Posted on Leave a comment

The Importance of IT and Cybersecurity in Hospitality

cybersecurity in hospitality

Hospitality businesses are at a higher risk of suffering a data breach because of the nature of the industry. 

The most recent case that made rounds is the massive data breach Marriott International suffered, especially because the breach has remained undetected for over 3 years. In that time, data such as credit card numbers, home addresses, loyalty points, birth dates, passport numbers, and other valuable information were stolen. 

Imagine something like that happening to your cafe, restaurant, or hotel. 

Could you handle the aftermath of a breach? 

It’s not just about the massive damage payouts. The real aftermath is dealing with the trust that will be damaged beyond repair. 

How safe are your current systems? Are you sure you could deter or detect a breach?  

The high risk of the hospitality industry

Hospitality businesses are a high-value target of malicious intent. The first part of the issue revolves around the characteristics of the industry: 

  • You work in a people-centred industry where competition is fierce. 
  • To succeed, your hospitality business has to stand out from the crowd by providing your customers with the very best service.
  • You also have to deal with a lot of stored sensitive information about your clients. 
  • This data can help you provide a streamlined and personalised experience. Unfortunately, such data is highly valued on the black market, which makes you a prime target to hackers. 

The other part of the problem is your back office: 

  • It’s a highly dynamic industry that requires a centralised system with lots of connection and access points. 
  • Any of these can become a potential point of access.  
  • The turnover rate of hospitality businesses is higher than in other industries. 
  • Any old, forgotten, and inactive accounts from former staff are security threats.

How can IT and cybersecurity solutions help hospitality? 

Hospitality businesses are highly vulnerable to cybersecurity threats. Even large enterprises will succumb to a data breach without advanced cybersecurity solutions. 

Instead of sticking to incident response and passively reporting on a security breach, hospitality businesses have to implement proactive measures that will make a breach unlikely and data unreadable. 

The right IT solution keeps your business efficient and your customer and employee data safe. Our IT and cybersecurity solutions and services will: 

  • Standardise your whole network infrastructure – We can take care of everything – from network hardware installation and setup, to VPN and token solutions.
  • Streamline your operations – This will reduce errors and data mismanagement, and will speed up your whole system. 
  • Encrypt data and documents – While you should aim to avoid a data breach, encryption helps you remain compliant and make data unreadable and unusable in case it does happen. 
  • Report any red flags – Advanced monitoring solutions help detect any irregularities in your database, payment system, or loyalty programs immediately. Your data stays secure, and your services stable.
  • Create and maintain backups – Your whole systems and operations backed up, ready to weather any storm.  
  • Train your staff – Even the best systems remain vulnerable if your staff isn’t up to date on how to use it, or isn’t informed about the latest security threats and policies.
  • Provide ongoing support – From helpdesk and remote support to onsite interventions, we got you covered. 

Responsive IT Support 

We go well beyond simple network setup, optimisation, and one-time security protocol setup.

Cybersecurity is an ongoing task, and TowerWatch Solutions offers ongoing IT support for your hospitality business. 

Our IT support range includes 1st, 2nd, and 3rd line support. No matter what type of IT-related issues you are dealing with, we can help you resolve it quickly and have you up and running in no time. 

  • Your employee lost their password? Our helpdesk will help them retrieve it. 
  • Your POS can’t connect to the network? We can get it up and running remotely. 
  • Your customers can’t order ahead through your app? Our engineers will find the reason as soon as possible. 

Our IT support is available around the clock, and you can choose between: 

  • Helpdesk support – A solution for any minor issues that keep disrupting your daily operations is just a phone call away. Our helpdesk support will quickly resolve POS connection issues, account lockouts, or network drops. 
  • Remote assistance – When you can’t take care of the problem on your own, our IT support agents can quickly resolve minor inconveniences with remote access. 
  • Onsite IT expert and engineer teams – Have issues with hardware or software setup? Your Wi-Fi system is down and routers aren’t responding? No worries. We’ll deploy our onsite IT experts to take care of all your IT worries in no time. 

Already have an in-house IT team? 

Nothing to worry about. Besides 1st to 3rd IT support, we also offer full IT management support. 

We will take care of in-house team hiring, management, and training to keep your team up to date on the latest security practices and threats, and work alongside them and offer a helping hand. 

Let us deal with technicalities so you can stay focused on your customer and the experience you provide. 

Project Implementation 

The IT projects and solutions we implement are all based on the latest technology and security standards. 

The hospitality industry works with high volumes of sensitive data, and our solutions warrant it stays safe – we will make sure all your operations are GDPR-compliant too.

Project implementation preparations

Our experts and engineers have over 10 years of experience in IT management and project implementation. Before we draft a project for your hospitality business, we will take a look at your current setup. 

TowerWatch Solutions will ensure your IT systems can handle your business demands, follow the latest hospitality trends, and battle security threats. 

We can make the project as simple or complex as you need it to be. We can implement a simple backup solution for your current operations, or reinvent your whole IT infrastructure and offer a streamlined digital dining journey. 

Your IT needs should never take the back seat. Today, IT solutions are the driving force of successful hospitality businesses. We can help you with:

  • Implementing full server systems, communications, and platforms. 
  • Physically relocating your sites and helping you open new sites.
  • Moving your physical servers to safer virtual environments.
  • Converting your local data and operations to the cloud.
  • Installing and implementing encryption solutions for your customer data and loyalty programs. 
  • Taking care of GDPR and PCI compliance.
  • Implementing access control measures. 
  • Setting up Backup and Data Loss Prevention (DLP) measures.  

Fully custom solutions, tailored just for you 

Because no two hospitality businesses are alike, we focus on getting to know you first. Your long-term goals become our long-term goals.

When we are familiar with your strengths and weaknesses, we will know how to design an IT system that will emphasise the former and eliminate the latter. 

  • A custom-designed IT system will cover all your needs and provide a streamlined experience to your customers and patrons. 
  • We will implement new hardware, software, and full IT solutions with minimal disruptions to your operations. 

With our IT services, you’ll be ready for rapid expansion and franchising: We will future-proof your IT infrastructure so you can easily open new locations locally, regionally, and globally, and deploy your whole system instantly.

Streamlined Setup 

Do not worry about business disruptions while we implement our IT and security solutions. 

We have streamlined our setup routine so you can continue working without losses in uptime, efficiency, or staff and guest satisfaction. We’ll start with upgrades that are easiest to implement and work our way to the more complex solutions. 

Continue impressing your guests and customers while we update, improve, and optimise your whole IT system with:  

  • Equipment standardisation – Differences in hardware, procedures, and policies across franchises are a common reason for disjointed operations. We will standardise all your equipment. 
  • The best guest Wi-Fi solutions – Your systems are not the only thing that benefits from being connected. Your customers will keep coming back to enjoy not just your services, but also an amazing, lightning-fast, and most importantly, secure Wi-Fi in any of your establishments. 
  • Cloud solutions that sync across your whole franchise – No matter how many locations you have, relocating your operations to the cloud will allow your staff to work efficiently from any branch and sync data across all your locations.
  • Active network monitoring – Proactive approach to possible issues is the only way to deal with them before they become serious. Our IT solutions can monitor your whole infrastructure and network, and alert our IT support in case of irregularities. 
  • GDPR compliance implementation – Unsure about GDPR compliance and worried about possible legal risks? We got you covered here too. 

TowerWatch Solutions is your one-stop shop for implementing cybersecurity and IT systems that will make you fully compliant with the GDPR. 

Our compliance strategy includes data mapping and auditing. We will uncover where your data is stored and review all your software for possible security gaps. 

We will implement security measures such as system monitoring and advanced data encryption to keep data safe.  

  • PCI compliance implementation – PCI compliance helps you protect your customer’s credit card data and reduce fraud attempts. By making sure your new IT setup is compliant with PCI DSS standards, your customers and guests will know you place the highest emphasis on their security. 
  • Future-proofing – Our IT solutions ensure your systems are future-proof and you won’t have to worry about substantial investments down the line. When you migrate your operations to virtual environments and the cloud, all the updates are handled by the provider, guaranteeing your systems are always up to date and safe.  

Your IT security is only as good as its weakest link. Unintended data disclosure can easily be prevented with the right staff training. Leave it to us to teach them how to use the newly implemented systems and foster a culture of security. 

Consultancy & Research 

Are you opening a new restaurant and want a good IT infrastructure right away?  Or are you an established franchise that could use some updating in the IT department, but you’re not sure where to start? 

Start by consulting with our experts 

TowerWatch Solutions offers consulting services on hospitality IT systems and cybersecurity. We’ll help you plan out every detail of IT system implementation and assist your in-house IT teams on every step of the way. 

No in-house teams? No problem. We can manage your IT projects on our own too. 

If you are more comfortable with having in-house IT experts, we also provide consulting on IT Training and Recruitment. We can help you set up, recruit, and train an in-house IT team for you. We can set up, manage, and recruit new members to your team. 

Our dedicated IT experts and engineers will help you with a boost of specialised knowledge right where you need it:  

  • IT project management – From implementing ePOS systems to handling guest Wi-Fi options, we’ll help you manage the whole project.  We consult you on the best ways to implement it, and what the needed security measures and best practices are.
  • IT security requirements – We can help you and your team set up staff authentication, BYOD policies, GDPR, and PCI compliance, and consult you on the latest industry standards. 
  • Data safety and recovery options – Our experts will be happy to explain all the solutions you can implement to prevent data leaks and losses and help you pick the best mix of options. Learn about:
    • Differences between backup solutions
    • The importance of business continuity strategies
    • How data loss prevention (DLP) works 
    • What disaster recovery options would be best for you
  • Cloud computing solutions – We’ll guide you through possible cloud computing options and advise you on the one best suited to your particular needs, be it private, public, or hybrid. 
  • Migration services – We can help you move your data and operations from one location to another, or to a virtual environment. We will also ensure that any risks – privacy, security, and data access – are eliminated in the process.  

Overall…

Hospitality is an industry that handles huge amounts of sensitive data on customers, guests, and patrons. Hospitality cybersecurity is more important than ever before. As a restaurant, cafe, or hotel owner, it’s your responsibility to keep their data safe. 

How up to date is your current IT setup? Have you taken care of your GDPR compliance? Do you know who has access to sensitive data? 

Here are some of the latest facts and figures on hospitality data breaches, and just how much damage they can do: 

  • Restaurant group Earl Enterprises data breach from May 2018 to March 2019
    • Data affected: Over 2 million credit card numbers were stolen
    • Attack vector: Malware on their POS system
    • Brands affected: Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, and Tequila Taqueria
    • Damages paid: Unknown
    • The company launched a website so guests can check whether their details were stolen.
  • RMH franchise security breach in 2018
    • Data affected: Guests’ names, credit or debit card numbers, expiration dates, and card verifications codes
    • Attack vector: Unauthorised software placed on the POS system
    • Brands affected: 167 Applebee’s restaurants
    • Damages paid: Unknown
  • Wendy’s data breach of 2015 and 2016
    • Data affected: Name, card number, expiration date, security, and service codes, and other payment card-related information.
    • Attack vector: Malware on POS system
    • Brands affected: Wendy’s restaurants
    • Damages paid: $50 million
  • Dunkin’ Donuts data breach
    • Data affected: Usernames and passwords for loyalty programs
    • Attack vector: Third-party breach
    • Brands affected: Dunkin’ Donuts
    • Damages paid: Unknown
  • Hilton Hotels data breach of 2014 and 2015
    • Data affected: Credit card numbers, names, addresses
    • Attack vector: Cash register computers
    • Brands affected: Hilton Hotels
    • Damages paid: $700,000
  • Marriott data breach: The biggest breach up to date
    • Data affected: 500 million customers’ information, including names, addresses, phone numbers, email addresses, passport numbers, account info, birth dates, gender, and arrival/departure information
    • Attack vector: Unauthorised access to the hotel database
    • Brands affected: Ritz-Carlton, St. Regis, JW Marriott, W Hotels, Sheraton, Delta Hotels, Le MERIDIEN, Westin, Renaissance Hotels, Four Points, SpringHill Suites, Fairfield Inn, Residence Inn.  
    • Damages to pay: $915 million GDPR 

Digital technology and data safety have become an integral part of the hospitality and dining experience. 

How IT Solutions Influence the Dining Journey

Technology is affecting the hospitality industry, and those who don’t embrace IT solutions are bound to fall behind fast. 

According to the Windstream Enterprise-BRP Consulting digital restaurant study that focused on preferences of Millennials and Gen Z, shows that digital technology affects the hospitality sector, particularly restaurants, quite a lot. 

Here are some of their most interesting finds: 

  • 74% find that ease of ordering and payment is extremely important.
    • only 45% of restaurants have excellent execution for this preference
  • 60% place importance into Wi-Fi availability 
    • only 44% of restaurants have a good solution in place 
  • 42% actively look for contactless and mobile payment availability
    • only 33% of restaurants have it 
  • 41% look for mobile and web order ahead options
    • only 26% of restaurants offer a good solution

The following infographic by Deloitte from 2016 shows just how important technology has become in hospitality:

Source

Some key findings include the fact that 40% of people prefer to order online, and when technology is used to place orders, customers will spend an extra 20% on an average per visit.   

The findings clearly show that the customer journey and experiences are heavily influenced by the convenience of new tech solutions. The only way forward for your business is to implement IT solutions that will be convenient but also safe. 

Do you have the right IT solutions in place? Get in touch to see how we can help you streamline, boost customers with technology projects, and improve your security.

Posted on

Five Ways to Avoid Hotel Phishing Scams

Seeing headlines about yet another hotel hacked have become commonplace and statistics are looking grim. A staggering 64% of US citizens have already had to deal with stolen data. Hotel phishing has become way too common.

Hotels are the perfect targets due to the amount of sensitive data they are processing each day and the tech they are using. Lots of high profile breaches that have happened lately signal that many of them do not have the right cybersecurity solutions in place. 

Hotel phishing scams are a common attack, and Verizon’s 2019 data breach report shows that out of all the data breaches detected, 32% involved phishing. 

What’s even more worrisome, 56% of those breaches weren’t discovered for months

Avoiding attempts of such scams is impossible, but lowering the risk of becoming a victim is. Here are five ways to detect and avoid phishing scams.  

#1 Staff Training 

Hotels often skip cybersecurity training because they wish to invest in other areas, yet a single successful phishing scam can lead to a breach that will tank their reputation and customer trust, which results in high fines.

Because emails are the primary trajectory attackers are using for their hotel phishing scams, it’s important that your employees are able to recognise such scam attempts right away. 

A single click is enough to infect the system. The same report from Verizon gives insight that internal actors were responsible for 34% of breaches. Every misclick will result in having your hotel hacked again and again.  

Cybersecurity training for the hotel staff must be a top priority. 

When staff members know how to detect a suspicious email, check the sender and double-check all domain names, the risk of them clicking on it becomes considerably lower. 

#2 Have an External Mail Warning System 

Creating a hotel phishing email is easier than ever, as people are more than willing to share their personal information online.

A well-constructed phishing email can look like a genuine company email from a well-known staff member.

An external email warning system helps identify suspicious emails by displaying a warning when the email originates from an external source. 

This will prompt the staff to double-check the sender and the actual address before opening the mail or clicking the link and report the suspicious email to the IT office. 

#3 Implement a Sandbox

Sandbox in IT is basically a completely isolated environment that fools malicious code into thinking it got access to actual systems. 

Sandboxes are used to test links and attachments and execute them without risking the security of your network. 

If the system detects malicious code or link, it will show a warning and remove the attachment/link so the user and systems stay safe. 

#4 Keep Your Network Secure 

Have antivirus, antispyware, and malware software on your network and all devices, as well as commercial firewalls. 

Keeping your main network inaccessible to outside devices will reduce the vectors of attack.

Have a different network for your guests, and keep all personal IT devices from your staff on a separate network too. 

#5 Stay Informed About Phishing Techniques & Have Procedures In Place

New phishing scams appear all the time, so make sure your IT department follows all new developments closely.  Ask them to regularly send internal newsletters on threats and distribute them to everyone.

Plus, make sure you have strict procedures in place when it comes to payments and authorising new transactions. For example, change of details must be confirmed by a vendor over the phone (rather than email), requests for money are escalated to a higher management level, and links aren’t clicked on unless they are expected.

Hotels Must Be Hypervigilant

The reason why so many hotels fall victim to hotel phishing attacks is the lack of updates to their systems, operations, and standards. 

When coupled with lack of staff training and monitoring solutions, a data breach might already be in progress without them having the slightest clue about it.

Posted on

Steps To Respond To a Ransomware Attack

steps after a ransomware attack

Cybersecurity is an important topic for any business now. In the last 12 months, 32% of businesses experienced some sort of cyber attack or data breach. That means that every third business had to deal with a cyber-attack, according to the Cyber Security Breaches Survey 2019 by the UK Department for Digital, Culture, Media, and Sport. It goes without saying that every business should prepare for a ransomware attack and other types of cyber-attacks.

Keeping your assets secure against cyberthreats needs much more than installing firewalls and anti-virus software. Today’s cyber threats are sophisticated and use every possible loophole in your security settings to get access.While there are different types of attacks, ransomware is one of the most malicious attacks businesses have to deal with. 

What’s a Ransomware Attack? 

Ransomware is a type of attack where malicious software (malware) takes over a computer or whole systems and denies any type of access until you pay a ransom. The ransom demand usually requires payment in cryptocurrency like Bitcoin, as it’s impossible to trace it. 

It is one of the most dangerous types of attacks, as it can stop a business dead in its tracks. In case the ransom is not paid, all data will be deleted from the system. 

This is bad enough if it happens to an individual. Imagine this happening to your company – you will lose all business and operational data, and you’ll have to start all over again. Some businesses never recover.

Preparing for a Ransomware Attack

The bad news with ransomware attacks? It can happen to anyone, and once it does, there’s not much you can do. 

But you can prepare for it. Here’s how: 

Data backup should be your number one priority.

It can save you thousands and millions, but it has to be done right by protecting your data storage properly. Ransomware attacks are carefully executed and attackers will often have access to your systems for months before they attack. 

Why? Because they want to make sure they hijack everything, including any possible backups you might have. 

This is why you should keep backups on another location. It would be best to have backups in the cloud but also have at least one backup offline – completely disconnected from any network – as even cloud backups can sometimes be affected.  

Make sure IT keeps all systems and software up to date.

Although updates are often a hassle, they exist for a reason. Most updates are released to take care of security vulnerabilities. When software and operating systems are not updated, you are basically inviting hackers to access your systems. Your IT department should ensure every device is up to date. 

Start implementing user restrictions.

Not all of your employees need access to all your data. Ask your IT provider to implement user restrictions so that your employees have access only to data they need. In case they need more, they can request special and temporary access that is revoked as soon as they don’t need it anymore. This way, in case their accounts are compromised, the breach will be limited. 

Invest in monitoring software. 

You can get powerful software solutions that can monitor your whole systems for suspicious activity. This goes beyond the regular antivirus monitoring – it can monitor what users are doing, what data they are accessing, and alert you in case something is out of the ordinary. 

Don’t forget about employee training.

No matter what type of security software and solutions you utilise, if your employees are not aware of best practices on cybersecurity, you’re always just one bad click away from a ransomware attack. Make sure your employees know how to spot suspicious email, and know that they should never click on the links in such emails or download attachments.  

Work on your BYOD policies.

Many businesses, especially small- and medium-sized ones, often allow employees to bring their own devices (BYOD) to work. Without a good policy in place, however, this becomes a security issue. 

If an employee brings an infected device and connects it to the same network, you’re looking at a possible spread of infection – and ransomware – to all other devices and the whole system. Because of this, any device connecting to your system should be up to date, have antivirus software, and be cleared by the IT department regularly. This goes for smartphones too.

First Steps After a Ransomware Attack 

1. Take a photo of the note

This will help the IT determine what type of ransomware you’re dealing with. 

2. Determine the extent of the attack 

Your IT provider should be able to determine whether the ransomware has infected a single device, or if the infection is spreading through your network.

3. Isolate infected devices and disable sharing

All infected devices should be removed from the network to stop the spread. Any type of sharing that’s active should be shut off immediately. 

4. Notify employees

Send an email to all employees so that they can report whether their devices are working. Those who can work can continue, but those affected can help in other areas while IT deals with the issue. 

5. Let IT remove ransomware from infected devices 

IT should scrub the devices that were infected completely. Sometimes, a local backup on the device can solve the issue, but oftentimes, even that will be unavailable. 

6. Restore data from backups

Once you reinstall the operating systems, your IT can restore data on affected devices from a cloud or offline backup.

To Pay or Not to Pay? 

If you’re not prepared and have no backups, you might be tempted to pay. Take this year’s ransomware attack on the City of Baltimore’s government. Their systems were infected by ransomware that stopped numerous important systems: ATMs, airports, even hospitals. 

The attackers demanded the city pays about $76,000 in Bitcoin. The city refused to pay, only to realise many of their systems weren’t backed up. They lost huge amounts of data, and the attack ended up costing them $18 million

It seems that in the case of Baltimore, it would have been much better if they simply paid the ransom. Well, not really. 

Why? 

You’re dealing with criminals. Even if the city paid the ransom, there’s no guarantee that they would have gotten the access back. If they did, they would have become a prime target for future attacks too, since they paid the ransom already. This is why it’s so important to prepare – it will minimise damages.

Conclusion

Everyone’s at risk of a ransomware attack. Preventing it is next to impossible, but preparing for it is more than possible. Your IT provider should back up your data regularly, and you should make sure your employees know how to spot suspicious phishing attacks. When you prepare for a ransomware attack properly, you can minimise the impact of such an attack and save you from monetary and reputation damage. 

Posted on

The Link Between Unpatched Machines, Ransomware, and Data Breach Threats Increase Threat Severity for Businesses

cyber landscape report

Boardish has released a cyber landscape report that summarises the latest changes in the threat landscape. As a tool created for CISOs and cyber professionals who work on quantifying the impact of cyber threats and solutions into financial figures, Boardish has recently moved from beta to production. 

The ultimate goal that Boardish wishes to achieve is to simplify the quantification process for CISOs and other cyber professionals, helping them get faster insight into the cybersecurity landscape and impact of new threats and solutions. 

With that goal in mind, Boardish has also released a new monthly cyber report.

Their new cyber landscape report shows that the threat landscape has experienced quite a number of changes at the beginning of the year. One thing that they picked up is that there is a link between the three main threat increases that were registered: unpatched machines, ransomware, and data breaches. 

The Boardish cyber report places unpatched machines to the very top of cybersecurity issues.  This threat experienced the highest increase of 18% after NSA has discovered there is a vulnerability in the Windows 10 systems. The number of machines affected by this vulnerability goes over 900 million, which is more than enough to raise the risk assessment for unpatched machines from medium to high, as it has the potential to be the next nation-state type of attack.

Eternal Blue, the exploit used for the WannaCry ransomware is still affecting machines around the globe. When combined with the number of machines that could potentially be affected and the impact of previous nation-state attacks, any organisation with unpatched machines should treat the risk as a priority. 

This leads us to the next threat highlighted by the cyber report: ransomware. It has increased by 11% across all company size categories. 

It’s connected to the number of unpatched machines and also the fact that there are numerous other attack vectors for ransomware infections, with phishing being the most popular attack vector. 

Ransomware is so popular because it’s the easiest way to get money quickly, but there has been an increase of instances of the ransom NOT being paid, in which case attackers released the data and caused a data breach

This brings the impact level to maximum. Another interesting finding is that the level of turnover days increased by 15%, and the reason for this is twofold: business systems are more complex, and ransomware attacks are more sophisticated. Ransomware should, therefore, be treated as a top priority threat.

Data breach threat has also increased by 7%, but unpaid ransomware isn’t the main reason. Instead, increased amounts of data were the primary factor in companies with more than 500 employees, as per our cyber landscape report. The data breach risk factor is serious enough to lose market positioning, and coupled with the high-regulation impact, the risk is raised to high. 

User error is becoming a more common reason for data breaches, so companies should make sure they are protected not just from external but also internal threats. 

The best way to deal with each of these threats can be thoroughly tested in Boardish so that CISOs and other cybersecurity professionals immediately see the effectiveness of solutions and present these in front of the board in financial terms. 

For a more detailed insight into the threat landscape, you can download the full cyber report for free here: Boardish Analytical Cyber Reports

Posted on

Data Discovery as an Important First Step in Cyber Security Implementations

feature image for data discovery in cyber security implementations post

Data security is the staple of a successful business in this era, and most businesses invest into at least basic cyber security. After all, it’s much more affordable when compared to the aftermath of a data breach. Before you implement security measures that will keep your business and reputation safe, you should know what type of data you deal with, and you can do that with data discovery tools.  

What’s Data Discovery and How Does It Help My Business?

The importance of data discovery in cyber security is experiencing rapid growth because of stricter regulations like the General Data Protection Regulation(GDPR) that mandate all businesses should be well aware of what kind of data they collect and how they use it. But what is data discovery anyway?

Data discovery is a business process of collecting and analysing data to gain insight into trends and patterns. This insight helps businesses shape their critical business decisions.

And while most businesses today will happily collect data to make data-driven decisions, they will often fail to store and protect that data in a systematic and logical manner.

This causes two critical issues:

  1. When data is disorganised, it will impact data analysis and affect the end result, which can lead to bad business decisions.
  2. Disorganisation also increases the risk of data being accessed by unauthorised entities, either through a data breach or because it was accidentally disclosed by an employee.

Data discovery helps businesses not only collect and analyse data, but it also shows them where and how data is stored and who has access to it, which gives them a good idea of how safe that data really is.

Data Discovery in Cyber Security

Because data discovery provides quite a number of benefits to a business, it’s safe to assume it can help with cyber security too. So what’s the best way to use data discovery in cyber security, and what benefits will this bring?

It is the first step to becoming GDPR compliant. Businesses gather all kinds of data to gain insight into the latest trends and preferences, and for this purpose, they often store sensitive data from their users and customers.

  • GDPR requires that ALL businesses that deal with personally identifiable information (PII) from EU citizens to disclose they are using and storing this data.
  • In addition, they must have consent from the user/customer to store all that data, and keep records of consent too. If they don’t, they are not allowed to store it.
  • Any type of data that can lead to the identification of an individual falls into this category: name, address, online identifiers, ID numbers, IP addresses, even cookie identifiers.  

It helps you implement the right cybersecurity measures. It can be hard to choose which cybersecurity measures are the best option for your business.

  • Firewalls and secure networks are a good start, but without implementing data discovery in cybersecurity, you won’t have a structured overview of your data, or who has access to it.
  • Considering that human error is the most prevalent reason for a data breach, limiting access to data and keeping it on a “need to know” basis is a sound defense against such errors.
  • This also helps you implement data encryption that limits further data sharing and disclosing it to somebody without the right authentication.

It helps you identify security threats quickly. When you have a unified and structured overview of your data and can see who accesses it and in what way in real time, you can quickly respond to any type of threats.

  • Machine learning and AI solutions can help you automate this process and monitor users’ access and detect any anomalies.
  • For example, if there is a sudden surge in data access from a specific access point, you will get a warning to investigate. In case you determine there was indeed a breach, the scope of the breach will be very limited.

Data Discovery Brings Your Cyber Security to a Whole New Level

With increasing volumes of data flowing through your on-prem or cloud data centres, you need solutions that will not only give you insights into trends but what type of data you have, where it’s stored, and how many of your employees have access to it. By structuring your data according to sensitivity levels and implementing solutions that limit access and keep a watchful eye on how it’s used, you will be able to thwart cyber security threats before they become a problem.

Learn more about data discovery by using Microsoft’s AIP scanner in our Udemy course now available at a discounted price.

Check out the TowerWatch Academy for more courses!

Posted on

The Importance of Cybersecurity for Businesses in 2019

feature image for the importance of cybersecurity in businesses in 2019 post

Cybersecurity is a vital part of every business that deals with any type of sensitive data. With online threats becoming more diverse every day, and the increasing regulations like GDPR. It is imperative that businesses stay on top of the latest cybersecurity developments for 2019.

Here are the most important things to consider when looking for ways to improve cybersecurity for businesses:

Hacking Is an Industry Now

Hacking has become a lucrative industry, with certain types of data being more valuable than others. Medical records, for example, are worth ten times more on average than credit card details.

Because there is so much money involved in hacking, it is not surprising that hackers are launching highly sophisticated attacks that are hard to detect and can be disruptive not only to normal business operations, but also to wider government-operated systems, like power grids for example. As such, hacking threats should be taken seriously, because a data breach can easily bring your business to a halt or end it altogether.

It’s Harder to Detect Breaches

Ponemon’s 2018 Cost of Data Breach Study states that it takes 197 days on average to detect a breach. After that, it takes another 69 days on average to contain a breach. This is a very long time for a breach to go undetected, costing businesses millions. For smaller companies, such a devastating breach could mean the end of their operations. Larger companies have an easier time to recover, but it still takes months or years.

A breach doesn’t just cause loss of revenue, but also reputation, customers, and missed opportunities, as well as any damages that have to be paid after the breach.

Third-Party Apps and Vendors Are Common Vectors of Attack

With cloud computing being the new norm, it can be hard to confine sensitive data within an isolated data centre in your office. The majority of data today is stored in the cloud, with many businesses sharing data no only internally, but also to external third-party vendors or applications.

If these apps or vendors do not take adequate security precautions resulting in a data breach, the business can still be held accountable for the loss of sensitive data. Make sure then to check all third-party vendors your business deals with.

Data Protection Is More Important than Ever

Businesses who don’t invest in cybersecurity should be held accountable. It doesn’t really matter whether it was just an oversight or due to negligence – if the someone steals valuable data, there should be serious consequences.

Lawmakers are becoming aware that cybersecurity is an important aspect that needs to be regulated seriously. We are already seeing the adoption of stricter laws and regulations – the General Data Protection Regulation (GDPR) is just one of them.

Not only do such laws and regulations force businesses to improve their security, but they also help protect users against predatory practices like selling data to third parties without the user’s explicit consent.

Any business who is serious about what they do should have transparent data collection and usage policies. They should have adequate security and encryption for their data.

AI Helps Companies Protect Against Attacks

Advancements in AI and machine learning have made predictive analytics an ally against cyber attacks. Businesses have more overview of their real-time security than ever before. And predictive analysis helps them promptly detect anomalies in their operations. This is especially beneficial for the financial sector such as banks, and other businesses will reap the benefits as well.

As a business owner, you should be aware of the cyber threats lurking about. Know also that no target is too small for hackers. Make sure to update all your software regularly and educate your employees. Ensure that any third-party vendors or applications you deal with are taking cybersecurity seriously too.

Posted on

7 Ways to Protect Yourself From Social Engineering Hacks

7 Ways to Prevent Your Social Media Being Hacked

Human interaction is the element that makes social networks so great, and businesses use it to connect with their user bases on an individual level. This human connection is also a vector used by hackers to get access to classified information, as well as access to internal networks and data. Such techniques are known as social engineering hacks.

Social engineering hacks is when hackers present themselves as trusted and friendly individuals or businesses to get their targets to disclose privileged and sensitive information. This tactic requires lots of research on the target to be successful, and the attack if often specifically aimed at individuals who have low-level access within their organisation, as this is enough to get access to everything else once they are in.

Research and reconnaissance include scanning the targets online behaviours and patterns, and social media accounts are a treasure trove of information. This is why it’s so important that all employees keep their social media accounts secure. The following seven tips will help keep social media accounts safe from hackers:

#1 Avoid Taking Part in the Things that Have Your Personal Details

Do you know all those various quizzes that “analyse” your social media account to tell you which “Game of Thrones” character are you most like, or tell you what kind of salad you are? How about some extensive personality tests that ask you to disclose super specific information about yourself to tell you what type of personality you are?

Always make sure to check what type of information you reveal and authorise access to. Many of them will require you to allow access to all your online images, your whole friend list, or your bio and personal information that might include phone numbers and emails. Only use such things if you can be 100% sure that the information you share will be used solely for marketing purposes and not compromise the security of your account.

Do you remember the story about an Android flashlight app that just asked for too much access? This is exactly how your data could become available to hackers and used against you.

#2 Increase Your Password Security

Password strength is what makes or breaks the security of your social media accounts. First of all, make sure to use a strong password. The holy trinity of strong passwords is a combination of the following:

  • Lower- and uppercase letters
  • Numbers
  • Special characters

Have at least 8 or more characters in your password, and never use personal details and information like your kid’s names or birthdays in your passwords, as this makes access easier. To minimise the risk of being hacked, change your password regularly and never use the same password for multiple accounts. If you have trouble remembering all your passwords, use a trustworthy password manager instead.

#3 Understand Your Privacy Settings

Once something is on the web, it stays there forever. Your online behaviours can be tracked, and most people don’t think they are valid targets to be tracked online, so they will reveal too much on too many public places.

Imagine sharing your personal or work email, where you live, or images of your kids and your home to any stranger you meet on the street. It would be quite reckless, wouldn’t it? This is exactly what many people are doing online when they don’t think about their privacy settings and post publicly on their social media accounts.

When using Facebook or any other social media site, make sure to limit your posts and images to your friends only. If you wish to share something publicly, always ensure that it can’t be something used to get access to your accounts or to follow your actions online. Also be wary of friend requests from people you don’t know. Chances are, at least one of them might just be trying to get access to your information.

#4 Up Your Account Security

A strong password is just a first step towards a safer account. Wherever possible, use additional security in form of two- or multi-factor authentication (2FA or MFA) – they will ask you for an additional code that’s generated just for you once you type in your login credentials. This way, if someone manages to crack your password, they will not get any further because they won’t have the code they need.

#5 Use Quality Antivirus Software

Make sure to have good antivirus protection on your PC. Your antivirus must not only regularly scan your PC, but also monitor your online activity. Such suites will immediately let you know if there’s an infected link or attachment in your emails. It can also scan social media messages and quarantine it before you could click on it by mistake.

#6 Only Install Apps from Trusted Sources

Since there’s limited access to good antivirus software for mobile phones, stay safe by only installing apps from trusted sources. Examples of trusted sources are Google Play and Apple’s App Store. Apple, in particular, is very strict when it comes to what apps are allowed on their store. They do a full scan and inspection of every app before it can be approved and published in their store.

#7 Log Out of Devices and Close Old Accounts

If there are some accounts you are not using anymore, it doesn’t mean they are safe from hackers. Always close all old accounts you are not using anymore. This way, you make sure hackers don’t get access to them and use them without your knowledge.

Also, make sure to log in on trusted devices and on trusted networks only. Make it a point to log out of all your active sessions regularly. This will help those services recognise anomalies in your login patterns and detect a possible breach easier.

Have a proactive approach towards your social media security and you will be a very hard target for anyone trying to get access to your accounts. It will be a challenge for anyone to launch social engineering hacks against you.

Have more questions? Check out our Smiley Geeks IT Help Membership from only $69 a month!

Posted on

5 Reasons Hospitality Businesses Get Hacked

hospitality business hacking

The last several years have revealed that hospitality businesses are vulnerable to cyber attacks. Many major hospitality players being victims of cybercrime that was in some cases undetected for years. In a separate post, we have cited six hospitality businesses that faced data breach fines resulting from hospitality business hacking.

Hackers are becoming increasingly innovative in ways they gain access to secure hospitality systems. In contrast, the hospitality sector is lagging behind in security measures. Businesses often don’t treat cybersecurity as a priority but prefer to focus on customer experience only, which can have far-reaching consequences in case of a breach.

The most common factors that contribute to hospitality business hacking and data breaches include the following:  

#1 The Number of People Involved

It is the nature of the hospitality industry that makes hospitality businesses such targets – there are so many customers and staff involved that hackers easily benefit from those numbers.  Sooner or later, somebody will make a mistake and click on a malicious link delivered into their inbox from a spoofed email address, and that one click is often enough to get access to everything.

Once inside, hackers will easily find employee credentials to get access to sensitive information, such as customer names, emails, addresses, current residence, credit card information, loyalty programs and points, and more, and use all that information for monetary gain or to sell it on the dark web.  

Another big issue that contributes to the high vulnerability of the hospitality sector is the current hospitality retention rates. Retention rate in the hospitality industry is quite low in comparison to averages or other industries. In the UK, the annual staff retention level is just over 70%, which is concerning since the average retention is usually around 85%. Not only are staff usually less interested in the long-term protection of the business, but frequent changes of users and passwords often leads to bad practices like sharing or logging in for each other.

#2 Unsecured Networks Result in Hospitality Business Hacking

One of the easiest ways hackers are able to access guest and employee data is through Wi-Fi networks that are poorly secured and unsecured. While it’s hard to make sure a Wi-Fi network is 100% secure against attacks, hospitality businesses can do a lot to minimise the risk.

First of all, a network should never be unsecured. While it might seem like a great perk – use your network easily without having to ask for a passcode – this also means that anyone can access it, hackers included. The passcode should always be complex to avoid hackers simply guessing it. Businesses should avoid setting up “12345” or the business name as the passcode.

In addition to the right encryption settings for all the networks, it’s important to separate them too. Guests should always have a separate network for all their devices. Sharing the same network for business devices and guest devices is a recipe for disaster. Some of your guests may not be as innocent as they appear. They may be accessing your internal systems and data whilst also enjoying your coffee.

#3 Lack of Understanding

Another fault of many businesses in the hospitality industry is their lack of understanding of cybersecurity. Hotels are now interconnected digital systems that compete for customers by introducing new digital experiences. As such complex systems, they have a large number of endpoints – like the above-mentioned Wi-Fi networks, but also HVAC systems, Points of Sale (PoS), electronic door locks, smart devices – through which customer data is accessed and stored.

It’s true that they do adopt new technology and software to streamline their operations. But their outdated security measures don’t cover new security threats. You see, each of the endpoints used can also be an entry point for hackers to steal data. Sometimes, it’s enough to delay updating your PoS system for hackers to get a successful entry.   

Because hospitality businesses deal with such a large amount of sensitive data daily, it’s of utmost importance that they also understand the risks that come with the benefits of new software and tech solutions.

#4 Cybersecurity Isn’t Their Focus

Most hospitality businesses will agree that customer satisfaction and the overall experience with their brand is what matters most. The competition is fierce, and it’s very easy to lose customers. In their battle to retain customers, they will often prioritise to spend their money on user experience. As a result, they streamline all their internal operations towards this goal.

Providing a seamless experience in every single one of their locations require interconnection of all hotels from the same chain. For this reason, they are able to easily share their data on customers between locations. This way, the customer’s preferences when it comes to rooms and suites and other data that help make them feel welcome is accessible at any time, no matter which of their hotels the customer walks into. Such data sharing happens within the hotel chain national network, which all hotels have access to.

This interconnectedness can have far-reaching consequences – just one breach into a single hotel from the whole chain is enough for hackers to quickly gain access to their whole system and steal information from central data points.

#5 Lack of Education Lead to Hospitality Business Hacking

With a lack of understanding of why security systems are crucial for all the digital systems in the hospitality industry, cybersecurity is often put into the back seat. This, in turn, results in a severe lack of education for staff members and partners.

If employees working in hospitality do not know how to spot risks, the chances of hospitality business hacking skyrocket. Not all employees are tech-savvy or IT professionals. Some of them don’t know how to spot a phishing attempt. However, with the right training, you can greatly reduce the chances of being hacked.

The best approach here would be to have cybersecurity staff that will take proactive measures to keep all systems secure. Therefore, it’s not a bad idea to appoint a Chief Information Security Officer (CISO) who would oversee all security-related operations. The CISO ‘s responsibility includes setting up a plan in case a breach happens.

The Right Measures Help Detect a Breach Quickly

The hospitality industry will remain a high-risk target for cyber attacks, and there will always be a risk. However, taking the right countermeasures will minimise hospitality business hacking. This ensures that if a breach does happen, there are rules in place that will help detect it quickly. Consequently, businesses take the right course of action.

Posted on

Why It’s Safer to Tether Your Internet Than Use Public Wi-Fi

Why It’s Safer to Tether Your Internet Than Use Public Wi-Fi feature image - picture of a pineapple

You’ve probably been in a situation where you desperately need an internet connection for your devices while you’re out and about. Most public places offer free internet. Public Wi-Fi, however, is risky business, and it’s best to avoid it.

The Risk of Public Wi-Fi

Coffee shops, airports, hotels, and restaurants offer their Wi-Fi without a second thought, but most lack proper security measures. Those networks are often the prime spots for hackers to execute their attacks and get access to sensitive information or spread malware. One of the most concerning ways they do this is with a device called Wi-Fi Pineapple.

Primarily, Wi-Fi Pineapple is used by companies specialised for penetration testing networks of various businesses. Even though the original use of the device is to audit wireless networks and test for vulnerabilities, hackers realised they could use it too.

How Hackers Use Wi-Fi Pineapple

Because Pineapple is so cheap (the whole kit costs about $100/£75), hackers use it to get access to sensitive information or spread malware.

  • They set it up as a fake Wi-Fi hotspot (known as a rogue access point –rogue AP), which enables them to do an attack called “Man-in-the-Middle” (MitM).
    • They fake a network SSID (name) that sounds reputable, like a hotel name, by changing one letter in the name, and then wait for unsuspecting users to connect their devices.
    • Once connected, they will intercept all communication between devices and the web.
  • Another way they can get your device to connect automatically is to spoof the SSIDs saved by your device.
    • When you have Wi-Fi on, your device will actively scan the surrounding for networks that you have saved and enabled auto-connect.
    • Your device does this by actually broadcasting the SSID of all saved networks.
    • Wi-Fi Pineapple can read those broadcasts, rename its SSID to match one of your saved networks, and your device will automatically connect to it.

It’s always better to tether your internet connection from your phone to avoid those risks.

Advantages and Disadvantages of Tethering Your Internet

Tethering is easy to set up –basically, you use your phone’s data plan to get an internet connection. It can be done via Wi-Fi, Bluetooth, or USB.

Advantages of Tethering

  • Safer than using public Wi-Fi
  • Your personal hotspot; nobody else can use it
  • Safe to browse all sites and log in to sensitive websites too (like a bank account)

Disadvantages of Tethering

  • Some carriers block this option, and you might have to pay extra fees to use it.
  • Can drain the phone battery quickly if the phone is not connected to a power source.
  • Can use up your data plan if your connected devices are not set up to treat the connection as a metered one.

Even so, battery drain or a small one-time fee is acceptable when compared to the risk of losing your personal information or business accounts because you used public Wi-Fi.

How to Tether Your Phone

ANDROID

For Wi-Fi tethering, you should go to:

  1. Settings > Wireless & Networks > Portable (Wi-Fi) Hotspot > Set Up Wi-Fi Hotspot.
  2. Enter SSID (name) of the Hotspot.
  3. Choose a security option – always go for WPA2 PSK (safest encryption).
  4. Set up Password.
  5. (Optional) Choose an AP Band – 2.4 GHz is the default, but you can go for 5GHz too if your devices support it.
  6. Turn on HotSpot, find it with your device, and connect to it.

For USB tethering, you should:

  1. Connect the phone to your device via USB.
  2. Disable Wi-Fi.
  3. Go to Settings > Wireless & Networks > More… > USB Tethering and activate it.

iOS:

  1. Go to Settings > Cellular or Settings > Personal Hotspot.
  2. Turn on Hotspot using a slider.
  3. You can choose to connect your devices via Wi-Fi, Bluetooth, or USB.
    • For Wi-Fi, you will have to set up Wi-Fi Password first (under Personal Hotspot).
    • Bluetooth connection only works with Macs, PCs, and third-party devices;to connect other iOS devices, you need to use Wi-Fi.
    • For USB, you will need the latest iTunes on the device you want to connect.

Keeping your personal and business data safe wherever you might be should always be your primary concern. Particularly in this day and age.

Even though public Wi-Fi networks are convenient, you are at high risk every single time you connect to them, even if it’s just for a few minutes. Tethering your internet is simple, convenient, and gives you your very own personal and secure hotspot.

Posted on

11+ Ways to Improve Your Email Security Today

finger pointing to a padlock - improve your email security tips

Email accounts are used as the most common point of entry by hackers to get access to networks and either disrupt services, steal information, or spread malevolent software to more accounts. But, if you improve your email security, you can prevent this!

So, What Is Email Security?

Put simply, email security is a term that encompasses all the measures taken to secure access to an email account and contents of all emails of that account.

15 Ways to Improve Your Email Security

Email accounts are fairly easy to hack, simply because of the sheer number of email accounts there are. With everybody having at least one account, a simple error like clicking an infected link is often enough for them to gain access.

Coupled with a lack of knowledge, some people are easy targets, and can be the weak link for businesses or home offices to get a malware infection or lead to a security breach.

This is why it’s important to be up to date with email security measures and be able to spot hacking attempts.

Here are some of the ways you can improve your email security and help keep your personal and business data safe.

1. Use Strong Passwords

Weak passwords are one of the simplest ways to get access to an email account.

Often, people use simple passwords out of convenience, but this makes them more vulnerable. Most services won’t even let you have generic or weak passwords anymore and demand that passwords have at least eight characters, must include upper- and lowercase letters, at least one number, and one special character.

Our tips for strong passwords include:

  • Avoid using meaningful passwords – like the name of your spouse, children, or pets, birthdates, and similar. It’s best to use everyday items that don’t have much meaning. For example, look around your room or office and pick an item or two, then use them to make a password.
  • Change your password every 3-6 months. Set a reminder on your phone or work calendar to do so.
  • Avoid leaving all of your accounts logged in on multiple devices ALL of the time.
  • Don’t write your password down and stick it to your desktop screen! (it happens more often than you think!)

Think it’s hard to steal your password? Read this:

2. Use Two-Factor Authentication (2FA)

This puts an extra layer of security in addition to a username and password. It makes it harder for attackers to gain access. With 2FA, the user, after putting in their username and password, also has to input additional information, such as an additional PIN or password, or a security token.

3. Avoid Logging In to Free Wi-Fi and then Signing into an Email

While free Wi-Fi sounds great in theory, in practice, it’s chock-full of hazards. Using public Wi-Fi puts you at risk of being hacked, as hackers might be using the same network to gain access to other devices – if you log in to your email account, they can easily get access immediately.

If you truly need internet access out in the public, it’s best to use your phone and tether a connection instead (just make sure you use encryption while doing so).

4. Use Professional/Paid Services and Avoid the Free Ones

While free email services are convenient (for example, Gmail), they don’t have all the features you might if you’re a business. Always opt for professional and paid services (for example, G-Suite email services) as they have priority support and better security features.

5. Educate Yourself

One of the best ways to stay secure is to be aware of all the risks and ways hackers might try to get access to your email. It’s extremely important for businesses to train their staff as well, to minimise the risk of someone accidentally clicking an infected link.

6. Use Anti-Virus That Includes an Email Scanner

Anti-virus software will scan your device for malevolent activity, but it’s not a bad idea to get AV software that also includes an email scanner. Such scanners will actively scan all links and email attachments and alert you about infected items.

7. Don’t Click Links from Emails and Don’t Log In on Email Pop-Ups

If you are unsure about a link from an email, never click on it. The link might lead to a site that downloads and installs malevolent software to your device. Any pop-up window that requires you to log in to your email is likely a scam too. Always log in through the actual service.

8. Check the Original Sender

If you receive an email that seems to be a bit off, always check the sender. Often, the sender name will be spoofed to make you believe they are someone else. You can do so by hovering over the “From” to see the actual email address and not the name of the sender.

9. Help Your Provider

Every time you mark an email as spam or junk and report them, you help your provider filter the emails better in the future. This way, harmful emails will never even manage to reach the inbox.

10. Be Careful Signing Up for Things.

Using the same email for all the services – from those you use regularly to some obscure mailing lists, is always a bad idea. Always have a “throwaway” or temporary email address for services or websites where you only need one-time access.

11. Check Who Has Your Email

Never share your email on just any websites or public places. Also, avoid posting to public forums with your main email address to make sure it’s not collected and ends up on spam lists.

12. Protect Sent Emails

Use encryption services to protect all sent email. Some services even make it possible to see the email only if the recipient has an authentication code, and you can redact access at any time you see fit. We use Microsoft’s Azure Information Protection and recommend it to our clients for automatic email and file encryption.  

13. Be Careful What You Share Online

Avoid sharing personal information that could give hackers an idea on what you are using as a password! And I’ll say it again, don’t use obvious personal information as your password!

14. Run Regular Backups

With so many ransomware attacks happening lately, make sure your data is backed up regularly, just in case!

15. Be Careful About Apps

Avoid installing apps from third-party sites on your computer, browser, or phone. They are often infected with malware. Instead, only download from trusted sources, and always regularly update them.

These are all ways to improve your email security, whether you’re a personal user, have a business account, or are looking for organisational email security! Just remember, the more measures implemented, the higher the security of an email account.