How Hoteliers Can Protect Against USB Attacks
August 10, 2016 1:23pm
By Jeff Parker – Vice President of Hotel Technology, Interstate Hotels & Resorts
You might be your hotel’s biggest problem.
ALMOST ALL ATTACKS are traced back to Human Errors, the Villains are trying to trick you into letting them into your network, and they are really smart.
While the recent news feels like it, the hospitality sector is not the only target for the villains that are unleashing viruses and other malicious software on. One of the latest attack vectors are USB drives. We have heard of malicious persons sending a marketing piece in the mail with a USB drive with additional information. The unsuspecting user inserts the drive into their computer and POOF the computer is now ‘owned’ by the hackers. I know that I have personally seen many promotional packages delivered with a USB drive or a CD, some even have sent small digital photo frames or MP3 players that you can load by connecting to your computer.
At the end of the day, all of these attacks can prevent your hotel from checking in guests, posting revenue or even making a reservation. The worst case is they infiltrate your systems and get personally identifiable information from your staff and guests.
The Newest Scourge of the Malicious Software world is Cryptolocker and other Ransom-Ware Trojan horse programs. These programs are used to take all of the data on a computer and encrypt it. This renders the user’s data inaccessible and in most cases the user is forced to pay the ransom to get the data back.
The other typical USB threats are Keyloggers\usage Trackers and Remote Access Software, though there are others.
KeyLoggers and Usage Trackers are programs that record what a person is doing on a computer, including passwords, sites accesses and reports that are run. Some ‘phone-home’ while others just write to local storage and then are retrieved later. There have been reports of theft rings where a front desk agent is hired, places a USB device on the back of a computer when they have a chance, allows it to collect information for months and then retrieves the device and quits. The impact of the stolen data can be lead to further attacks on systems.
Remote Access software allows a hacker to connect to a computer from anywhere. From this launching point they can access computer systems and networks. Once they are in your systems, it takes them little time to have free reign, and often install back doors and other access points, so even if the first attack is thwarted, the criminals are in for the long war.
How to you protect yourself, and your business?
1) Do everything you can to block foreign USB drives on your systems. There are several great software packages to do this, but sometime it is best to go with a physical lock.
2) Team your team not to connect USB drives other than ones that they have specific knowledge of where it came from and where it has been.
3) Partner with a software provider to filter the internet, you will want one that keeps up with a daily updated list of threats and blocks those sites.
4) Protect your company email, everything in and out should be scanned and sanitized.
5) Use the internet filtering and email filtering software to Whitelist Executables, meaning only allow programs through your email and network that are specifically approved for download or updates. Start with blocking everything, then add as needed the programs that are essential for your business to operate. Does this mean that your team will have to vet every program? Yes, but that is the point! A little extra overhead beats a data breach.
6) Block personal email, many of the villains use emails to get into your systems. Most corporate email systems have pretty good protection, but personal accounts are often unprotected, or under-protected. If you can prevent personal email, you will be in a much better situation from an exposure standpoint.
7) Have a strict password policy, not just for hotel staff, but for vendor accounts and any account with administrator access. These passwords should be changed every 90 days, be at least eight characters and include Numbers, Capitol Letters, Lower Case Letters and Symbols.
With some easy controls, and a little due diligence you can prevent many of these attacks.
Article courtesy of AH&LA
Tags: usb attack,
Parker is a nationally recognized leader in data security; notably with relation to PCI compliance.
He holds a bachelor’s degree in Technical Communications from Metropolitan State College of Denver and has been working in the industry for over 28 years.
Hotel Tech in 2018: Tools and Technologies to Remove Friction and Deliver Value
5 Ways Platforms Can Transform Your Hotel Operations
How a Small Guest Services Team Delivers Five-Star Service
Hotel Trends in Technology for 2018
Implementations Director Rafael Lozada Joins ALICE to Help Lead Next Stage of Company Growth
New Guide Details How Hotels Can Use the Latest Technology to Revitalize Operations, Profits, and Service
Why Boston’s Best Hotel Decided to Give Its Staff an Upgrade
Amsterdam Manor Beach Resort Improves Staff Communication by Over 60%
What a Popular Weather Chatbot Can Teach the Hospitality Industry About Guest Messaging
Hotel Operations Platform ALICE Wins the TECHPitch For Most Innovative Hotel Technology at HX 2017
Hospitality Technology Sales & Media Specialist Leigh Sansone Joins ALICE to Continue Company Expansion into the Midwest
Two of Mexico’s Premier Luxury Hotel Groups Trade Their Radios and Spreadsheets for a Technology Platform
Interview: StayNTouch CEO on How Our Digital Life Has Profoundly Impacted Our Expectations of Everything
The Hotel Owner's Playbook for Choosing the Right Technology Systems
Guests At The Greenwich Hotel Have A New Way To Get In Touch With The Front Desk
How Hotel Technology Helps This Historic Hudson Valley Inn Do Everything From Feeding Their Geese to Turning Their Rooms
The Big Hotel Technology Debate: One-Stop Shop vs. Best-of-Breed
HEBS Digital Wins 5 WebAwards for Industry-Leading Technology and Design
How to Keep the Heart of Your Hotel Beating
Hotel Technology: PMS More "Slow and Quiet" Than "Fast and Furious"
Please login or register to post a comment.