Straight Talk on Cybersecurity in Hospitality

By Oregon Restaurant & Lodging Association

Do you enjoy vetting software vendors and doing maintenance on your router? For many hospitality business owners, technology may feel like a pesky inconvenience, particularly when it doesn’t work correctly. And it’s very easy to let tech and cybersecurity fall to the bottom of your to-do list, as you juggle the many day-to-day details of running your establishment. 

Restaurants and Hotels are being targeted! No matter the size of your organization, ransomware and cyberattacks continue to grow. Approximately 80% of attacks result from human error. For many hospitality businesses, tech isn’t a strength and cyber criminals know it. While you’re busy creating great customer experiences, bad actors are looking for entry points to nab credit card data and gain access to your financial accounts. 
 
In February 2023, Kroll IR Spotlight Trends reported the Retail/Restaurant sector is the most impacted industry sector so far in 2023. Email Compromise and Web Compromise were the top threat incident types impacting the retail / restaurant sector. In February, threats against the retail / restaurant sector most often involved CVE / Exploit as the initial access method.

Business email compromise results in six-figure loss 
A restaurateur, building out a kitchen area, ordered several pieces of new equipment. With the grand opening date quickly approaching, the owners were eager to get everything completed on time. This enthusiasm led to haste and caused the CFO to miss warning signs of a cybercrime.  
 
A criminal had accessed the equipment supplier’s ordering system and sent the CFO a message saying a supply chain issue was going to cause a shipment delay. However, there was one piece of equipment available if he was able to pay the same day. The email came from a recognized address, and the CFO jumped on the opportunity. He replied to the message, followed the payment instructions, and ended up sending the funds to a bad actor. Money gone. No equipment.  
 
Cyber safety tips  
Cybersecurity professionals talk about “zero trust.” For hospitality businesses, this means slowing down enough to verify requests. If someone asks for money by email or text message, be skeptical. Verify the request by calling a known contact. And if you can’t verify it, err on the side of caution. Do not send a payment, banking information, or credit card details unless you are certain where the money is going.  
 
Further, examine emails for hints of foul play. Maybe the email address is wrong by one letter, or the time stamp is 2:00 a.m. Be wary if the wording sounds urgent, requesting a quick reply. 

Unfortunately, cyber criminals know this. Bad actors are targeting the hospitality industry in an ever-growing number of ways. Here are some cautionary tales, along with cyber safety tips to protect your business.

Free webinar to bolster your knowledge
Risk Strategies is hosting a free webinar on April 25, “Cybersecurity in Hospitality: Don’t get blindsided.” Register today and learn about common cybercrimes in our industry and how to prevent them. | Risk Strategies


Disclaimer: Articles featured on Oregon Report are the creation, responsibility and opinion of the authoring individual or organization which is featured at the top of every article.