How Hoteliers Can Protect Against USB Attacks
August 10, 2016 1:23pm
By Jeff Parker – Vice President of Hotel Technology, Interstate Hotels & Resorts
You might be your hotel’s biggest problem.
ALMOST ALL ATTACKS are traced back to Human Errors, the Villains are trying to trick you into letting them into your network, and they are really smart.
While the recent news feels like it, the hospitality sector is not the only target for the villains that are unleashing viruses and other malicious software on. One of the latest attack vectors are USB drives. We have heard of malicious persons sending a marketing piece in the mail with a USB drive with additional information. The unsuspecting user inserts the drive into their computer and POOF the computer is now ‘owned’ by the hackers. I know that I have personally seen many promotional packages delivered with a USB drive or a CD, some even have sent small digital photo frames or MP3 players that you can load by connecting to your computer.
At the end of the day, all of these attacks can prevent your hotel from checking in guests, posting revenue or even making a reservation. The worst case is they infiltrate your systems and get personally identifiable information from your staff and guests.
The Newest Scourge of the Malicious Software world is Cryptolocker and other Ransom-Ware Trojan horse programs. These programs are used to take all of the data on a computer and encrypt it. This renders the user’s data inaccessible and in most cases the user is forced to pay the ransom to get the data back.
The other typical USB threats are Keyloggers\usage Trackers and Remote Access Software, though there are others.
KeyLoggers and Usage Trackers are programs that record what a person is doing on a computer, including passwords, sites accesses and reports that are run. Some ‘phone-home’ while others just write to local storage and then are retrieved later. There have been reports of theft rings where a front desk agent is hired, places a USB device on the back of a computer when they have a chance, allows it to collect information for months and then retrieves the device and quits. The impact of the stolen data can be lead to further attacks on systems.
Remote Access software allows a hacker to connect to a computer from anywhere. From this launching point they can access computer systems and networks. Once they are in your systems, it takes them little time to have free reign, and often install back doors and other access points, so even if the first attack is thwarted, the criminals are in for the long war.
How to you protect yourself, and your business?
1) Do everything you can to block foreign USB drives on your systems. There are several great software packages to do this, but sometime it is best to go with a physical lock.
2) Team your team not to connect USB drives other than ones that they have specific knowledge of where it came from and where it has been.
3) Partner with a software provider to filter the internet, you will want one that keeps up with a daily updated list of threats and blocks those sites.
4) Protect your company email, everything in and out should be scanned and sanitized.
5) Use the internet filtering and email filtering software to Whitelist Executables, meaning only allow programs through your email and network that are specifically approved for download or updates. Start with blocking everything, then add as needed the programs that are essential for your business to operate. Does this mean that your team will have to vet every program? Yes, but that is the point! A little extra overhead beats a data breach.
6) Block personal email, many of the villains use emails to get into your systems. Most corporate email systems have pretty good protection, but personal accounts are often unprotected, or under-protected. If you can prevent personal email, you will be in a much better situation from an exposure standpoint.
7) Have a strict password policy, not just for hotel staff, but for vendor accounts and any account with administrator access. These passwords should be changed every 90 days, be at least eight characters and include Numbers, Capitol Letters, Lower Case Letters and Symbols.
With some easy controls, and a little due diligence you can prevent many of these attacks.
Article courtesy of AH&LA
Tags: usb attack,
Parker is a nationally recognized leader in data security; notably with relation to PCI compliance.
He holds a bachelor’s degree in Technical Communications from Metropolitan State College of Denver and has been working in the industry for over 28 years.
Guests At The Greenwich Hotel Have A New Way To Get In Touch With The Front Desk
How Hotel Technology Helps This Historic Hudson Valley Inn Do Everything From Feeding Their Geese to Turning Their Rooms
The Big Hotel Technology Debate: One-Stop Shop vs. Best-of-Breed
HEBS Digital Wins 5 WebAwards for Industry-Leading Technology and Design
How to Keep the Heart of Your Hotel Beating
Hotel Technology: PMS More "Slow and Quiet" Than "Fast and Furious"
Pegasus Solutions Announces Two New Executive Hires
The Next 12 Months in Hotel Tech
INTEREL Secures €10m Growth Capital to Fuel Expansion of its Internet of Things (IoT) Solutions for the Hospitality Industry
ALICE Announces Acquisition of GoConcierge
ALICE Raises $26 Million Series B Funding from Expedia, Inc.
Use This Technology to Ensure a Seamless Post-Stay Guest Experience
Hoperator Launches Messaging Guest Relations Manager
StayNTouch Reveals 7 Questions to Ask Every Hotel Technology Provider Before You Say YES! [CHECKLIST]
Intelity Asks: 'Are You Embracing Modern Technology?'
The Insider's Guide to HITEC
Why Do Companies Give up on Customer Service as They Grow?
Hotel Technology Liberates a Front Desk Staff Constrained by Emails and Walkie-Talkies
Embracing New Technologies and Hotel Security in Our World Today
Optimizing Your Online Channels: 9 Proven Ways to Make OTAs Work for You
Please login or register to post a comment.