When you think of cybersecurity in relation to your hotel business, what emotions do you feel? For many, the answer is fear. And while it’s legitimate to be wary of the many threats your digital assets will inevitably face, finding peace of mind might be easier than you think. Malicious actors will always be active online, but with the right tools you can establish nearly airtight defenses against them.
Your website faces threats in two key areas: 1) Cyber attacks by those wishing to steal information or do harm to your business. 2) Failures in the software and server that keep your website running smoothly. Another risk concerns liability—specifically, lawsuits filed under the Americans with Disabilities Act.
Let’s look a bit closer at what can go wrong in each area and how to prevent it.
Scenario #1: You’re Under Attack
Imagine someone sneaking into your hotel and pinching sensitive documents, or breaking into rooms to rummage through your guests’ personal belongings. The digital equivalent of such dastardly deeds are attempted on our client websites between 35 and 250 times every day. In real life, you’d need to mobilize the national guard to defend against such an onslaught!
Online, things are a bit more straightforward. To set up a defensive perimeter, here’s what you’ll need:
SSL Certificate
An SSL certificate is a small file that lives on your website and establishes a direct, encrypted link between your site and the user, leaving no room for anyone to intercept data that might be passed back and forth–like a guest’s personal info or payment details. Google has said that having an SSL certificate installed will also have a positive effect on your website’s search ranking, so that alone should be a strong motivation!
Like all things cybersecurity, SSL is not a set-and-forget solution. You need to apply for the right type of certificate from a third-party Certificate Authority (CA), install it correctly on your website and maintain it over time, including renewing the certificate when it expires every year or two.
Managed Firewall
A firewall for your website is much like it’s real-life equivalent: it prevents damaging forces from breaking through to vulnerable areas. But unlike a physical barrier, a firewall in the digital realm needs to evolve over time in response to the threats you face.
A managed firewall means having a team or individual that actively monitors threats to your website and routinely audits the effectiveness of your existing firewall structure. From this analysis, they are able to make modifications to the firewall over time to ensure its effectiveness in keeping threats at bay.
WordPress Security Updates
Software security is like a cat-and-mouse game. Developers create solutions to ensure their software is immune to existing threats. Over time, hackers find clever ways around these defenses and ever-vigilant devs then tweak their software in response. Repeat ad infinitum.
WordPress is no different. It’s a massively powerful and flexible software for building websites, but its themes and plugins need to be updated on a regular basis as their vulnerabilities are discovered and exploited by not-so-nice folks.
Scenario #2: Your Website Fails
It’s every hotelier’s nightmare: your website is down and people can’t book. Maybe they’ll try the hotel down the road…Or, possibly worse, they’re so frustrated by your slow or buggy site that they tab over to book on an OTA instead!
Not all threats to your website come from malevolent individuals—some may be lurking in the very foundation of your site itself, as cracks form in the software and server system that keeps your web assets functioning properly.
But just like the bricks-and-mortar of your hotel itself, disrepair or collapse of your website can be prevented with regular, proactive maintenance, along with insurance and a backup plan for when things break down. Here are some steps to consider:
Use a CDN
Your website lives on a server located somewhere in the real world. When a user clicks on to it, their device draws the data required from that server. The further they are from it, the longer this process will take. This is a concern for businesses, like hotels, that service guests from around the world.
A Content Distribution Network (CDN) stores certain elements of your website in caches spread across a larger geographical area. This puts less stress on your hosting server to provide the data to each user, reducing load time and improving website performance.
Importantly for web security, a CDN also reduces your vulnerability to Distributed Denial of Service (DDOS) attacks–attempts to derail your website by overloading it with fake traffic. A CDN spreads out the load and makes this type of attack more difficult.
Perform Updates Carefully
Remember that earlier section where we talked about the importance of security updates for your WordPress plugins? Those aren’t the only software updates that your WordPress site will require. Developers also create updates to themes and plugins to fix bugs, introduce new features and improve performance or compatibility.
The tricky part is ensuring that these updated elements operate in harmony with the existing design and structure of your website–which isn’t always the case. The best approach is to use a staging version of your website to test updates first and preview how they will affect your UX. From there you can make modifications and preview how things will look and function before the new elements go live.
Be Ready With a Backup
Servers fail, websites go down: these are facts of life. A worse fact, still, would be that a threat squeaks through your defenses and infects your website with malicious code. Neither scenario should happen often, but when it does, you need to be prepared with a full backup of your website to restore as soon as possible . A website is composed of many different elements, many of which are changing regularly, so having a comprehensive backup of your complete, current website ready at all times is essential.
Scenario #3: You Face an Accessibility Lawsuit
Having a website that’s user-friendly for people with disabilities is a noble and necessary goal. But for some folks, deficiencies in the accessibility features of your website are seen not as inconveniences, but as opportunities for profit. We’ve seen many properties face lawsuits Under the Americans with Disabilities Act, liable for damages because their website did not meet ADA standards.
How can you avoid this? You need to start by understanding Web Content Accessibility Guidelines (WCAG). The design and function of your website should meet the standards set out in the latest version of these guidelines, and appropriate to the level of accessibility required by your guests (‘A’, ‘AA’ or ‘AAA’).
We’d love to say that once you’ve done this you’re safe, but you’ve probably figured out by now that there are no quick fixes in cybersecurity. Website accessibility, like all aspects of your digital presence, requires ongoing maintenance and knowledge gathering. Not only do you need to respond to changes in WCAG and the needs of your users over time, but you also need to ensure that any edits or updates made to your website fit harmoniously within its existing accessibility framework.
Next Steps: Staying Safe
Keeping your business safe from online threats requires staying one step ahead of those who threaten you. But, of course, you have a hotel to run, so this is where we enter the frame. Here at Wallop we’re experts in website security, with the knowledge and resources to stay vigilant on your behalf.
Like all forms of security, the biggest payoff of enlisting Wallop to guard your website is peace of mind. You can focus on running your business, while we focus on using the latest technology to keep your digital footprint secure and running smoothly at all times.
Our monthly Security Plan (SP) and Accessibility & Security Plan (ASP) do just this, covering everything outlined in this article, and everything you’ll need to stay safe over time. To learn more, contact your Wallop Digital Strategist or Project Manager or reach our Director of Sales, Linda Roher, at linda@wallop.ca.