*This post may contain Affiliate Links which means we may earn from qualifying purchases you make via our website. Check out our Affiliate policy and what this means here.
Seeing headlines about yet another hotel hacked have become commonplace and statistics are looking grim. A staggering 64% of US citizens have already had to deal with stolen data. Hotel phishing has become way too common.
Hotels are the perfect targets due to the amount of sensitive data they are processing each day and the tech they are using. Lots of high profile breaches that have happened lately signal that many of them do not have the right cybersecurity solutions in place.
Hotel phishing scams are a common attack, and Verizon’s 2019 data breach report shows that out of all the data breaches detected, 32% involved phishing.
What’s even more worrisome, 56% of those breaches weren’t discovered for months!
Avoiding attempts of such scams is impossible, but lowering the risk of becoming a victim is. Here are five ways to detect and avoid phishing scams.
#1 Staff Training
Hotels often skip cybersecurity training because they wish to invest in other areas, yet a single successful phishing scam can lead to a breach that will tank their reputation and customer trust, which results in high fines.
Because emails are the primary trajectory attackers are using for their hotel phishing scams, it’s important that your employees are able to recognise such scam attempts right away.
A single click is enough to infect the system. The same report from Verizon gives insight that internal actors were responsible for 34% of breaches. Every misclick will result in having your hotel hacked again and again.
Cybersecurity training for the hotel staff must be a top priority.
When staff members know how to detect a suspicious email, check the sender and double-check all domain names, the risk of them clicking on it becomes considerably lower.
#2 Have an External Mail Warning System
Creating a hotel phishing email is easier than ever, as people are more than willing to share their personal information online.
A well-constructed phishing email can look like a genuine company email from a well-known staff member.
An external email warning system helps identify suspicious emails by displaying a warning when the email originates from an external source.
This will prompt the staff to double-check the sender and the actual address before opening the mail or clicking the link and report the suspicious email to the IT office.
#3 Implement a Sandbox
Sandbox in IT is basically a completely isolated environment that fools malicious code into thinking it got access to actual systems.
Sandboxes are used to test links and attachments and execute them without risking the security of your network.
If the system detects malicious code or link, it will show a warning and remove the attachment/link so the user and systems stay safe.
#4 Keep Your Network Secure
Have antivirus, antispyware, and malware software on your network and all devices, as well as commercial firewalls.
Keeping your main network inaccessible to outside devices will reduce the vectors of attack.
Have a different network for your guests, and keep all personal IT devices from your staff on a separate network too.
#5 Stay Informed About Phishing Techniques & Have Procedures In Place
New phishing scams appear all the time, so make sure your IT department follows all new developments closely. Ask them to regularly send internal newsletters on threats and distribute them to everyone.
Plus, make sure you have strict procedures in place when it comes to payments and authorising new transactions. For example, change of details must be confirmed by a vendor over the phone (rather than email), requests for money are escalated to a higher management level, and links aren’t clicked on unless they are expected.
Hotels Must Be Hypervigilant
The reason why so many hotels fall victim to hotel phishing attacks is the lack of updates to their systems, operations, and standards.
When coupled with lack of staff training and monitoring solutions, a data breach might already be in progress without them having the slightest clue about it.