IHG Hotels was hacked last month. Their systems were down. They could not take reservations. The chain was impaired for several days. IHG says customer-facing systems are returning to normal but that services may remain intermittent.
Now we know the story:
- A couple from Vietnam intended a ransomware attack, but the chain was able to isolate its systems to prevent this.
- Hackers accessed “the company’s internal Outlook emails, Microsoft Teams chats, and server directories” by tricking an employee into downloading an attachment from an email. Apparently, systems were broadly accessible by employees, so they had a broad surface for attack. The password they needed to gain access through an employee is Qwerty1234.
- Since they couldn’t make money from the attack the hackers just went ahead and deleted the data “for fun”.
What can we learn from this?
- Thinking "it won't happen to us" is one of the biggest mistakes a business can make regarding cybersecurity. Every small or large organisation is at risk of a data breach, systems hack, malware, or ransomware attack, or of cybercriminals illicitly accessing their network's processing power.
- The password was Qwerty1234, which regularly appears on lists of most commonly used passwords worldwide. A strong password must be used along with multi-layers of security. Check out our blog to learn why you should use Two-Factor Authentication (2FA) in your business.
- With the complex details and systems required by an organisation such as IHG, having an effective backup strategy in place will make recovery and restoration quicker and smoother. Organisations should embrace the '3–2–1 rule': have at least three copies of data, on at least two different media, with at least one copy offsite, and with ransomware so prevalent, offline, and encrypted. Also, the company will be better able to recover from various threats if they have a business continuity plan in place, especially in the event of a cyberattack. See our previous blog post on business continuity planning.
- Every hotel location within IHG depends on a wider range of IT systems, ranging from payment booking to stock control, but many of these facilities typically do not have local IT support. That's why it's critical that foundational protections are in place, such as ensuring staff only have the least level of permissions or access needed to get their work done, that external access is tightly controlled and monitored, and user accounts are constantly reviewed and updated as staff join or leave the hotel.
- An employee training programme will help ensure that your organisation is better protected from cyber-attacks and will also help your employees comply with your IT Security policies. HR managers and CEOs should ensure their staff follows optimal security measures, both in-office and at home. They must all remember that any phone or laptop they use for work can be a weak point and entryway for hackers. To introduce your employees to the best security practices, consider arranging security education and training every four months. Find out more from our recent article on the impact of training on cyber security and productivity.
Stay On the Safe Side
Battling hackers may not be the most exciting part of running a business. However, neglecting cybersecurity turns your company into a sitting duck for scammers. You may lose money, data, and your reputation might suffer irreparable damage.
While there isn’t a bulletproof solution, adopting the outlined tactics should be a strong starting point.
As an IT support company that understands it is imperative that your business are able to keep your data safe, we ensure that all appropriate measures are put in place to ensure you stay up to date with all the latest cyber security technology, best ensuring you are safe against the increasing threat of online attacks.
To further your trust that you are in capable hands with EPX, we have achieved accreditation in Cyber Essentials and Cyber Essentials Plus. Cyber Essentials is a government-backed and industry-supported scheme that helps businesses protect themselves against the growing threat of cyber attacks and provides a clear statement that we have the procedures in place to best ensure our clients do not become victims to these attacks. Check out our Cybersecurity Assessments and Cyber Essentials support services to detect and resolve your Cybersecurity loopholes in time.
Contact us today if you want to discuss your cybersecurity in greater detail and pinpoint potential risks. We can arrange a quick, non-salesy chat and figure out ways to help you.JTNDZGl2JTIwaWQlM0QlMjJzbGlkZUJ1dHRvbiUyMiUyMGNsYXNzJTNEJTIyc2lkZS1idXR0b24lMjIlM0VHZXQlMjBJbiUyMFRvdWNoJTNDJTJGZGl2JTNF
