / HOTEL Asia Pacific / October 2003|
|Assessing Hotel Security; HOTEL Asia Pacific Magazine / Pertlink Re-Issue Hotel Security Checklist / August 2003|
|Pressure Cooking: Florian Trento, Executive Chef at the Peninsula Hong Kong, Explains How He and His Team Coped During the Bleakest Days of the SARs Crisis / HOTEL Asia Pacific / June 2003|
|Crisis Management: Could You Cope if the Unthinkable Happened / HOTEL Asia Pacific / June 2003|
|Back to Normal After SARS? Let’s Hope Not.../ HOTEL Asia Pacific / June 2003|
|Fighting Spirits! Rank-and-file Staff at Bali InterContinental Resort Talk About Their Hopes, Fears, Dreams / HOTEL Asia Pacific / April 2003|
|On the Chopping Block; Are You Prepared If You Get Your Marching Orders?/ HOTEL Asia Pacific / April 2003|
|Trevor Bilney, Executive Chef at the Bali InterContinental Resort, Fights Hard Since Last October 12; Keeps Morale Up and Costs Down / HOTEL Asia Pacific / March 2003|
|Hotels Stepping Up Security; Learning to Live with the Threat of Terrorism as Part of Conducting Everyday Business / HOTEL Asia Pacific Survey / March 2003|
|50% of Hoteliers Have Not Increased Investment in Security – More than a Year After the September 11 Attacks / HOTEL Asia Pacific Survey / December 2002|
|Security: Something No Hotel Can Ignore / Geoff Griswold / Summer 2002|
|Biometrics Lend a Hand to Hotel Security / Feb 2002|
|Hotels Near Airports Provide Better Safety and Security Features According to The Center for Hospitality Research - Cornell Hotel School / Dec 2002|