Skip Navigation
Better Together | Risk Strategies to Join Brown & Brown  Learn More
  • Careers
  • Report a Claim
  • Contact Us
Risk Strategies Logo
  • Industries

    • Agriculture
    • Architects & Engineers
    • Aviation
    • Cannabis
    • Construction
    • Dental
    • Education
    • Entertainment
    • Financial Services
    • Fine Art
    • Healthcare
    • Law Firms
    • Marine & Yacht
    • Nonprofit & Human Services
    • Private Equity
    • Public Sector
    • Real Estate
    • Relocation
    • Transportation
    • Waste & Recycling
    • Wineries
  • Solutions

      • Captives
      • Casualty
      • Cyber
      • Environmental
      • International
      • Executive Risk Solutions
      • Property
      • Surety
      • Employee Benefits Overview
      • Benefit Administration and Technology
      • Benefits Compliance Support
      • Data & Analytics
      • Human Capital Advisory Services
      • International Benefits
      • Absence Management & Ancillary Programs
      • Voluntary & Lifestyle Benefits
      • Medicare
      • Financial & Wealth Overview
      • Retirement Plan Services
      • Executive Benefits
      • Life Insurance
      • Private Client Services Overview
      • Homeowners
      • Flood
      • Collections
      • Umbrella & Excess Liability
      • Auto
      • Collector & Exotic Car
      • Boat & Yacht
      • Travel Medical & Trip Insurance
      • Family Office
      • Cyber Insurance - Family Office
      • Cyber Insurance - Individuals
      • Specialty Coverages
      • Private Client Risk Resource Center
    • Reinsurance
      • Risk Management Services Overview
      • Analytics
      • Claims Management & Advocacy
      • Loss Control
      • Safety Consulting Services
      • Pro Safety Training Courses
      • Workers’ Comp: Premium Review & Recovery
  • Consulting

    • Consulting Overview
    • Actuarial Services
    • Healthcare Claim Audit Services
    • Health and Welfare
    • Mergers and Acquisitions
    • Pharmacy Consulting
    • Retirement Benefits
  • News and Insights

    • All Insights
    • Blog
    • Emergency Resource Centers
    • Employee Benefits Compliance Center
    • Events
    • Media Coverage
    • State of the Market Reports
    • Press Releases
    • Private Client Resources
    • Webinars
  • Company

    • About Us
    • Annual Report
    • Careers
    • Culture and Values
    • Diversity, Equity & Inclusion
    • Environmental, Social, & Governance
    • General Terms of Business
    • Leaders
    • Local Expertise
    • Mergers & Acquisitions
    • Recognition & Awards
    • Risk Strategies Foundation
    • Transparency and Disclosures
  • Join Us
    • Careers
    • Mergers & Acquisitions
  • Industries
    • Agriculture
    • Architects & Engineers
    • Aviation
      • Aviation Business Insurance - Manned Risk
      • Non-Owned Aviation
      • Unmanned Aerial System and Drones
    • Cannabis
    • Construction
      • Alternative Solutions
      • Financing & Pre-Construction
      • Insurance Solutions
      • Risk Management
      • Surety
    • Dental
      • Insurance for Dental Professionals
      • Dental Malpractice Insurance
      • BOP Insurance - Dental Practices & DSOs
      • Dental School Graduates
      • Dental Associates & Hygienists
      • Dental Practice Owners
      • Dental Service Organizations (DSOs)
    • Education
      • Employee Benefits for Education
      • Property, Casualty & Liability for Education
      • Student Health & Wellness
        • Student Health Brokerage and Consulting
        • Student Health Plan Administration
        • Student Health Insurance Plans
        • Solutions for Student Athletes
        • Student Health & Wellness Tools
        • Special Risk Insurance
    • Entertainment
      • Film & Television
      • Advertising Production Wrap Ups
      • Advertising/PR
      • Event Cancellation & Non-Appearance
      • Music & Touring
      • Theatrical Production & Live Performance 
      • Venue Insurance
    • Financial Services
      • Asset Managers
      • Banks & Non-Bank Lending
      • Collections
      • Consumer Financial Services
      • Financial Tech
      • Insurance Companies
    • Fine Art
      • Dealers and Auction Houses
        • Galleries
        • Private Art Dealers
      • Collections
        • Private Collectors
        • Coins, Paper Money & Numismatics Collections
        • Gold, Bullion & Precious Metal Collections
      • Artists
      • Museums and Foundations
        • Museums
      • Fine Art Packers / Shippers / Warehouses
    • Healthcare
      • Employee Benefits - Healthcare
      • Managed Care / Stop Loss
      • Medical Malpractice
      • Property & Casualty - Healthcare
      • Reinsurance
    • Law Firms
    • Marine & Yacht
      • Yacht Insurance For Individuals
        • Mega Yachts
        • Cruiser Insurance - Jackline
        • One-Design Insurance Program
        • Sailors Health Insurance Program
        • US Sailing Insurance Solutions
      • Commercial Marine Insurance
        • Aquaculture
        • Cargo & Transit Insurance Solutions
        • Crew Medical Insurance
        • Hull & Machinery
        • Marine Claims Service
        • Marine Construction
        • Marine Liability
        • Ports & Terminals
        • Protection & Indemnity
        • Recreational Marine Businesses
        • Sailing Organizations – Burgee Program
    • Nonprofit & Human Services
    • Private Equity
      • Crypto Companies
    • Public Sector
      • Public Safety Organizations & Municipalities
    • Real Estate
      • Commercial
      • Community Associations
      • Hospitality
      • Residential / Habitational
      • REITs
      • Retail
      • Specialty Programs
    • Relocation
      • Domestic Household Goods
      • Expat Renters & Living Insurance
      • Relocation Claims Service
      • International Household Goods
      • Supplemental Movers Coverage
      • Temporary Living Insurance
      • Vacant Home
    • Transportation
      • Business Auto Insurance
      • Last Mile Delivery
      • While Under Dispatch Insurance
      • Forwarding & Brokering
      • Workers' Compensation
    • Waste & Recycling
    • Wineries
  • Solutions
    • Commercial Insurance
      • Captives
      • Casualty
        • Analytics
        • Auto Liability & Physical Damage
        • Captives & Alternative Risk Financing
        • Claims Advocacy & Loss Control
        • Excess Liability
        • General Liability
        • Product Recall
        • Workers' Compensation
      • Cyber
        • Cyber Resolute
        • Cyber Risk Assessment and Analytics
        • Cyber Risk Response & Claims Advocacy
        • Cyber Insurance - Family Office
        • Cyber Insurance - Individuals
      • Environmental
        • Contractors Pollution Liability
        • Environmental Excess
        • Environmental Liability Transfer
        • Environmental Liability - Healthcare
        • Environmental Liability - Higher Education
        • Pollution Legal Liability
        • Environmental Liability - Private Equity
        • Professional Environmental Liability Insurance
        • Real Estate Development
        • Remediation Cost Cap
        • Secured Creditor Protection for Lenders
        • Underground Storage Tanks
      • International
      • Executive Risk Solutions
        • Executive Risk Solutions - Entertainment
        • Executive Risk Solutions - Financial Institutions
        • Executive Risk Solutions - Healthcare
        • Executive Risk Solutions - Real Estate
      • Property
        • Builder's Risk
        • Property Claims Services
        • Inland Transit and Ocean Cargo
        • Natural Hazard Catastrophe Modeling
        • Political Violence and Terrorism
        • Property Damage & Business Interruptions Valuations
        • Property Loss Prevention and Control
      • Surety
    • Employee Benefits
      • Employee Benefits Overview
      • Benefit Administration and Technology
      • Benefits Compliance Support
      • Data & Analytics
      • Human Capital Advisory Services
      • International Benefits
      • Absence Management & Ancillary Programs
      • Voluntary & Lifestyle Benefits
      • Medicare
    • Financial & Wealth
      • Financial & Wealth Overview
      • Retirement Plan Services
      • Executive Benefits
      • Life Insurance
    • Private Client Services
      • Private Client Services Overview
      • Homeowners
      • Flood
      • Collections
      • Umbrella & Excess Liability
      • Auto
      • Collector & Exotic Car
      • Boat & Yacht
      • Travel Medical & Trip Insurance
      • Family Office
      • Cyber Insurance - Family Office
      • Cyber Insurance - Individuals
      • Specialty Coverages
      • Private Client Risk Resource Center
    • Reinsurance
    • Risk Management Services
      • Risk Management Services Overview
      • Analytics
      • Claims Management & Advocacy
      • Loss Control
      • Safety Consulting Services
      • Pro Safety Training Courses
      • Workers’ Comp: Premium Review & Recovery
  • Consulting
    • Consulting Overview
    • Actuarial Services
    • Healthcare Claim Audit Services
    • Health and Welfare
    • Mergers and Acquisitions
    • Pharmacy Consulting
    • Retirement Benefits
  • News and Insights
    • All Insights
    • Blog
    • Emergency Resource Centers
      • Cybersecurity
      • Earthquake
      • Hurricane
      • Pandemic
      • Riot & Civil Unrest
      • Severe Storms
      • Violence & Active Shooter
      • Wildfire
      • Winter Weather
    • Employee Benefits Compliance Center
    • Events
    • Media Coverage
    • State of the Market Reports
    • Press Releases
    • Private Client Resources
    • Webinars
  • Company
    • About Us
    • Annual Report
    • Careers
    • Culture and Values
    • Diversity, Equity & Inclusion
      • BeHEARD Series
      • DE&I Structure
      • Employee Resource Groups
    • Environmental, Social, & Governance
    • General Terms of Business
    • Leaders
    • Local Expertise
    • Mergers & Acquisitions
    • Recognition & Awards
    • Risk Strategies Foundation
    • Transparency and Disclosures
      • General Terms of Business
      • Conflict of Interest Policy
      • Compensation Disclosure
      • Enterprise Risk Management
  • Join Us
    • Careers
      • Benefits & Wellness
      • Investing in Growth & Leadership
      • Life at Risk Strategies
      • Next Steps
    • Mergers & Acquisitions
      • Partnership Benefits
      • Why Join Us?
      • Onboarding & Integration
  • Careers
  • Report a Claim
  • Contact Us

You are about to leave Risk Strategies website and view the content of an external website.

You are leaving risk-strategies.com

By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.

OK
  • News and Insights
  • Blog
Subscribe

Subscribe via Email

  • News and Insights
  • Blog
October 01, 2024

Cybersecurity Risks in Hospitality

Cyber Hospitality
6 min read
Rob Hoover, CRA, and Allen Blount, National Cyber & Technology Product Leader
  • Facebook
  • X (Twitter)
  • LinkedIn
  • Email
Cybersecurity Risks in the Hospitality Industry
  • Facebook
  • X (Twitter)
  • LinkedIn
  • Email

For many hospitality businesses, tech isn’t a strength and cybercriminals know it. While you’re busy creating great customer experiences, bad actors are looking for entry points to nab credit card data and gain access to your financial accounts. Here are cyber scenarios from restaurants and hotels, along with tips for improving cybersecurity hygiene.

Takeaways:

  1. Train your whole team to recognize cybercrime warning signs
  2. Implement a formal process to verify requests for data or funds
  3. Establish cyber safeguards for mobile point-of-sale devices
  4. Secure your customer Wi-Fi so it’s not a highway for cybercriminals
  5. Recognize that cyber threats can come from inside your business

 

Business email compromise results in six-figure loss

A restaurateur, building out a kitchen area, ordered several pieces of new equipment. With the grand opening date quickly approaching, the owners were eager to get everything completed on time. This enthusiasm led to haste and caused the CFO to miss warning signs of a cybercrime.

A criminal had accessed the equipment supplier’s ordering system and sent the CFO a message saying a supply chain issue was going to cause a shipment delay. However, there was one piece of equipment available if he was able to pay the same day. The email came from a recognized address, and the CFO jumped on the opportunity. He replied to the message, followed the payment instructions, and ended up sending the funds to a bad actor. Money gone. No equipment.

Cyber Safety Tips:

Slow down enough to verify requests. If someone asks for money by email or text message, be skeptical. Verify the request by calling a known contact. And if you can’t verify it, err on the side of caution. Do not send a payment, banking information, or credit card details unless you are certain where the money is going.

Further, examine emails for hints of foul play. Maybe the email address is wrong by one letter, or the time stamp is 2:00 a.m. Be wary if the wording sounds urgent, requesting a quick reply.

Hotel “CFO” requests employee data

A payroll clerk received an email that appeared to be from the CFO. It said, “I’m working on a tax issue and need to get a list of all the Medicare withholding by employee. Can you send me a spreadsheet this afternoon?” The clerk did not question the request and unwittingly sent confidential data to a cybercriminal.

Cyber Safety Tips:

Bad actors can make an email look as if it is coming from a legitimate internal or external email address. Often, there are signals that something isn’t quite right, but these emails can be very convincing. Employees and managers need training in how to spot suspicious emails and phone calls, as well as detailed protocols on how to handle financial and data requests.

Vigilant employees who know what to watch for can stop cybercrime. Most cyber losses trace back to an employee error such as clicking on a malicious link in an email or failure to verify that a request is legitimate.

Patron tampers with point-of-sale device

In many restaurants today, servers use handheld payment terminals to process credit card transactions. Often, they leave a mobile point-of-sale device with the customer for a few minutes while checking on other tables. That moment away can provide enough time for a bad actor to tamper with the equipment.

Cyber Safety Tips:

As a business, you are responsible for securing your customers’ data. So, as you choose and implement a point-of-sale system, you need to interview vendors about their cybersecurity practices. What security have they built into their product? Do they continuously monitor their system for suspicious activity? What breaches have they experienced in the past 24 months? Document your due diligence process when selecting a vendor.

Next, create formal policies in your workplace for handling the point-of-sale system. Who has access to the payment devices? How and where do you store them? How frequently do you check for signs of tampering, and who performs these inspections?

Finally, hire with care. Check references and do a criminal background check before extending a job offer. Cybercrime often involves an internal threat actor, not just outsiders. A thorough hiring process shows an insurance company you made a good faith effort to vet your workforce.

Wi-Fi provides a gateway to cybercrime

Many cafés, hotels, and other establishments offer free Wi-Fi for customers. Without proper protections, attackers can “listen in” on users’ activities, steal data, and even take over a mobile device.

Cyber Safety Tips:

Keep the customer wi-fi separate from the connection you use for your business, and make sure your guest system has a complex password.

If you are not a tech expert, consider contracting with a specialist to set up your Wi-Fi and ensure correct configuration. Sometimes, the default settings on routers and other equipment can leave you vulnerable to a cyberattack.

Also, ask your legal counsel for guidance. They may recommend incorporating an online “use at your own risk” disclaimer that customers need to accept before accessing the Wi-Fi. Also, some hospitality establishments post a warning along these lines: “No public wi-fi is entirely safe. While we’ve taken precautions to secure this one, please be vigilant. Here are some recommended best practices.”

Using a VPN and avoiding sensitive transactions (such as banking or online purchases) are a few of the many ways customers can help secure their data. Posting safety tips is a friendly way to help customers become more cyber-aware. 

Many hospitality businesses need to shore up cybersecurity defenses

The scenarios above aren’t the only ways cybercriminals can harm your enterprise. "Bad actors" prey on businesses that seem distracted and less cyber savvy, so it’s important to educate yourself on the risks and learn the precautions you can take.

For example, does your team use two-factor authentication? Do employees understand the importance of good password hygiene? Is your guest wi-fi separate from your business-critical systems? Cyber insurance underwriters will ask detailed questions about your security measures.

To learn more about strengthening cybersecurity in the hospitality industry, please join us for our October 22 webinar, Enhancing Cybersecurity in Hospitality: Protecting Your Business in a Digital World.

Or reach out to one of the specialists below.

Send us a message on LinkedIn: Rob Hoover, Allen Blount

About the Authors

Rob Hoover is a national expert on restaurant and hotel employee safety, as well as liquor service safety. At 15, Rob started as a potato peeler in a small, family-owned diner. Today, he’s an industry insider with deep knowledge of day-to-day hospitality challenges. For the past 20 years, he’s helped hospitality businesses as a risk management and insurance advisor.

Allen Blount leads the Cyber Team at Risk Strategies. He specializes in both cyber insurance and tech E&O (errors and omissions). Prior to this role, he spent 12 years with Zurich North America, gaining extensive experience as a Cyber and Professional Liability Underwriting Manager. Before his insurance career, he practiced law.

The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client. 

Related Posts

See all posts

Cyber Dental
4 min read
June 03, 2025

Understanding Cyber Liability Risks for Dental Practices

Your dental practice handles sensitive patient information, making it a target for cyberattacks. …
Read article
Hospitality
5 min read
May 27, 2025

Heat Illness Prevention Tips for Restaurateurs: Protecting Staff and Guests

Running a restaurant during the summer months has become more challenging. Even northern locations …
Read article
Transportation Cyber
4 min read
May 14, 2025

How Cybercrime is Hijacking the Supply Chain: Cargo Theft, Fraud, and Insurance Gaps

Cyber risk is no longer just the IT department's problem in today's fast-moving transportation …
Read article
Risk Strategies Logo
  • Report a Claim
  • Contact
  • Terms of Use
  • Cookie Policy
  • Privacy Policy
  • Consumer Health Data Privacy Notice
  • Accessibility
  • Health Plan Transparency Compliance
  • Accessibility
  • Cookie Policy
  • Health Plan Transparency Disclosure
  • Privacy Policy
  • Terms of Use
©2025 Risk Strategies. All rights reserved.

Connect with Us

  • LinkedIn
  • X
  • Instagram
  • Facebook