Despite the best online data security measures (including firewalls, encryption, intrusion detection, anti-virus protection and network monitoring), online data breaches can happen in any industry and to anyone—just like any locked and guarded physical building can be infiltrated. Facebook, Marriott International and Capital One are just a handful of household names that have recently made headlines due to major data breaches affecting millions of customers.
Unfortunately, in this day and age, cybercrime is rampant and you’ll be hard pressed to find anyone who hasn’t been touched by it, whether by a computer virus, compromised credit card or fraudulent email.
Password theft is an everyday threat. Hackers use various strategies to steal passwords, “phishing” being one of the most common methods. Like hooking a big fish, phishing is named so because hackers attempt to lure people into giving them their login information to gain unlawful access to their accounts. They do this by creating messages and websites that mimic communications from organizations or people we trust. Your spam folder is probably full of such deceptive messages—thankfully, email service providers have gotten very good at keeping them out of our inboxes.
We’re talking about those emails that appear to be from your bank or PayPal or a similar legitimate entity, telling you about suspicious activity on your account and asking you to click on a link to verify your password, or something along those lines. These days, phishing attempts not only come at us via email, but through SMS, instant messaging and social media—and they are becoming increasingly indistinguishable from genuine communications. We have to be extra vigilant determining messages we trust.
The good news is there are ways we can keep our data safer online. If you’re a lodging operator using reputable cloud hospitality solutions, you can feel assured that your software provider employs industry-best data security practices (ask if you’re not sure) to safeguard your data. But there are ways you can help protect your hotel data too.
Two-Factor Authentication (2FA)
Two-factor authentication (2FA) provides an additional layer of security when logging into an account online. In addition to the correct username and password, 2FA requires a second form of identification to confirm a user’s identity before they can log in.
With 2FA, two of the following three forms of ID must be provided to prove that you are you:
- Something you know (username and password, answers to security questions)
- Something you have (physical object, such as an ID card, a code sent to a mobile device, or a USB security key)
- Something you are (think Mission Impossible-type biometric ID like fingerprint and retinal scans and voice recognition)
WebRezPro property management system offers 2FA to help prevent unauthorized access to your hotel data. With 2FA activated, whenever a WebRezPro user attempts to log into their system (with their username and password) from an unrecognized computer or device, WebRezPro will ask the user to enter an access code to confirm their identity. The single-use access code is randomly generated by the system and immediately sent to the user’s mobile phone or email address as determined when 2FA is set up for that user. The user must enter the access code in order to access their system.
This means that even if someone has stolen your login information, they still won’t be able to log into your system without the access code that is sent to your phone.
While adding an extra step to the login process might seem like a small inconvenience, 2FA is one of the most effective ways to protect your data from unauthorized access. And 2FA can be set up to not require the second step (access code) for 30 days if the user continues to log in on the same device using the same browser during that time.
Protecting your hotel data is key to the success of your business, so periodically taking one extra step to log in is unquestionably worth it. Just think of all the trouble you are saving yourself if a hacker cracks or steals your password!
Another way to protect data from unauthorized eyes is by limiting login access to designated IP addresses. This works because every computer connected to the internet has a unique IP address. WebRezPro PMS allows you to authorize users by IP address, meaning that only people from permitted IP addresses can log into your WebRezPro system.
It’s important to note that this technique only works if your internet service provider (ISP) has assigned static IP addresses to your internet connection. If your internet connection uses dynamic IP numbers, restricting login access by IP address will result in authorized users getting locked out of the system when their IP address changes.
Even with static IP addresses, we always recommend leaving a master login unrestricted, in case your ISP changes a static IP number. That way, you can use the master login to access the system and update user IP restrictions if needed.
Never click on a message link to log in
To avoid falling prey to a phishing attack, never click on a link contained in a suspicious message asking you to divulge your password, credit card number or other sensitive information. If in doubt, contact the organization the message claims to be from directly via their official channels to verify the communication.
For example, imagine you receive an email that appears to be from your PMS provider, informing you there is a problem with your system and asking you to click on a link to fix it. Once you click on the link, you are taken to a login page that looks like the login page for your PMS. But beware—the login page is a cleverly disguised fake and entering your login information sends your username and password straight to the bad guys!
To be safe, always access your software provider’s official login page to sign in, whether by typing the URL into the address bar manually, or via a saved bookmark or desktop icon.
Unfortunately, cybercrime has become part of our everyday lives. Just as we have to protect our physical valuables with locks and alarms, we must be equally vigilant with our online valuables (data) by maintaining anti-virus software and other proven security measures, as well as our cyber street smarts. Two-factor authentication is one of the best ways to prevent data breaches caused by phishing attacks, and we highly recommend implementing it for your online hospitality systems, as well as for any other online accounts that support 2FA.