Held every October, #CybersecurityAwarenessMonth is a collaborative effort between government and industry to ensure every American stays safe and secure online.
Headed up by The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), the month-long event highlights once again how important it is for businesses to be cyber-smart and aware of the impact of cyber-crime.
And with good reason. When a cyber-attack occurs, your business can face significant financial loss and a long-term reduction in customer confidence.
In 2020, CISA reported a sharp increase in cyber-attacks that target businesses using stolen logins and passwords. Many of these attacks happen because of human error with employees:
- Failing to install software patches and updates
- Clicking on malicious links
- Forgetting to update passwords
- Using simple, easy-to-guess passwords
- Ignoring multi-factor authentication (MFA)
Indeed, human error accounts for 95 per cent of all cybersecurity breaches, while 77 per cent of organizations do not have a cybersecurity plan.
Cyber-criminals exploit vulnerabilities in your systems and use a variety of phishing attacks to compromise the security of networks and devices. As cyber-attacks continue, businesses must become familiar with cyber essentials and make cybersecurity and resilience vital in their daily processes.
So how can you protect your business? CISA has the following cybersecurity tips:
Treat business information as personal information
The business information held by hotels and resorts typically includes a mix of personal and proprietary data. This includes company credit accounts and information such as employee personally identifiable information (PII) through tax forms and payroll accounts. Do not share PII with unknown parties or over unsecured networks.
Be cyber aware
Ensure that you and your staff are aware of possible risks such as malware viruses, ransomware, and phishing. It’s also essential for everyone in your organization to understand the risks and should your systems become affected.
Employees and emails are the leading cause of data breaches because they are a direct path into your system. Therefore, train and inform your employees on basic Internet practices.
It is important to remember that security measures only work if used correctly by employees. Don’t make passwords easy to guess, and make sure a process is in place to change them regularly and keep them protected. How many times have you seen passwords on PostIt notes stuck to computers? If you can access them, so can a cyber-criminal.
Creating strong passwords is an easy way to improve your organization’s cyber security. Make it a requirement that staff use strong passwords, including one uppercase letter, one lowercase letter, at least one number and ten or more characters.
And be creative with them. For example, customize standard passwords for different sites to stop cyber-criminals from gaining access to these accounts and protect you in the event of a breach.
Password managers are a great way to generate and remember different, complex passwords for each of your accounts.
Stay up to date to stay safe
Ensure that you and your staff keep the anti-virus software, firewalls, email filters, and anti-spyware you use updated to the latest available version. And maintain your security settings by turning on automatic updates, so you don’t have to think about it. You can also set your security software to run regular scans.
Back up your data
Remember to routinely back up data on all computers and ensure that the device where the backup is stored is offline. Backup data could include
- Financial files
- Human resources files
Limit who has access to the backup, use separate user accounts for each employee and always insist on strong passwords. Give administrative privileges to trusted IT staff and key personnel only.
Double your login protection
Enable multi-factor authentication (MFA) to ensure that you are the only person who has access to your account. Use it for email and, where possible, for any business software and encourage staff to use it for personal banking, social media, and any other service that requires logging in.
If MFA is an option, enable it using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
Monitor your social media
Fraudsters can gather information about you, your partners, vendors, and employees by searching Google and scanning your hotel or resort’s social media sites. Have a social media policy in place to prevent employees oversharing on social media, including:
- Conducting official business
- Exchanging payment
- Share PII
Add extra security for homeworkers
If you have employees working from home, make sure that you have tailored policies in place to protect you and them.
- Ensure staff only use company approved software and tools, including video conferencing and collaboration tools;
- Secure your online meetings so that only the intended individuals attend;
- Only share the data required to accomplish goals;
- Ensure home networks are secured.
Secure your networks
Make sure that you secure your hotel or resort’s network by using a firewall and encrypting information. If you have a Wi-Fi network, secure it by hiding the network, by setting up a wireless access point or router, so it doesn’t broadcast the SSID service set identifier and network name. Protect the router and put the password on.
It only takes one time
CISA explains that data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. Instead, many can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure.
Ensure that your staff are wary of unusual sources, do not click on unknown links, and delete suspicious messages after forwarding all phishing attempts to a supervisor.
If you’d like advice about your cybersecurity and how you can protect your hotel or resort, then contact the team at RedLive Media. You’ll find them in our Supplier Network Directory.
Why Human Error is #1 Cyber Security Threat to Businesses in 2021. (2021, February 4). The Hacker News.
September 2, 2021, from Meritalk.