Traveling with a watchful mind in the cyber era - comment

Morphisec, an Israeli cyber prevention firm based in Beersheba, indicated that the “sophisticated attacks on the hospitality industry are only becoming more frequent and advanced.

 EVEN AFTER THE Cyberserve/Atraf disaster, Bennett is more afraid of overregulation than he is of lacking the power to save the private sector from its own occasional cyber laziness or cheapness. (photo credit: KACPER PEMPEL/ILLUSTRATION PHOTO/REUTERS)
EVEN AFTER THE Cyberserve/Atraf disaster, Bennett is more afraid of overregulation than he is of lacking the power to save the private sector from its own occasional cyber laziness or cheapness.
(photo credit: KACPER PEMPEL/ILLUSTRATION PHOTO/REUTERS)

One of the most remembered hotels is Fawlty Towers, from the eponymous 1970s BBC sitcom with the legendary John Cleese. 

This fictional hotel in the seaside town of Torquay will probably make it to every hospitality training professional session in order to get the audience in a good mood.

However only a handful of people notice, watching it today, that information wise, it was probably one of the safest hotels ever. Reservations were handled by a landline phone and letters. Registration protocols were done on paper. Keys were made of steel. Payments by cash or checks. Cyberattacks were fiction in that fantasy hotel.

Today, as hotels are still suffering from employee shortages due to the pandemic, technological solutions seem to be the remedy. When manpower becomes less and less frequent in places where hospitality is a prime directive, machines are taking over.

Nowadays, hotels, led by global chains, collect an overabundance of personal and financial information. These include names, addresses, credit card information, passport and identity documents and sometimes food preferences and allergies. Only recently, the Financial Times reported that hotels and hospitality businesses are now the third-most targeted by cyberattackers of all industry sectors. 

 THE WORLD of cyberattacks has changed in the last year.  (credit: Adi Goldstein/Unsplash) THE WORLD of cyberattacks has changed in the last year. (credit: Adi Goldstein/Unsplash)

Morphisec, an Israeli cyber prevention firm based in Beersheba, in its detailed 2019 hospitality report, indicated that the “sophisticated attacks on the hospitality industry are only becoming more frequent and advanced. In addition nearly every major hotelier – Hilton Worldwide Holdings, InterContinental Hotels, Radisson, Trump Hotels, Loews Hotels and Hyatt Hotels, among others – has dealt with some type of breach over the past few years. Just as cybercriminals target banks and financial institutions, they are drawn to the hospitality industry for the payment information they hold on millions of customers. And with their widespread networks and multiple entry points for attack, hospitality establishments make a significantly easier mark.”

Mariott was recently fined around $23.8 million in penalties as a result of a data breach that occurred in 2014. The attack compromised credit card details, passport numbers, and birth dates of more than 300 million guests stored in the brand’s global guest reservation database. The worst nightmare of the hotel industry ever.

Cyber breaches are the No. 1 enemy of hotel guests. How safe are we from these terrifying consequences?

Israeli tourism expert Joseph Fischer, with 40 years of working for leading international hospitality brands, is disturbed by Israeli hoteliers who “rely on the fact that Israel is a cybersecurity power and that our national cyber system will prevent attacks from the outside,” he says.

“In fact, in Israel, the risk of cyberhacking into hotels is several times higher than in other countries for the simple reason that the number of Israel’s enemies is much higher. In addition to the criminal danger presented by hackers working for local and foreign criminal organizations, in Israel there is also a significant danger on the part of terrorist organizations. Numerous foreign countries are investing considerable efforts in Israel, and for them, extracting information files from hotels is a relatively simple matter. To these must be added the Hamas and Hezbollah hackers, which may not have the capacity of a country, but cannot be underestimated.” 

Fischer is concerned mostly about standalone hotels that have no real protection. 

“Guests who connect to the hotel’s Wi-Fi network do so at their own risk and do not understand the great danger posed to their private information”, he says.

Hotels information technology expert Agam Dor, who until recently headed the Hilton Tel Aviv’s IT department, is confident the international hotel brands are doing a decent job in protecting their hotel guests. 

“While small independent lodging entities will use a small low-cost Internet supplier due to financial savings, the international brands with the significant financial capabilities understand how important it is to defend their customers from devastating cyber breaches.” 

Dor explains that hotel brands work according to professional manuals, use credible suppliers with state-of-the-art equipment, update their system constantly when a potential cyber weakness or breach was recorded anywhere in the industry and put the guests’ privacy as their No. 1 priority.

“The best way for travelers to defend themselves from any kind of cyberattack relies on their own behavior,” Dor says. 

From his own experience, he provides four useful tips for travelers:

  1. Book a reservation only through a link of the brand’s website or an agency. Small hotels are offering a designated, secured link for bookings. Use them. Never provide credit card details via email, SMS or social media.
  2. When you connect to the hotel’s Wi-Fi after checking in you are usually asked to provide your last name and room number. Make a mistake intentionally. If you are able to use the Wi-Fi, you’re not using the hotel’s secured Wi-Fi and it’s a warning sign to disconnect immediately. If you can not connect, it means you are safe. Type the right information and start surfing.
  3. Open links only if you are certain you know who the sender sin and only with links that start with the letters “https.” These links are usually the safest.
  4. Use a VPN whenever possible. A virtual private network extends a private network across a public network and enables users to send and receive data in shared or public networks as if their computing devices were directly connected to the private network. The minimal monthly cost via a mobile phone app is worth it, says Dor.

Nowadays cybercriminals are unfortunately part of our world and the light at the end of the tunnel is not to be seen. Hotels like the one in Fawlty Towers were once a reality. Today they are pure fiction. Our present-day reality, which would have once been considered science fiction, is a sad reality. As travelers we must stay alert and watchful to make our privacy relatively safe while staying in hotels. Opening our minds is always mandatory.

The writer is the Travel Flash Tips publisher.