Another day, another cyber-attack!

In early April, Omni Hotels & Resorts was the victim of a cyber-attack that brought down the entire IT system and led to a company-wide outage. At the time of the attack, I was attending an IT conference at the Omni Nashville property. While unconfirmed by the hotel, several sources speculate that the type of cyber-attack was a ransomware attack similar to what happened to MGM in Las Vegas several months ago.

Unlike MGM, Omni had a very well crafted (and obviously well tested) incident response plan. The organization took immediate action and brought the entire network offline to isolate the issue, protect its data and prevent further damage from occurring. And while this process heavily impacted the hotel’s operations and day-to-day functions, such as managing reservations, unlocking hotel room doors manually and using point-of-sale (POS) systems in restaurants and shops within the hotel, the Omni staff appeared to have everything under control quickly. Some estimates expect this attack to cost the Omni over a million dollars. Without such an effective incident response plan, it could have been far worse.

While most customers were aware of the inconveniences of the Omni outage, the impact (at least from the perspective of the Omni Nashville) appeared to be negligible to the customer.  While Omni showed their readiness for this cyber-attack, many customers weren’t aware of the dangers associated with cyber-attacks. When a network is compromised, unless you have high-grade tools to protect you, every device you connect to is put at risk. When you’re traveling, it’s important to treat everything like a risk to ensure your safety. In today’s article, we’re sharing a couple of tips to keep you safe when you’re on the road for work or even on vacation this summer.

  1. Don’t connect to the public Wi-Fi in the hotel. Truthfully, this also applies to coffee shops, airport lounges, etc. If a network is compromised and you connect to it, you could be giving hackers access to your devices. If you MUST use public WiFi, make sure you have installed security tools such as a personal VPN (Virtual Private Network) or SASE (Secure Access System Edge) platform to isolate your device from all the other traffic.
  2. Turn off the auto-connect feature. Even if you don’t actively connect to the hotel’s Wi-Fi, if a hacker has set up a fake Wi-Fi network and your device auto-connects to it, that could be a big problem. Shut the feature off and only manually connect to sources you trust.
  3. Use your phone’s hotspot. Instead of connecting to public Wi-Fi, most cell phones come equipped with a hotspot that allows your other devices to connect to your phone’s internet. If not, one call to your wireless provider can often add this feature.
  4. Have a remote workforce / work -from-anywhere policy. If you run a business and have people working outside of a secure office facility, take the time to craft a policy that sets guardrails on remote access to company systems, whether they are cloud based or internal. Make sure that all remote users have read and understand the policy and understand the risks of failing to follow it.

These tips will help protect you, but if you travel for work or have employees who travel for work, it’s important that all work devices have professional-grade cybersecurity tools installed on them. You don’t want to send your sales team to a hotel-hosted trade show, and instead of bringing back a list of leads, they bring back malware that could shut down your company altogether.

There is one final lesson in this terrible incident that all Springfield, Hartford, Pittsfield, Greenfield, and Northamption business owners need to understand: No matter the size of the company, you can still be the victim of a cyber-attack. The Omni chain, which boasts over 50 properties nationwide, would likely have a large budget to defend itself from cyber-attacks and yet still fall victim to hackers. No system is 100% impenetrable. Small business owners who don’t have any security measures in place are putting a big red target on their backs. Also, take a page from Omni's books, and make sure you have a bulletproof and tested incident response plan ready.

If you don’t have a comprehensive cybersecurity system in place, or if you do and someone else is managing it but you’d like a second opinion, we offer a FREE Security Risk Assessment. This assessment will go over every area of your network to identify if and where you are vulnerable to an attack and propose solutions to fix it.

Click here to book your Security Risk Assessment with one of our cybersecurity experts, or call our office at 413-786-9675.