Cyber Security
Are your digital networks at greater risk in the age of Covid-19?
It’s time for the hospitality sector to learn from the Covid crisis before it’s too late. Follow our six-point health check to ensure your networks are fit for purpose and ‘work-from-home safe.
With lockdown measures finally easing, now is the perfect time to give your digital networks a thorough coronavirus health check. Think of it as your chance to learn from the Covid-19 crisis and create a master plan for what could be tough months ahead. Your ideal Covid continuity plan should be built around the need to guarantee future core operations in the event of a feared second wave and also the urgent job of protecting networks, customers and staff from infection – both viral and cyber.
Our conversations with hospitality firms show that many companies are already preparing their plans, but it should really be a case of sooner rather than later. Here are the critical areas we recommend you address in your network health check:
1. Consolidate network changes made on the fly
When the pandemic first hit, and head office core functions were suddenly forced to work from home, the initial IT response was often more ‘quick and dirty’ than ‘market leading’. Some employees may have already been set up for home working, but the wholesale switch put a massive strain on networks and their administrators.
Quite often this switch was done on the fly, with the focus quite rightly on business continuity first, rather than best practice. With fresh Covid-19 outbreaks recently reported in Wales, Germany and South Korea it would be short sighted to ignore the very real possibility of a second lockdown. The difference this time is that the hospitality sector has a chance to bake in the kind of network agility that enables all head office staff to switch between home and office working when necessary – at the drop of a hat.
2. Switch to digital telephony for speed and instant scalability
Perhaps the minimum level of remote working connectivity is the ability to transfer work phone calls to either your employee’s mobile phone or home landline. Modern telephony systems can do this and much more, ensuring important calls get through to the right people every time – no matter where or when they are working.
Digital telephony systems can cater for any size of hospitality business, from 20 to 2,000 lines. They can also be scaled up and down at the press of a button – perfect if a workforce has to shift to home working overnight. No extra hardware or third-party systems are necessary and the whole package can be delivered and managed for you, if desired.
3. Make sure your network is ‘work-from-home safe’
After months of working from home, your head-office employees may now all be online, but is your network safe? Cyber criminals are notorious for exploiting human as well as network weaknesses, and you can bet they won’t call a ceasefire during the pandemic. If they’re not phishing for log-in credentials, they’re using the cover of public holidays and office downtime to attack companies. For example, the Travelex hack, which put the currency trading firm offline for weeks, costing millions, was launched on New Year’s Eve to exploit employee holidays. Similar challenges around Covid-19 offer a potential treasure trove of opportunities for criminals.
So, how should hospitality firms address the threats raised by an increase in home working?
The first question organisations need to ask themselves is whether their employees are using their personal devices to log on, view and store company data. A VPN and firewall will go a long way towards preventing a hack or malware infection of your network, but a privately-owned laptop is still a big risk if the user is viewing sensitive data. Assuming your network already has a high-level of cyber security, the next step for any hospitality firm should be penetration testing every time a significant change is made to the network.
While a regime of quarterly vulnerability assessments are beneficial, a full penetration test is best practice following any major network change, with a Qualified Security Assessor (QSA) able to highlight network weaknesses and potential back doors.
4. Get smart and adopt a layered approach to network security
The belt-and-braces solution to securing your hospitality network during the ‘new normal’ involves real-time visibility of all activity on your network. You can do this by installing a Security Information and Event Management (SIEM) solution which collects, analyses and logs activity across your entire IT infrastructure. A SIEM solution collects activity data from a wide range of sources including network devices, servers and domain controllers, to name but a few. It can detect attacks missed by enterprise security systems, help with compliance and make a wide range of data available on one dashboard.
A natural extension to SIEM is a full User and Entity Behaviour Analytics (UEBA) solution. Rather than focusing on devices on your network, this analyses who is responsible for the activity and whether their behaviour is risky. For example, if the log-in credentials belonging to your Manchester-based finance director are suddenly used on device in Nicaragua the system will sound the alarm and deny access. Similarly, if a junior member of your legal team attempts a bulk download of personnel files, UEBA will flag it up and slam the door shut until administrators sound the all-clear.
5. Upgrade Wi-Fi to protect your staff and customers from infection
Your digital networks also have a critical role to play supporting front-line operations and preventing human infection. In addition to using app ordering and contactless payment which Wi-Fi can support, hospitality firms are now required to capture the contact details of your customers to support Track and Trace. By implementing a Wi-Fi overlay solution, you can capture the contact details of your customers before they enter your venue, using the Guest WiFi authentication process. When visitors are advised to connect to Wi-Fi, they can be presented with a Track & Trace registration page where they submit their contact information, ensuring that you capture all the relevant details required by government guidelines. On completion of the log-in process, the visitor can be immediately sent an email with a code that is used to confirm their registration. This message can then be shown to staff on the door to allow access.
The question is whether your on-premise Wi-Fi networks are strong and reliable enough to cover all of your estate, delivering the kinds of experiences your customers expect. Can you offer your customers Wi-Fi-powered mobile ordering and mobile point of sale or will they be forced to endure long waits and socially distanced queues? Overnight, Wi-Fi has been transformed from a ‘nice-to-have’ to a health and safety ‘must-have’ by Covid-19.
6. Don’t overlook GDPR compliance…the sting in Covid’s tail
In addition to capturing the details of all customers, as part of the government’s efforts to track and trace infected people, hospitality firms now also have to retain those records for a minimum of 21 days.
This clearly adds a new GDPR burden on hospitality firms. A Wi-Fi overlay solution, as described above, may already be GDPR compliant, but otherwise, the processes around customer data capture and retention should be reviewed to ensure GDPR compliance. Many companies may not feel confident enough to shoulder this burden alone – and luckily, they don’t need to. Third parties, including VCG, now offer a GDPR consultancy service featuring an initial GDPR review, an employee training package and even a Data Protection Officer as a Service.
The fact that the hospitality sector (along with the rest of the economy) was blind-sided by the first coronavirus wave is entirely understandable. Now, however, as well as putting in place systems to enable secure re-openings, we all know what we face should a second wave strike an already damaged hospitality sector. Hopefully all our best laid plans will never be used.
Want to find out more about how we have helped our retail and hospitality customers during the current crisis? Contact VCG now.