This post originally appeared on HFTP Connect: The Hospitality Professionals’ Blog as part of the 2012 Hospitality Industry Technology Exposition and Conference (HITEC).
I came to HITEC 2012 as a guest blogger. So, it’s a bit ironic that I’ve experienced technical difficulties tweeting and blogging about technology the last couple days. But after hearing Tuesday’s keynote address on hacking in the hospitality industry, I’m glad I had a notepad and pen in my conference bag.
Hacking expert Josh Klein shared the top common ways hackers can access data of unsuspecting travelers and properties:
- Flash Drive – A flash drive is the easiest way to attack an institution. Everyone uses them. Vendors distribute them. People share them.
- Pony Express – A pony express is a device that looks like an ordinary power supply cord. But actually it supplies the hacker with data from surrounding unsecured wireless networks.
- Smart Phone – Smart phones have all the tools a hacker needs – camera, internet, social media, apps, and more. And most smart phone users are not so smart in public places.
- Walk In – Blending in as a guest or employee is simple. A hacker can walk in and walk out with any device or data.
From there, the hacker can easily access hotel guest’s personal data using malware. Online data searches of public records and social media provide the necessary credential information. YouTube videos demonstrate how to physically break into rooms and how to steal property and data.
Hotels are the top destination for hackers. Hotels provide a large volume of valuable personal and financial data and have a steady stream of transient strangers. Key areas that are often overlooked include:
- Wireless Networks – Provide guest access on a different network than hotel operations and point of sale systems.
- Electronic Hardware (TV’s, HVAC, etc.) – Change default passwords from vendor to secure passwords.
- Business Center – Secure equipment, network, and any software provided to prevent malicious use and theft.
- Ballrooms – Secure Ethernet portals and any electronic equipment when not in use.
Josh’s main point for hospitality technologists was to be careful and stay safe. Key summary points for maintaining a safe and secure property were:
- Lockdown electronic hardware
- Encrypt your network connections
- Secure your guest services systems
- Educate your staff to create secure environment
- Check yourself regularly for breaches
Since this session, I definitely found myself paying extra attention at HITEC. Today, the person sitting next to me asked for the convention center wireless access ID. I replied “Oh, did you attend the hacker session on Tuesday?”