skip to Main Content
+1 646 233 3503 | +44 870 803 4418 | +61 75 641 4646 info@quickmerlin.com
Cybersecurity: Protect Profits, Data & Peace Of Mind.

Cybersecurity: protect profits, data & peace of mind.

We observed Cybersecurity Awareness Month in October, so it’s a good opportunity to look at actions that resorts can implement to protect profits, data, and peace of mind.

Cybercrime increased 600 per cent in 2020, while ransomware emerged this year as a national security issue:

  • In 2021, hackers attacking oil company Colonial Pipeline received over $90 million in bitcoin (Business Insider, 2021).
  • The average downtime after a ransomware attack is 21 days (Sophos, 2021).
  • It is estimated that a ransomware attack will occur every 11 seconds in 2021 (Cybercrime Magazine, 2019).
  • While many businesses got their data back, of the 1,263 companies surveyed, 80 per cent of victims who submitted a ransom payment experienced another attack soon after, and 46 per cent got access to their data, but most of it was corrupted (Cybereason, 2021).

So, what are the top actions resorts can take to protect profits, data and have peace of mind? 

Integrity’s Chief Information Security Officer Scott Stevens, a Certified Information Systems Security Professional (CISSP), emphasized the importance of cybersecurity and protecting your business before an attack. 

“The risk is real,” he said. “Just this year, bad actors attacked multiple schools, financial institutions and hospitals. Once data is accessed, the attacker encrypts it and sells it back to the owner. If you are asking if your small to a mid-sized company is at risk, the answer is yes. It isn’t a matter of IF you will be attacked; it is a matter of when you will be attacked.” 

Integrity has identified necessary cybersecurity actions resorts need to take today that will help strengthen their systems against attack, identify their vulnerabilities and plug the holes in their security processes. 

1 Assess your cyber-readiness to determine the potential for cybersecurity vulnerabilities. Attackers often strike secondary targets such as devices like printers, networks (i.e., employees working at home), endpoints (a customer accessing your services on a tablet) and your supply chain members. You are only as strong as your weakest link.

2 Promote a culture of cybersecurity with both employees and customers. Educate both groups. In every business, you’ll find people underutilizing appropriate security measures. So, implement best practices like multi-factor authentication. Train employees to identify email phishing. Ensure both groups have strong passwords. Then test the strength of the implementation. Employ a backup solution that automatically and continuously backs up critical data and system configurations.

3 Exchange legacy cyber protection for end-to-end, AI-based security. While having this type of protection won’t stop an attack, it may eliminate loss or significantly reduce it. 

Traditional antivirus protection is dependent on “signature-based threat identification,” which can’t happen until your data is already breached. With endpoint detection and response, known as EDR, unusual behaviour is detected, and the system responds automatically to the threat without the need for human intervention.

4 Enable multi-factor authentication. Cybercriminals have become adept at stealing login credentials. Even the savviest employee is still occasionally duped into clicking on a phishing email. Enabling multi-factor authentication means that no matter how clever the criminal, they will still be missing one or more factors, preventing access.

5 Stay on top of security updates. A great deal of cybercrime is avoidable. Not responding immediately to security updates is akin to leaving the door to your house open when you know there are thieves in the neighbourhood. While security updates may seem mundane, they are anything but dull. They mean that a company like Microsoft has discovered a security vulnerability that could put your business servers and data at risk. The faster you install that crucial security patch, the safer your business will be.

Additional cybersecurity actions you can take to protect your resort include:

Dispose of electronic devices properly: Computers, smartphones, and tablets allow you to keep a great deal of information at your fingertips, but when you dispose of, donate, or recycle a device, you may inadvertently disclose sensitive information, which cyber criminals could exploit. There are a variety of methods for permanently erasing data from your devices (called sanitizing). As methods vary according to the device, it is essential to use the method that applies to that particular device.

Assess home network security for homeworkers: If you still have staff working from home, you will need additional protection and protocols. This includes:

  • Updating software regularly.
  • Remove unnecessary services and software. 
  • Adjust factory-default configurations on software and hardware. 
  • Change default login passwords and usernames. 
  • Use strong and unique passwords. 
  • Run up-to-date antivirus software. 
  • Install a network firewall. 
  • Install firewalls on network devices. 
  • Regularly back up data. 
  • Increase wireless router security. 
  • Mitigate email threats. 

Minimize access people have to your information: Identify who has physical access to your devices and, where possible, those who can gain remote access to your devices.  

Improve password security – one of the most vulnerable cyber defences. Improve your password security by doing the following

  1. Use security questions properly – use private information about yourself that only you would know. 
  2. Create unique accounts for each user per device – this reduces the impact of clicking on 
  3. Be suspicious of unexpected emails – Phishing emails are currently one of the most prevalent risks to the average user. 

So much of a resort’s activities rely on computers and the internet now —communication (email, smartphones, tablets), entertainment (social media, apps), reservations (online booking, credit card payments). Therefore, it is essential to protect your networks, devices, and data from unauthorized access or illegal use. We hope these tips can help.

Source:

CISA – https://us-cert.cisa.gov/

Integrity Technology Solutions – https://www.integrityts.com/

For the Indiana Chamber – https://www.indianachamber.com

Back To Top
LOGIN