Point-of-sale malware has become an infamous source of headaches for retail IT. Memory-scraping malware and POS skimmers especially have wreaked havoc on small and medium-sized businesses, including boutiques and restaurants, mainly as a way to steal customer payment data. Even large, global retailers such as Target have been negatively impacted by the malicious feats of POS hackers.
However, more recently, businesses in the hospitality industry have been repeatedly blindsided by cyber attacks. It all began with the luxury Mandarin Oriental Hotel Group and others soon followed: Hilton, Trump, Starwood, Hyatt Hotels… This not only puts these businesses at risk, but can be a threat to hotel customers and travelers as well. Let’s assess some possible prevention methods for the future. We’ll examine how individuals can travel safer, as well as how hotel administrators can boost their overall security posture with solutions like Trend Micro’s OfficeScan.
Travelers Beware: What to know before you go
While POS malware is certainly an issue for hotel managers, the travelers staying in these locations are put at risk as well. In order to ensure secure travels, there are a few things individuals should keep in mind:
- Understanding the region’s threat environment: It’s important to remember when traveling domestically or abroad that different regions are beholden to varying threat environments. As noted by Trend Micro researchers, Brazil, for example, has a growing underworld of cyber criminals, who largely operate out in the open on accessible public forums. This fact, as well as the region’s preference toward banking-focused attacks, shapes the overall threat environment. With the Olympics coming up, this is certainly something to bear in mind.
- Wi-fi connections can often be unsafe: Another issue that comes up during travel is wi-fi connectivity. Many hospitality institutions – including hotels and resorts – offer free, public wi-fi. However, as Trend Micro researchers have pointed out, these seemingly “secure” connections aren’t secure at all. It’s helpful to plan ahead for connectivity needs when traveling, and utilize a virtual private network to access online resources as opposed to the hotel’s free wi-fi.
- Safeguard personal data: This is particularly critical when traveling with mobile devices that can provide access to personal details. Trend Micro has provided a few tips for secure traveling, including ensuring that Web browsers have high-level security settings activated, and that mobile devices are password protected. It’s also beneficial to wipe any unnecessary sensitive information from laptops or smartphones, and to back up all other important data. It’s also advantageous to reset passwords after a trip to ensure security. More safe traveling tips can be found here.
What can hotel managers do?
Needless to say, this string of incidents are all clearly connected, not in the sense that they have been perpetrated by the same hacker necessarily, but in that they highlight a popular threat vector at the moment. Going forward, there are several key steps that hotels can take to improve threat protection.
First and foremost, any hotel chain that has not started using EMV-enabled card readers across its properties should do so immediately. The main benefit of EMV chip-card technology is in its unique authentication measures. Magnetic stripes share reusable, easily compromised payment data with each swipe. In contrast, EMV chips create a one-time transaction code that, if stolen, will essentially be worthless to a hacker. As of October 2015, merchants including hotels will be held accountable for losses associated with POS malware-related card theft should they not use EMV-enabled card readers.
More importantly, hotel management must stay up to date on cyber threats that are currently in circulation, especially targeted threats that single out the hospitality industry. For example, Trend Micro discovered a unique strain of malware called MalumPOS in June 2015. The bug specifically targets data on POS systems running on Oracle MICROS, software that is used by merchants in multiple industries, but especially in hospitality. It is integral that hotels take findings such as these seriously, and not fall into the mindset of “this will never happen to us”. From here, management must take every effort imaginable to protect sensitive customer information, and this includes leveraging threat protection software.
Hotels should also consider adopting Trend Micro’s OfficeScan, which is a unique system that combines on-premises security with cloud-based protection to secure physical and virtual environments, including point-of-sales platforms. OfficeScan provides advanced protection from malicious threats, including Trojans, ransomware and new variants of existing malware. The solution is able to identify and block any threats and provide centralized visibility and control of critical assets. In this way, hotel managers and IT administrators can security the organization’s desktops, servers, laptops and its POS system from a single console. Deep Discovery is also a great option to consider, as it can detect malicious activity on the network.