Many travellers communicate with the office, with friends and family, using wi-fi. This cuts the costs of communication – but at what real cost? We all hear that all sorts of people are spying on us, but do we register this? Are we careful? Who is monitoring our communication, seeking business secrets, bank log-in details, and all sorts of other info? PwC issued a warning this week that we may be especially at risk in hotels, although the same may apply to coffee shops, the Wi-Fi at the gym, the access offered at conference centres, and so on.
The focus of the PwC warning was that hotels may be at special risk from wi-fi intrusion and other hacking.
“Each charge made at a spa, gift shop, bar or restaurant during the course of a guest’s stay is another opportunity for cyber theft,” said Nikki Forster, Hospitality Industry Leader for PwC, Southern Africa, in a news release we were sent this week.
“For business travellers, access to fast and low-cost internet is a must-have. But these Wi- Fi connections are not always secure. And that is a security gap that cyber criminals are making use of,” adds Forster.
PwC’s Hospitality Outlook 2015-2019 warns that the security of guest information and operational technology has emerged as an enterprise-wide business risk for the hotel industry. These cyber risks are influenced by the growing strategic importance of technology and increased value of intangible assets, such as guest information, created and managed on hotel technology platforms.
“Over the years hackers have been infiltrating hotel networks and have infected hotel-owned computers and guest computers with the aim of stealing personal and confidential information. Warned PwC.
“Hotel networks have been attacked using mathematical techniques and crypto-analytical offensive capabilities.
“This is usually done by hackers waiting for guests to check in and log on to the hotel Wi-Fi, usually by submitting their room number and surname.
“Thereafter the hotel guest gets tricked into downloading and installing a so-called backdoor file, which pretends to be an update for legitimate software, such as the Google Toolbar or Adobe Flash.”
“The unsuspecting guest downloads this hotel ‘welcome package’ only to infect his or her machine with spying software. Once on a network, the backdoor may be used further to download more advanced tools such as an advanced key logger. Downloaded software may also look for Twitter, Facebook and Google login credentials, as well as other private information.”
PwC claims that South Africa was hit by a massive cyber fraud attack during 2012 and 2013 -in which the payment card systems of thousands of shops, restaurants and hotels were compromised. The attackers used malware known as Dexter and were linked to a series of attacks on point-of-sale systems worldwide.
The malware skimmed and transmitted credit cards’ magnetic-strip information, allowing clone cards to be made that were then used for fraud.
Suggested precautions include keeping up to date with antivirus software before leaving home; avoiding updating software or clicking files when not on trusted networks; and using a virtual private network (VPN) to establish an encrypted communication channel when accessing public or semi-public Wi-Fi.
“The impact of a cyberattack can be far-reaching and devastating,” said Veneta Eftychis, Senior Manager, PwC Hospitality and Gaming Industry.
“Costs can include forensic computer investigations to confirm the breach and identify whose information has been put at risk. Other costs include credit or identity protection services for affected individuals, and crisis management and PR specialists to help mitigate the potential fallout from breach event.”
A breach of cyber security can also affect a company’s performance. Recent breaches have been seen to have an impact on customer loyalty and store traffic.
“Unfortunately cybercriminals are getting faster and more sophisticated. To stem the tide hotels also need to stay proactive and put a strategy and incident response plan in place. As part of the plan hotels should be aware of policies and processes relating to data breach, and educate staff on protocols,” Eftychis suggested.
I have some good friends in the IT world, who have warned me never to enter a password or do any online banking while connected to Wi-Fi. They even warn that your cellphone can become a listening device, if someone has managed to breach its security features, and to download software which can be used to listen in to private conversations, and to transmit these. So while Wi-Fi may seem free, it can be immensely costly if some smart crooks use it to spy on you.
Tweet of the Day:
Famous-Quote.net (@famousquotenet): A great many people think they are thinking when they are merely rearranging their prejudices. – William James
ZA Confidential is a subscription newsletter. For subscription details, to invite us to events with edible food and drinkable wine, or any other communication, please contact: firstname.lastname@example.org
Follow us on twitter: @zaconfidential @dievinein @clasfras1