Just like every other industry, leisure is changing its systems and how they operate and going completely digital. But with that comes risks, the increased risk of spam and ransomware attacks makes all businesses including hospitality vulnerable. But there is good news, there are ways to protect yourself and your business, keep reading to find out more…
WHY TARGET LEISURE?
Leisure businesses have what cybercriminals want most… data. Leisure databases are full of customer data including names, email addresses, and even credit card details, so in the mind of criminals, it’s a goldmine!
The easiest way to gain access to this information is through phishing (sending a fraudulent message designed to trick the receiver into giving sensitive information, such as passwords or credit card numbers). It only takes one employee to fall for one of these attacks and open the gate for them to attack.
HOW TO SPOT A FRAUDULENT MESSAGE
Quite possibly the worst part of it all, organized crime is becoming a more professional and sophisticated operation, and the intelligence behind these attacks is high, so these phishing emails, texts, or other messages often look very real and are designed to catch you off guard, so what can you do to be more vigilant?
- The email address is a public domain, it is extremely rare for a company to have an email domain ending in @gmail.com or @hotmail.com, etc… they will have their own email address, so if it’s a public domain, stay clear!
- Obvious spelling mistakes and poorly written. Although the technology behind these attacks is advanced, the people writing the message may not be fluent in the language they are trying to write in, so any obvious spelling or grammatical errors should be a red flag.
- Suspicious links, if a message contains a link that doesn’t look right, be wary. If you hover your mouse over the link (WITHOUT clicking!) the link address will appear very small at the bottom of your computer screen and you can see if the link is legitimate.
- They make it sound urgent, the message will often say you need to fill out the information ASAP, and will often contain messages that replicate banking societies, as this is something people will be quick to react to, but pause for a second, would your bank ask you for details? Read the message carefully, and if it doesn’t look right, don’t open it.
Being vigilant and providing necessary staff training is a good way to protect your leisure business against spam and ransomware attacks. There is also software that is available to provide protection and can filter out these messages and emails, and it’s really cost-effective! With prices starting from just 54p per inbox, it is much less expensive than the repercussions of a data breach.
Astaris provides spam and ransomware protection for gyms and leisure, which filters out spam and fraudulent emails before they even enter your inbox, eliminating the chance of your staff clicking on any dangerous links and entering sensitive information.
Of course, there is no way to 100% protect against these kinds of emails, as they are becoming more and more advanced, but the protection Astaris can provide will significantly reduce the risk of a dangerous email ending up in your inbox, making the chance of an attack slim to none.
Another way to protect your customers against their data from being stolen/breached is to invest in PCI compliance, this avoids data being stolen over websites or phone calls. If you want to know more information about PCI compliance read one of our latest blogs here.
HOW REAL IS THE RISK?
Although data breaches like this don’t happen every day (because protection is put in place!) when they do they can be detrimental to a business, especially smaller and independent businesses.
An international hotel chain suffered a huge data breach in 2018, over 500,000 users’ data was breached, and the consequences of an attack of this size can result in extortionate fines. In this case, they were fined £18.4 million as they failed to comply with GDPR, as well as unhappy customers, damaged reputation, loss of revenue and more.
Some examples of data that was leaked in this particular attack are email addresses, phone numbers, passport numbers, credit card details in encrypted forms, and more.
So what’s the bottom line? Invest in spam and ransomware protection for your business to keep you and your members safe.