Internal and External Security: Hospitality Industry
Who would mount a cyber-attack on a hotel or hack the computer system? Hackers. Hackers see opportunities where no one else sees them and black hats and white hats provide the need to view the hospitality industry with caution. Managers need to be keenly aware of threats both internal and external to mitigate data loss and privacy issues as a serious breech could result in brand damage.
The hospitality industry is today highly dependent on well-designed security systems. This dependency on security systems has developed out of the continued advancements and incorporation of electronic applications into hospitality operations. These operations require friendly navigation and secure transactions processing coupled with seamless integration of security protocols. The ability to create comfortable and secure applications for users is one of the most important aspects of competitive advantage in the hospitality business.
The ability for customers, both internal and external, to utilize applications creates security issues. The threat has been created by the increasing number of links that access organizations such as web based services for customers and suppliers. There are so many different points of access that it is almost impossible to have 100% verification of ‘who’ is accessing the system. For this reason, firewall filtering software, VPN encrypted tools and other tools have become essential in maintain operations.
The largest privacy issue concerning privacy stems from the internal threat. This problem is most commonly associated with operations in which information is passed at the point-of-sale (POS). Multiple users can affect the security of any POS systems. When customer information such as credit card numbers are being utilized in transactions, the threat of the employee stealing this information is at its highest. This is the most common way that privacy is breached. For hotels this problem is worsened by the fact that extensive customer information is often required such as drives licenses, addresses, and phone numbers. presents itself during the process of user interaction between POS register and customer. The more information that is required from customers; the higher the risk of internal theft. Many individuals have discovered that downloading company sales lists and suppliers can be highly profitable when information is sold to the right person or group (Miller, 2011).
There are a variety of external threats that endanger privacy in the hospitality industry. Because most database and POS systems operate using Windows based platforms, they are vulnerable to viruses, malware, and hackers. Viruses and malware can seek out user interactions within secure network. These forms of attack are intended to discover passwords, credit card number, and personal information.
Viruses also present the danger of being malicious rather than deceptive. Some viruses are designed to damage individual or multiple systems, rather than seeking information. This action presents an added threat to privacy because when systems collapse or malfunction, transactions must be entered manually (Tesone, 2006). The result of this action is that personal information is much more accessible and higher risk of theft.
More often the hacker’s intention is to test the vulnerability of networks and systems. The intention is to find holes in the system that allow for ways to bypass security and gain remote access to files (Tesone, 2006). Hackers do not wish to be discovered because they can continue stealing information as long as they remain hidden.
Internal threats to physical plant are the most dangerous threat. This is the easiest way to lose information, despite the security measures. Internal threats to IT databases take the form of employees, customers, and any other organizational member that has some form of access to the system. The internal threat has been created because these users must be given access to the system. Employees are the worst threat because they have the greatest chance of penetrating the system. They also have access to certain amounts of information. The threat today is serious as many unethical people will purposely take jobs in order to gain access to systems. Once in, they can bypass firewall settings, download malware or a virus. This same problem can happen unintentionally as well as intentionally. In fact most of the threats from internal users are caused by the unintentional downloading of viruses and malware.
One large factor adding to the internal threats is the actual handling and storage of physical equipment. Companies often spend enormous amounts of money to protect unauthorized internal and external breaches, but neglect to protect the physical equipment (CyrusOne, 2012). Equipment needs to be stored securely. If a person has access to the equipment he or she may find it easier to steal a terminal or POS system to access it later from a different location. Employees with laptops are good example of how a system can be stolen.
The largest web based security threats come in the form of web spoofing. Web spoofing is usually in the form of a fake webpage which is designed to allow fraudsters to build look-a-like web pages that target business customers. Typically, these pages are accessed through emails that take the customer to a web page that looks like the payment page of the business. Customers then enter their credit card information or passwords and their information is then stolen (Connolly, McFadden, & Nyheim, 2005). An employee accessing a spoofed page in this way could create serious threat to the system. Hackers will often target specific individuals whom they know work remotely.
There are many standard protection applications that need to be implemented to prevent the organization from being infiltrated. The most common networking solution that prevents infiltration is the firewall. The firewall enables the company to monitor and allow access to only specific users, programs, scripts or resources. Most firewall software stops intrusions before they reach the internal network. More advanced firewalls can monitor internet activity, intrusions, and warn about possible threats.
Guarding against internal threats often requires a less sophisticated approach. Video monitoring and policies which create redundant checks to activities can eliminate many threats. For example, having managers review transaction logs of employees can reveal suspicious activity.
There are many new applications designed to eliminate internal threats. Software advancements allow for the monitoring of employee behavior and actions. These applications can also limit access to sites that pose a risk such as social media and pornography (Gale, 2007). This software allows managers to track employee internet habits and can help reduce time wasted. As well, these software systems can alert managers when possible intrusions or suspicious behavior is taking place within the system.
Finally, one of the most practical means for protecting the system is to enforce policies which govern user practices. Employees should be told what is acceptable and unacceptable behavior within the system. As well, users need to be made aware of possible threats such as spoofing and the means to avoid these attacks. One of the most important factors in protecting the system is to create policies which enforce responsible data stewardship. Employees must know what the proper way to treat data is and how to be responsible with the information they deal with.
Perhaps the most important department with regard to creating a secure system is human resources. Human resources plays a vital role in data security by providing background checks, policy distribution, and internal employee monitoring. Human resources provides the means for hiring the most qualified individuals whom are least prone to theft. Many risks can be avoided by hiring the right people.
There are many HR companies that have gone as far as to track employees and their movements. Using Remote Frequency Identification (RFID) allows door system monitoring, tracking employee movements, and determines access to specific areas (Gale, 2007). Human resources will typically track this information and provide information to management as needed. It is important to remember that security can be controlled through the proper allocation and recruitment of people.
Today, the hospitality industry faces many threats from internal and external sources. The ongoing improvement of security systems is a priority for most companies. As a function of competitive advantage, companies need to be able to guarantee privacy and security to maintain customer loyalty. This guarantee means that ongoing improvements must continue in order to maintain the balance between user friendly applications and secure transaction processing. The future of hospitality management will no doubt continue to follow this trend as technological advancements increase protection but also increase risk.
Tesone D. V. (2006). Hospitality information systems and e-commerce. Hoboken, NJ: Wiley & Sons.
CyrusOne. (2012). About Us. Retrieved September 30, 2012 from http://www.cyrusone.com/index.php?do=home.about_us
Connolly, D. J., McFadden, F. M., & Nyheim, P. D. (2005). Technology Strategies for the Hospitality Industry. Upper Saddle River, New Jersey: Pearson Prentice Hall.
Millar , I. (2011, May). Hotel internet security concerns. Retrieved from http://hotelexecutive.com/business_review/3048/hotel-internet-security-concerns
Gale, D. (Jan 2007): Next-Generation Security Devices. Hotels, 41(1), 45.