Attack Recovery: How to Properly Recover from a Cyberattack

Attack Recovery: How to Properly Recover from a Cyberattack

Attack Recovery: How to Properly Recover from a Cyberattack

Those four words no wants to hearYou have been hacked. As you begin to fight off a malicious hacker, you may find out you’re really facing more than one. Once you realize you’ve been breached, it’s time to quickly focus on recovery.  

Not all cyberattacks revolve around financial gain; sometimes the damage done is just for funMany attackers engage in recreational destruction by placing graffiti on digital signs, disabling your guestfacing systems, and shutting down your systems all together.  

If a franchise owner under large flagship holding company were to be breached, they would have to follow certain regulations on reporting the issue at hand appropriately. For the most part, the franchise owner would handle the issue themselves since they are an independent business. However, there are reporting expectations since it will be seen by the world as if the flagship company is the one compromised.  

Typically, during the recovery process, the flagship company would want to protect its reputation and reassurpeople the issue is not widespread. Simultaneously, the company would not assume any liability for the breach since they don’t own that franchise location and are not responsible for the breach occurring.  

In the case that it was an independent hotel facing this problem, they would have to take a slightly different approach of addressing it. 

Once you have determined that your system has been compromised, there are several things that must be done and asked to ensure the damage doesn’t escalate by answering these quantifying questions

Laying out the issue properly would require significant data gathering. Doing so can be done by conducting a forensic analysis on precisely what happened. Once that is completed, the property is better able to report the problem more accurately in addition to combating it effectively. 

If the problem were to cross the threshold of hurting more than 500 customers, the issue must be reported.  The state your property is located in determines whether you have to file a notice of breach as guidelines vary by state. However, depending on the industry, you would have to also report it to the industry’s regulating bodies. 

While all reports are being filed, the recovery process needs to begin. The first step being to close the holes and gaps found by the hacker. Next, rebuild the network. Once that is resolved, your property must investigate ways to prevent this from happening again in the future.  

Often, these investigations result in implementing the right kind of network controls and managing what a guest can and cannot access. Only operate with third-party cybersecurity vendors that test your network and your controls repeatedly, so the security controls don’t degrade over time.  

A good action to incorporate into your daily operation is to back up information so that if an issue occurs, you haven’t lost all your data. This is in addition to placing a backup off the network to ensure that your assets are safe.  

Cyber attackers have the opportunity to gain access to the sensitive information of your guests; if they obtain this access, they will abuse it. Information such as payment data and customer information are the kind of things that will be sent to an off-site location to be possibly sold on the dark web.  Prepare for the worst when working to secure your virtual assetsNot doing so could leave you open to a major attack.

How the Modern Cyber Hacker is Looking to Disrupt your Property

How the Modern Cyber Hacker is Looking to Disrupt your Property

How the Modern Cyber Hacker is Looking to Disrupt your Property

When your guests engage with the internet, every session comes with a risk of a hacker making their way to your hotel. When hackers approach, they are looking for valuable information that can be sold on the black market or are trying to cause a major disruption to your business. 

Top Hacker Targets for Hotels

  1. Payment Data – Storing this data anywhere will draw hackers in to try and take it from you.
  2. Customer Information – PII is sometimes more valuable than credit card information. This information can consist of several things such as home address, likes, dislikes, and luxuries that a customer enjoys.

Obviously, hotels gathering this information are attempting to create the best experience for their guests, not expose them to hackers. However, if a hacker has this information, they could find ways to expose your guests.  

All hackers are not in it for selling information or the money. Some do it for the fun of causing disruption – doing anything they can to hurt a business and its customers. Many attack vectors operate to abuse a hotel’s data so it can’t operate efficiently.

Typical Hotel Attacks

  • Disabling systems so people can’t check in or out
  • Shutting down systems
  • Placing graffiti or some other threatening language on digital signage
  • Embarrassing the guest with stolen data

When these attacks happen, hackers are coming with a plan to take everything and leave you with nothing. The best way hotels can defend themselves against attackers with these intentions and capabilities would be to protect your networks and improve best practices to support guest needs. 

The first solution is to have your networks separate. Keep the guest network completely separated from the corporate network. This should be done so to prevent guests from jumping between their network to the corporate network or point of sale devices.  

The assumption is that the guest network is identified as an untrusted network and doesn’t have authorized access to the trusted side of the network. However, within that network there are passwords that guests would have such as their name or room number to log on. 

From a best practices perspective, one scenario that we often see is a guest asking the front desk to print a file or an email. The minute the front desk agent opens the USB drive or email, the hotel may have been compromised. The attack may not even seem imminent yet; it is now enabled to seep through your network and steal information. 

Providing a way for guests to use secure public computers and printers is an easy way to provide this valuable service without compromising the hotel. 

Remember, hotels are a common target for malicious hackers, might it be for money, intelligence or fun. Regardless of the reason behind an attack, hotels must place safeguards between potentially malicious intentions and themselves to keep their property and guests safe.  


Is Your Property Prepared for a Cyberattack?

Is Your Property Prepared for a Cyberattack?

Is Your Property Prepared for a Cyberattack?

It is probably no surprise cyberattacks often happen when you least expect them or when you are most vulnerable. In what seems like something from a movie, hackers attempted to acquire data from a North American casino by using an internet-connected fish tank, according to a report released by cybersecurity firm Darktrace. The fish tank had sensors connected to a PC that regulated the temperature, food, and cleanliness of the tank. 

Any organization that holds pertinent digital information should have a highly secure system that will protect information from cyber threats. Breaches are not 100 percent preventable, however there are steps you can take to minimize that risk of liability. The systems that you deploy must be ready for anyone that attempts to steal your data. 

hotel that does not make guestfacing security a priority leaves themselves exposed to breaches that will be very costly in both the short and long run. The best approach is to identify what it is that you are wanting to protect, then to build several virtual walls around it as quickly as possible.

Security Penetration Test  

Some may think their property is ready for an attack until it happens; so, how could you test that theory to see if it’s true? A viable and simple way to find this out would be with a penetration test.  

A penetration test, also called pen testing or ethical hacking, is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. A pen test is also an important step in establishing PCI-DSS compliance.  

There are generally five stages to a properly conducted pen test. 

  1. Planning the scope of the test
  2. Scanning, assessing, and reconnaissance  
  3. Establishing access 
  4. Persisting access and attempted exfiltration 
  5. Analysis 

Once you have the analysis, it is important to prioritize the findings and quickly mitigate any vulnerabilities. A pen test should be conducted at least every year, and with the speed that hackers move, probably part of a regular risk assessment. 

The reality is that your property is going to need to provide more access to guests and have more IOT connected devices, so trying to reduce the technology will not be a competitive option.  I meet with a lot of clients who feel they can self-manage their property devices. Deciding to do it yourself when it comes to your security will only last so long.

Perils of DIY  

Doing it yourself could mean you are taking several privileges away from your guests and limiting what they can do at your hotel. You want them to be able to enjoy your hotel as if they were at their own home or workplace. 

System breaches occur, not because you take access and amenities away from guests, but they occur when attackers take advantage of the fine details that were missed. Data encryption, network segmentation, elimination of PII, and continuous monitoring of what is entering and leaving your networks are key examples of this. 

Cyber attackers are continually evolving and finding new ways to get what they want. For any cybersecurity system to last, it must continually mature, or it will become weak, unable to protect your guests from evolving cyber threats. Having your data security monitored by a single person is a daunting task even if they are knowledgeable about what they are doing. 

In summary, systems built for cyber defense, an evolving cyber plan, and annual pen testing will determine if your systems are strong enough to combat a cyber threat.  


Schiffer, A. (2019, April 17). How a fish tank helped hack a casino. Retrieved from


Third-Party Security Evaluations: Protect Your Property and Guests

Third-Party Security Evaluations: Protect Your Property and Guests

Third-Party Security Evaluations: Protect Your Property and Guests

When you run your business day in and day out, it can be difficult to see small imperfections in your operation. One of the critical areas that can go unchecked at times is the maintenance of your company’s security posture. The evaluation of your company’s security posture could be conducted internally, but if performed by a third-party vendor, the risks and vulnerabilities that may exist can be identified from a more objective point of view and potentially addressed faster and more appropriately.

Why Perform Third Party Security Evaluation

If you have designed your systems and networks, it can be challenging to be truly objective when reviewing your designs and implementations for gaps and weaknesses.  Cyber security may also be an additional duty for folks at your company rather than a core competency staffed with cyber security experts.  Companies that perform third-party security evaluations are typically manned with cyber security experts who have research departments identifying new cyber security weaknesses who perform security testing on many different organizations given them perspective and insight on best practices.  To get a full view of weaknesses and effectiveness of controls requires nuanced insight from seeing previously what works and does not work.  This is what they do all day, every day.  They will also have no subconscious bias as to the pros and cons of previous decisions made by the company.

Security evaluations should evaluate the people, processes, technology, data, and vendors that build out a company’s security posture.  They should ensure your corporate systems are safe from outside intrusion and your guest-facing technology is properly secured.  Each of these areas requires an investment of time and focus to thoroughly understanding when challenged can it stand up to the latest hacking techniques.

Internal security testing and validations should continue based on a comprehensive security policy and program.  However, these also benefit from a third party security evaluation to validate the internal controls are working and are regularly updated to meet the needs of the business and the security level of the systems.

References should be verified for any third party security testing company to ensure they have the necessary skill set, depth, and breadth to properly vet a security program.  Given the pace of technology change in today’s age with cloud computer, mobile computing, middleware integrations, and more, not to mention the lightning speed of malware development and hacking techniques, testing companies must show that they are keeping pace with today’s technology and today’s challenges.

How Often Should You Test and What Should be Tested

Initial testing of a network or system should be performed prior to release into production.  This results in a strong baseline to work against.  Then frequent testing should occur either annually or during any type of major change, whichever is more frequent.  This ensures changes do not negatively impact the environment and also ensures regular testing for new types of hacking techniques and zero-day vulnerabilities.

As mentioned above, testing should cover the full security program including people, process, technology, data, and vendors.  People in security roles (physical or digital) must be competent performing security duties.  This is as broad as background checks and physical access limitation to database security and effective logging.  There are so many potential attack vectors available to nefarious actors who want to negatively impact a company.  Processes must be executed consistently and in line with policy so changes do not introduce new security gaps or vulnerabilities.  Technology and data must be secured at the level of the sensitivity of the data.  Lastly, vendors who play a role in a company’s technology portfolio must be held to the same standards of the rest of the company security program.

The Aftermath

After testing is completed, gaps must be either remediated, accepted (if the fix action is larger than the potential impact), or offloaded through insurance or other means.  Critical gaps must be corrected before a system is allowed to be released into production, and if already in production, must be corrected with urgency.  Follow-on testing should then validate the vulnerabilities were sufficiently remediated.

When your company has performed a third party security test and has corrected (and validated) the remediations identified, the overall security posture of the company will be greatly advanced.  Creating a safe environment for your customers to enjoy is always the top priority –  physically or virtually.  The third-party security evaluations are done as a way of keeping the company accountable, correcting mistakes or new challenges, and having proof that you are being a good steward of cyber security.



The Benefits of Guest Facing Kiosk Security in Hospitality

The Benefits of Guest Facing Kiosk Security in Hospitality

The Benefits of Guest Facing Kiosk Security in Hospitality

When guests enter your hotel, they expect a clean and safe environment.  A worry-free place to relax, recharge, and help them get ready for their day.  Even in this era of multiple personal devices, market research shows that guests continue to expect [1] and use [2] public kiosks as part of their hotel experience.  And when guests use a hotel kiosk, they’re expecting the same clean, safe, and worry-free experience in the digital realm.  The kiosk is an extension of your business and brand.   Whether they’re using a business center or a surf station or a digital concierge, they assume that they’re in a safe place.

You have staff and security in the building to protect your guests from unwanted solicitors and bad actors like pick-pockets.  If a guest leaves a valuable in your public space, you have friendly staff to ensure it gets to the lost-and-found.  Yet sometimes these same basic protections are forgotten when guests enter your digital public spaces.

Kiosk security prevents threats from gaining access to your guest’s private information while they use the device.  It ensures a safe and clean environment for them to relax, recharge, and/or get ready for their day.  And if they happen to leave some valuables behind (personal information, account credentials, etc.), the right security solution will ensure that information isn’t available to the next guest or a snooping bad actor.

Security breaches and threats come in all shapes and sizes and from multiple attack vectors.  From childish pranks to inappropriate content to attempts to defraud or ransom guests, your kiosk security solution must be multi-layered and ever-adapting.

Your solution should guard against localized threats like physical key loggers tracking your guests’ key strokes or malicious software on thumb drives plugged into USB ports.  It should also keep innocent and malicious users alike from administrative functions of the operating system and applications.  Your solution should keep users away from inappropriate content and dangerous areas of the internet.  And it should stay up to date with the latest operating system, anti-virus/anti-malware, and application updates to keep pace with ever-evolving threats.  Finally, your solution should wipe clean all information left on the device after your guest is done using it.  This last point is critical to providing your guests peace of mind.  Would you feel safe using a kiosk littered with someone else’s information?

These protections not only keep your guests safe and protect your business from liabilities, they also help ensure your device is available for use.  With more and more kiosks moving to common areas (lobbies, etc.) [3], a nonfunctioning kiosk open for all to see is not a good look.

Public kiosks are just that: public.  An expected hospitality amenity open for all guests to use: mostly by users with innocuous intentions, but also by a minority with vandalistic or nefarious goals.  So make sure you have the right security solution in place.  Without a security solution or with an inferior one, your best case eventuality is a nonfunctioning kiosk and maintenance hours to fix it.  Other less desirable cases involve a dissatisfied guest or an embarrassing public relations episode.  For worse cases just read the news.

You work hard to ensure your entire team is aimed at delivering positive experiences for all of your guests.  Make sure your public devices are doing the same.



Safe Browsing Habits


Uniguest computers are secure, block dangerous websites, and remove all user data after every session so that your information is protected during and after each use. However, there are further steps you can take to protect your personal information.
Here are a few tips to ensure your safety:

• Never provide information, click links, or download attachments in response to emails from people that you don’t know, or emails you aren’t expecting.
• Never provide passwords, credit card numbers, or banking information via email.
• If an email contains a button linking to a website, you can preview the link address to check whether it matches where you expect to be taken. Use the mouse cursor to hover over the button. Or, right-click it, copy the link address and paste it into a text pad.
• If you receive an email from your bank requesting information, access its website directly via a browser rather than using the link provided in the email. Or, give them a call using the phone number on your card.

Web browsing:
• When making a payment on a website, the link in the address bar of your web browser should always begin with “https” or have a closed lock icon. This indicates the transaction is being conducted over a secure connection.
• Be careful to check the link carefully for any typing errors or unfamiliar aspects. Sometimes, phishing websites may look identical to the authentic site, but have a slightly different link address.
• If you are concerned about a website’s authenticity, do a web search for the website, use a link from the results, and avoid clicking on advertisements.
Most importantly, stay alert and trust your instincts! Even with the availability of secure computing environments, it is still beneficial to be aware of how you are interacting within these environments, and the extent of their coverage.

Johnny Poe, UCrew
Tier III Technical Lead