The hospitality industry consists of numerous leisure locations, products and services that attract tourists from all over the globe; they include lodging, restaurants, theme parks, cruise lines, spas and other businesses that focus mainly on disposable income. The nature of the business requires that large volumes of private customer data and payment card data are stored and processed by the hospitality industry. This makes this industry a prime target for cybercriminals. Countless high-valued targets are hosted in major cities nationwide such as Las Vegas, Miami, New York, Los Angeles, etc.
The targets are not only the individuals themselves or the sensitive data that those companies possess. Shutting down or internally destroying a business by having access to their internal infrastructure can sometimes do more damage than a data breach. Controlling plumbing, heating, and air conditioning systems can do an extreme amount of damage but having access to electrical systems like locked doors or theme park ride controls can be life threatening! In addition, the damage that such attacks could do to the reputation of not only the company being attacked, but also of the tourist venue in concern, can result in huge losses. We have had examples in the past where multiple robberies in a tourist destination have caused shrinkage of the number of tourists visiting that location. Cyber thefts are no different – on the contrary, a cyber theft can have a large scale impact and affect tourism at a venue at a much more damaging pace.
Our services for the hospitality industry
The most basic compliance requirement for any business in the hospitality industry to address is a PCI assessment which will help them be compliant while processing credit card payments and avoid penalties or charges assessed for non-compliance.In addition, hospitality businesses can benefit from our Cybersecurity services such as:
- Security Risk Assessment
- PCI assessment and compliance
- Information security program improvement
- Creation of policies and procedures
- Incident response planning
- Vulnerability assessments and penetration testing
- Physical security testing and social engineering testing
- CISO as a service
- Security Awareness training