Challenges to be met in 2022 – Hotel Law Blog – December 29, 2021

December 29, 2021

Find out how JMBM’s Global Hospitality Group® can help you.
Click here for the latest articles on data technology, privacy and security.

As hotels find new ways to use technology to attract customers and improve their properties, they must remain aware of the security challenges these technologies present.

Bob Braun, senior member of JMBM’s Global Hospitality Group® and co-chair of the company’s Cybersecurity & Privacy group, explains three basic issues for 2022 that all hotel owners should be aware of to keep their business and information secure. of their customers.

Security challenges in the hospitality industry
through
Bob Braun, Hospitality Lawyer

Like virtually all industries, the hospitality industry continues to face cybersecurity challenges. As 2022 approaches, hotel owners and operators face some basic issues that impact the security of their systems and their guests.

  • Wireless. Providing wireless internet connection to guests has become a ‘must’ for hotels – it’s no exaggeration to say that a potential guest won’t stay in a hotel that doesn’t provide free Wi-Fi. But hotel Wi-Fi systems, especially those in public spaces, have long been a soft subset of cybersecurity. Over the past 10 days, TechCrunch + reported that “an Internet gateway used by hundreds of hotels to provide and manage their customers ‘Wi-Fi networks has vulnerabilities that could put their customers’ personal information at risk.” . The system uses hard-coded passwords that are easy to guess and allow an attacker to gain remote access to gateway settings and databases; they can then use that knowledge to access and exfiltrate guest recordings, or reconfigure the gateway’s network settings to unintentionally redirect guests to malicious web pages.
  • Social media. Brands and hotel operators are increasingly using social media to promote their properties and attract customers. But social media depends on the collection and use of personal information, and that information makes hospitality businesses a prime target for bad actors. Their goal is not limited to credit card numbers; these malicious actors seek personal information that enables them to obtain credentials and infiltrate networks. When a malicious actor gains access to a network – which could be your own – they can pose an existential threat to an organization through ransomware, extortion, denial of service, and other attacks.
  • Sellers. Hotels depend on a multitude of suppliers and third parties to function. These range from point of sale systems to HVAC operators to property management systems. Every provider who has access to hotel systems – and it’s surprising how many do – poses a threat. When they have access to a hotel system, it creates an opening for a bad actor. In addition, each provider relies on a variety of providers themselves, which means that the provider of each provider who has access to the provider’s system can also have access to the hotel network. And as we’ve discovered from vulnerabilities caused by the much-publicized Solar Winds software and the more recently discovered log4j API vulnerabilities, even the most trusted vendors can’t be blindly trusted.

These aren’t the only security risks hotel businesses face, but they demonstrate the conundrum hotel owners and their operators face – the very elements that create security concerns are also critical to operations. . Hotels cannot stop offering Wi-Fi at the risk of alienating customers. Social media is a key part of hotel marketing, giving hotels the ability to target potential customers at a relatively low cost, which is especially important during today’s economic challenges. And suppliers cannot be eliminated; There are too many functions that require special skills and experience that hospitality companies cannot effectively bring in-house, at least at a reasonable cost.

But that doesn’t mean hotel companies can just raise their hands. If hotel companies have reasonable security efforts in place, they can control their risks and reduce the likelihood of a breach and the damage that results from it. Resources like the National Institute of Standards and Technology have created frameworks to help hospitality companies assess and manage their risks.

The Jeffer Mangels Butler & Mitchell Global Hospitality Group, in conjunction with the Jeffer Mangels Butler & Mitchell Cybersecurity and Privacy Group, works with hospitality companies to understand and meet their security and privacy needs, and we are ready for you. to help. For more information, contact Bob Braun ([email protected]) or Jim Butler ([email protected])

More information on cybersecurity issues

If you are interested in this article, you can also read other articles by Bob Braun on “Data Technology, Privacy and Security,” which include the following:

New Challenges for Hotels: California’s New Privacy Rights and Law Enforcement Act of 2020

Hotel managers and owners are warned – You are responsible for the data security of your hotel

The California Consumer Privacy Act – What Hoteliers Need To Know Now

Avoiding Hotel Data Breaches with a Risk Assessment ™ Audit – Lessons from the Marriott International Glitch

California passes the California Consumer Privacy Act of 2018

GDPR: What you need to know about the new EU data privacy rules

Cyber ​​Attacks on Hotels: What Should Hotel Owners and Operators Do?

Hotel cybersecurity: protect your guests and property from supplier data breaches

Bob braun is a senior member of JMBM’s Global Hospitality Group® and co-chair of the company’s Cybersecurity & Privacy group. Bob has over 20 years of experience representing hotel owners and developers in their contracts, relationships and litigation with hotel managers, licensors, franchisors and brands, and has negotiated hundreds hotel management and franchise agreements. His practice includes experience with virtually all major hotel brands and managers. Bob also advises clients on hotel condominium title issues and many transactional matters, including entity formation, financing and joint ventures, and works with companies on their data technology, privacy issues. and security. These include licensing agreements for software, cloud computing, e-commerce, data processing and outsourcing for the hospitality industry.

In addition, Bob is a frequent speaker as an expert in technology, privacy and data security, and is one of only two attorneys on the 2015 SuperLawyers list to be recognized for his expertise in security technologies. information. Bob is a member of the Advisory Board of the Information Systems Security Association, Los Angeles Chapter, and a member of the International Association of Privacy Professionals. Contact Bob Braun at 310.785.5331 or [email protected]


Photo by Jim ButlerIt is Jim butler, author of www.HotelLawBlog.com and founding partner of JMBM and JMBM’s Global Hospitality Group®. We provide business and legal advice to hotel owners, developers, independent operators and investors. This advice covers critical hotel issues such as buying, selling, development, financing, franchising, management, ADA, and intellectual property issues. We also have compelling experience in hotel litigation, union avoidance and union negotiations, as well as cybersecurity and data privacy.

JMBM’s Global Hospitality Group® has been involved in more than $ 87 billion in hotel transactions and in more than 3,900 hotel properties located around the world. contact me at + 1-310-201-3526 or [email protected] to discuss how we can help you.


How can we help? Brochure References Photo gallery


Source link

Comments are closed.