As we lead up to HITEC 2013 in June, HFTP Connect will be talking to our keynote speakers about their expertise and how it relates to the hospitality industry through the Ask the Experts column.
An Expert View on Cybersecurity and the Hospitality Industry
Theresa Payton is one of America’s most respected authorities on Internet security, net crime, fraud mitigation and technology implementation. As White House Chief Information Officer from 2006 to 2008 — the first woman ever to hold that position — she administered the information technology enterprise for the President and 3,000 staff members. Prior to working in federal government, Payton held executive roles in banking technology at Bank of America and Wells Fargo. As founder of Fortalice, LLC, a security, risk, and fraud consulting company, she now lends her expertise to organizations large and small, helping them improve their information technology systems against emerging, amorphous cyber threats.
Q: How is Internet security changing?
Consumers and business professionals alike should focus on the fact that Internet security will always be changing. Every new technology that we adopt becomes tomorrow’s targets for cybercriminals. Tools to block out the bad or only let in the good traffic are not enough. Combatting Internet threats requires a comprehensive approach, some of these components include: understanding your data architecture, knowing your vendors, sharing information within your peer group about cybercrime, developing relationships with law enforcement, implementing tools, updating processes to protect your digital assets and educating employees, contractors and suppliers on what you require them to do in order to safeguard your organization.
Q: What are three security areas that the hospitality industry should be paying attention to?
The challenge with security is that it is not just an “IT problem.” Your technology team is the enabler of safer technologies, but the security program must start at the top in the C-Suite. A great place for executives to read about data breach trends is the 2013 Verizon Data Breach Investigation Report.
For the hospitality industry, the three areas they should focus on are:
1. Point-of-sale systems — They are a favorite target of cybercriminals by sending spyware to POS, doing smash-and-grabs of POS or installing skimmers. Did you know that on the most targeted industries list for data breaches, retailers and restaurants ranked 2nd?
2. Social media platforms — The hack of celebrity accounts, Burger King and the news accounts of many organization, including AP, should provide a cautionary tale for the hospitality industry. Who manages your social media accounts? What precautions do you have in place around shared accounts and passwords?
3. Social engineering attacks on your employees — Social engineering attacks on companies were four times greater than last year. The social engineering allows cybercriminals to steal credentials and run around your network undetected and/or allows them to inject malicious software into your network giving them a back door into your systems to steal your data.
Q: What led you from banking to the White House to fraud and security?
When you deliver banking solutions that serve the bank’s customers you are giving them quick, easy access to their money while also enabling the bank to deepen that relationship. While enabling this relationship there is a third party that wants to break in between the bank and the client — cybercriminals.
Having to balance both, enabling the business side while protecting it from the bad guys, helped prepare me for the role at the White House. After leaving the White House, I felt that the country had invested time to train me on the global threats. In return, I needed to pay back my country for all its done for me by dedicating the rest of my professional career to assisting organizations in combatting cybercrime threats.
Q: What are the benefits and drawbacks to having an online identity?
Over time, whether you actively manage it or not, you are developing an online identity or Internet persona. Public records, meeting minutes, visitor logs and more are being published online. Even if you never visited the Internet, something about you has been digitized and placed online. Like it or not, you have an online identity. Sometimes the image is positive, professional and accurate. However, sometimes the way things are categorized on the Internet, an image highlights one aspect of our lives above others, painting a true, yet out of context picture of who you really are.
You have to put in the time to find out what is being written about you and what images of you are flashing across the world. Have you been stripped bare by your own online revelations that you thought were set to “private” or over-exposed by someone you thought was a friend? You can’t understand or modify the world’s perception of you until you’ve done some online sleuthing. Having a positive online identity can assist you during a job search or making new friends. It allows you to showcase your positive qualities.
Q: What can CIOs do to get the message out about security within their company?
Some of the most effective CIOs engage the C-suite to help them understand that security is not a “tech” or “compliance” problem. Security is a team sport. The best way to get the company involved and engaged is to focus on the individual first. If you can show them how to protect their loved ones and themselves from cybercrime, you will engage their mind and heart in the security conversation.
Once you have protected them at home, they will become corporate security ambassadors. It’s a different way to look at this problem. I have seen companies successfully transform their security posture by starting at the individual level. Another tip is to stop making it a doom and gloom exercise, let the newspapers do that. Play Internet safety games, have contests and highlight good behaviors. Make the message one of camaraderie and fun; after all, if you are successful you will be able to thwart the bad guys.
And who doesn’t love a team effort where you stop bad guys?
Theresa Payton is the Opening Keynote Speaker at HITEC 2013 in Minneapolis, Minn. on Monday, June 24. Learn more about her upcoming session here>.