Stumbled upon an interesting article last week in the Wall Street Journal, titled Data Breaches Are Heaviest at Hotels. The underlying news isn’t anything new, but there are some alarming statistics and details that struck me as a surprise.
Sarah Nassaur references a SpiderLabs report in her article that examines data breach investigations across various industries—with hotel and hospitality, 38% and financial services, 19% leading. The most common weakness found at hotels is the security surrounding point-of-sale software (the software hotels use to process credit card transactions). Often times, systems are maintained remotely by an outsourced IT company, and to maintain the system employees must sign in remotely. When remote user names and passwords are left blank or not changed from their default setting, hackers can identify these credentials, and gain access to the system to steal credit card numbers and other personally indefinable information (PII).
This article just goes to show how important it is to use VPN and have NAC features in place, particularly when logging in remotely. Without these anyone can access data available on the network and potentially cause a lot of harm.
Check out our Rethink Remote Access series with featured guest posts.