Digital and Cyber Capability

There are many examples of data security breaches in hotel chains. One hotel chain, ‘The Marriotts’ reservation system was hacked with an estimated 500Million reservation information stolen.  This figure was later reduced to 383Million once the investigation had completed.

‘Those stolen records potentially include; unencrypted names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, dates of birth, genders, arrival and departure information, reservation dates, and communication preferences.’[1]

The company who provided the reservation service subsequently had its contract terminated.  The reservation system was compromised for four years before the discovery. For those who had their identity stolen and replaced their passports was paid for by the hotel chain.

While there is little you can do as a customer to protect your personal information given to a hotel, you assume they will protect this information sufficiently.

Steps to reduce Cyber Risks

Hotel chains can train their staff and dictate the security requirements for Cyber Security to any third party connected to their business.

A Cyber Risk assessment combined with a Cyber resiliency review would have gone a long way to help mitigate the attack, which is more than just an audit. Staff trained in Cyber Security and not just Information Technology would also help reduce the risk.

If you are using the hotel’s Wi-Fi, assume that what you send over the network can be intercepted and monitored as you do not know the level of security applied to that network.

You can use a Virtual Private Network (VPN) to help reduce the risk of eavesdropping your data.

Keep your computer operating systems and software up to date, especially since you do not know if their system is already compromised.

Keep your electronic devices with you and if you must leave your laptop in the room, then put it in the safe.  However, remember, all safes have a default backdoor to get into in case the customer forgets their code.

These simple steps will help reduce the risk of compromise.

[1]  https://www.theregister.co.uk/2019/01/04/marriott_stolen_passport_numbers/

For More Info on Cyber Reconnaissance (risk assessment) Training

Another Cyber Attack against Medical Institutes, has my information been sold to criminals?

Hackers break into two firms hosting medical care databases with 425,000 records and 200,000 payment details![1]

Another medical breach last month with hackers making off with hundreds of thousands of banking details.  This happened over eight months before it was discovered!  There is a considerable backlash, and the US Senate wants answers, asking if any security audit was conducted?

Another hospital in the UK this month had to cancel all its surgery and appointments while the IT team tried to resolve the issues.[2]

We put so much trust into 3^rd party vendors looking after our private information and assume sufficient Cybersecurity controls are in place.  It is imperative that companies understand the risks involved in trusting vendors with your data, especially if the vendor does not have a good Cyber Hygiene regime in place.

How can an organisation reduce the Risk of a breach?

Proper processes and procedures are needed for times of operational stress and these needed to be practised and tested. Critical information assets[3] need to be identified and protected so that companies can continue to function if they come under a cyber attack.

Both IT and general staff must have Cyber awareness training, and this should be delivered from an organisation that brings real-world context to the scenarios.  This approach has been proven to be the most cost-effective way to reduce risk; as reported in the media from several sources in Australia, including some Government agencies.

Follow these steps and be part of the Cyber Security compliance solution.

Step 1

Train your staff

Step 2 – 8

You will find out by doing step 1.

[1] https://www.theregister.co.uk/2019/06/06/congress_amca_leak_quest_labcorp/

[2] https://www.theregister.co.uk/2019/07/03/cisco_network_outage_hospital_appointments_and_surgery_to_be_cancelled/

[3] Assets that are critical to the organisation that if they were destroyed, made unavailable, disclosed or modified then the organisation would not be able to continue to operate.

For More Information Specific to Medical Practices Click Here

How will a data breach at your Law firm impact your business?  It’s more than just your reputation at stake!

Legal entities are a prime target for criminals, imagine case files leaked that will affect the outcome of a trial, or put lives at risk by releasing the witnesses names, and where they live.

Law firms may be held accountable for negligence in not having sufficient Cybersecurity in place and could be liable for prosecution by third parties.

Business critical information and Intellectual Property are valuable sources of information for criminals and state-sponsored hackers.  This sort of data is available in every law firm, and breaches are continually being reported in Australasia.

A recent report from Australia estimated that the average cost of a data breach per organisation is 1.9Million Australian Dollars[1].  However, there are some simple steps an organisation can take to help mitigate this risk.

Simple Steps.

Have a review of the Cyber Security Maturity within your organisation and identify what your critical information assets are by conducting a robust and structured risk assessment.  This will help you determine what you do and what you don’t need.

Train all company staff in Cyber awareness, including your Lawyers with an online Cybersecurity awareness program.

Conduct Cyber awareness training for onboarding all staff before they start and annual refreshers.

[1] https://www.ibm.com/security/data-breach

More Info Cyber Security Awareness Training