As part of a series of comment pieces around issues relevant to our sector, we will be running short articles over the coming weeks with views from the front line.
This week, following recent cyber attacks on major institutions including the NHS and previous hacks across the hospitality industry, which included some of the biggest hotel chains, ASAP is able to share some insights from two members about the potential impact on their businesses of such a threat and their response.
In light of the cyber attacks last week, along with the reliance on digital and cloud-based services for high-tech modern sectors like ours, do you see online security as a big threat to your own business and the wider industry?
“The simple answer has to be ‘yes’.
“Whilst attacks such as the recent Ransomware outbreak bring cybersecurity to the forefront of the public’s mind, for those of us in the IT sector we are engaged in a constant arms race against the world’s cyber criminals. Balancing good security whilst still delivering a service which is practical and reliable for the end user is a key component of the modern IT Manager’s role.
“Hospitality as a sector has wholeheartedly embraced the Digital age and Serviced Apartments are no exception, so securing our employees and our guests from external threat is paramount to our IT & Digital strategies.”
Hanish Vithal, Group Head of Technology, SilverDoor:
“Online security is vital. Any business with applications on the Internet is at high risk to cyber attacks.
“We live in an age where new vulnerabilities arise all the time, so it’s important to build and manage applications with security and compliance in mind.”
What steps are you taking to protect your business against such attacks? For instance, training and communicating with front-line and back-office staff around suspicious emails and potentially malicious files?
“At SilverDoor and Citybase Apartments, all of our technology systems are built in accordance with recommended design patterns and best practices, and we partner with leading, established vendors for technology services and products. For example, our card data is handled and managed on Barclaycard’s platform for authorised access and secure processing; cloud hosting services are delivered by Rackspace, and Cisco provide network security.
“With regards to devices, we only allow employees to use company equipment. Any businesses that allow a “Bring Your Own Device” policy open themselves up to risk from external networks. Emails are a popular means of entry for infection. We use a reputable email cloud security service to protect against email threats and against data loss.”
Daniel Dickinson, SACO:
“We have all the standard techniques such as password complexity, password expiry etc. and we run a full suite of backend security tools which are continually monitoring our network and systems, to try and stop as much malicious threat at the security perimeter as possible. We also try to protect our staff by blocking known malicious websites and filtering all email before its delivered to their mailboxes.
“However, we know this will never prevent everything getting through, so we regularly remind the teams through emails and in our meetings of the threats posed by emails. Our message is simple: if you don’t know who it’s from and you are not expecting it, don’t open it.
“In that sense we can try and take at least something positive from the recent outbreak, as it shows to everyone how impactful events such as this can be and it’s not just IT ‘going on about security again’.”
And what contingency plans do you have in place, eg offsite back-ups, emergency servers, disaster recovery training etc?
Daniel Dickinson, SACO:
“The advent of cloud computing and our strategy to employ this technology wherever possible has really helped improve resilience across our systems and data storage facilities. We move data to the cloud every night so it’s off our network and can be restored when required, the only real protection form a Ransomware outbreak. Our reservations systems and e-commerce sites are all hosted in separate data centres and a benefit of having over 36 SACO sites across the country is that as long as we have an internet connection we can continue to run the business from any of these locations.”
Hanish Vithal, SilverDoor:
“As for protecting our data, we encrypt and back-up our data off-site and make sure that all systems are patched on time and tested. We don’t use any end-of-life products – that means any program or piece of software that is no longer supported by the publisher.
“In some circumstances, it can be costly to upgrade such systems, but, you need to weigh that up against the cost of leaving your data at risk being exposed. The recent NHS hack was, in part, the result of using Windows XP, an operating system that hasn’t been supported by Windows since 2016.”
ASAP and the newshub would like to thank Daniel and Hanish for their insights.