A hotel reservation system is an online method of booking hotel rooms; the people booking the rooms, who in most cases are travelers and tourists, normally do so by means of an online security system to protect their financial information and other private details.
Online reservations have a number of benefits: they save travellers time and resources, and they can book from anywhere and at any time, provided they can have access to the Internet (Nyheim, McFadden, Connolly, & Paiva, 2005).
Although a hotel reservation system is quite beneficial, it can be affected by internal and external security issues. The scope of this paper is to examine the security issues affecting the hotel reservation system at the Holiday Inn. The paper also outlines the strategies, which Holiday Inn can use to manage its security issues.
Privacy Issues at Holiday Inn’s
There are a number of privacy issues, both internal and external, which users of the application system can experience as they book for hotel reservations. The reservation system used at the Holiday Inn is based on hotel management software, which is prone to a number of privacy issues due to the fact that it uses the internet.
The internal issues comprise threats propagated by malicious users, who mostly come from within the organization, while the external ones comprise threats such as viruses,which are initiated by outsiders. Such serious internal and external privacy issues can make the organization lose most of its customers; consequently, it is important to set up all the necessary security measures to avert any privacy issues (Nyheim, McFadden, Connolly, & Paiva, 2005).
The possible internal privacy threats that may occur to customers who make their bookings using the online reservation system at the Holiday Inn include: malicious users and fraudsters. Malicious users refer to individuals who break into the organization’s computers without due permission from its administration department.
Malicious users are mainly insiders who can manage to get access to the organization’s IT system as a result of the internet, which offers a broad connectivity of the hotel’s booking system. Malicious users attempt to break into the information system of the organization almost on a daily basis. The damages caused by such users, when they manage to break into the hotel’s system, are consequential to the organization as well as to its customers (Nyheim, McFadden, Connolly, & Paiva, 2005).
Fraud or theft is another internal threat to the privacy of the customers who apply for reservations at the hotel using its online application system. Holiday Inn’s computer systems are at times exploited by fraudsters, thanks to the automation of the earlier traditional fraudulent methods. Such fraud occurs mainly when dishonest employees use computers to float small amounts of money from accounts of customer who make large deposits.
During such fraud, the financial information belonging to the hotel’s customers is put at high risk, as it can be accessed by the fraudsters; consequently, such internal threats interfere with the privacy of the customers by divulging their financial information (Tesone, 2006).
Apart from the internal threats, the reservation system used at the Holiday Inn is equally exposed to external risks, which are caused by hackers and viruses. Hackers are remote users who can access the hotel’s information system without authorization from its management. Hackers have smart tactics, which they use to bypass firewalls, encryption, filters, and other security measures installed by the organization to safeguard its information system.
They focus on the networks of the organization to gain access to information that they know is valuable, but heavily guarded. If hackers gain access to the hotel’s IT system, they can interfere with the customers’ personal and financial information (Tesone, 2006).
The second external threat to the privacy of the customers’ information is the existence of viruses in the hotel’s information and technology system. Viruses are programs that can harm the organization’s IT system by freezing or deleting important information from its computers.
Viruses gain entry into personal computers through infected portable disks, email attachments and shared local networks. When viruses attack the organization’s network system, it can lose all or most of the important files, including personal details and financial information of the customers (Tesone, 2006).
Threats – Internal and External
Computer threats, which include internal and external attacks, can interfere with the hardware that is used to store vital resources of the organization; consequently, such threats can cause the organization serious hardware and software losses. Internal threats refer to attacks that are initiated by insiders of a firm, who mostly comprise unhappy and dishonest staff.
Most employees who want become internal attackers can easily gain access to the organization’s information technology (IT) system; as a result, they are able to coverup their tracks by making the threats undetectable. The situation can get worse if such employees have administrative rights of entry into the organization’s IT system.
As a result of internal threats, the organization can lose crucial files that are important in carrying out important business operations (Nyheim, McFadden, Connolly, & Paiva, 2005). On the other hand, external threats are carried out by attackers who are not employees of the organization. Most external attackers are malicious users who carry out the attacks by gaining access to the organization’s networks without the assistance of the employees.
External threats are carried out by scanning and collecting data with the intention of causing damage to it. External threats are mostly detected through thouroughly scrutinizing all the firewall logs that exist in the IT system (Nyheim, McFadden, Connolly, & Paiva, 2005).
External threats are divided into two categories: structured and unstructured types. Structured external threats are carried out by people whose main intention is to damage important information concerning the organization, its employees and its clientele. The main inspirations behind structured external threats are terrorism, politics, greed, and racial intolerance.
These attackers comprise people who are highly skilled in up to date network attack methods, which they use to gain access to an organization’s system. An unstructured external threat is almost similar to a structured one only that it is normally done by unskilled attackers, whose motivation is to gain fame by attempting to hack into websites of either individuals or organizations (Nyheim, McFadden, Connolly, & Paiva, 2005).
Security Procedures Against Privacy Threats
There are a number of procedures and resources within the organization that need to be protected against network threats. The resources include spywares, inventories, and passwords. Spyware refers to computer software designed in such a way that it is able to collect users’ personal information or change the users’ computer settings without their consent.
Spyware applications are transmitted into an organization’s computer through an infected file, which is normally downloaded from a website. A computer can be protected against spyware by installing an anti-spyware application. Anti-spyware applications scans file downloads to ensure that none of the files contain such threats (Nyheim, McFadden, Connolly, & Paiva, 2005).
Inventory is another resource within the organization that needs protection against threats. There are two types of inventories in the organization: software inventory and network inventory. The two inventories can be protected by installing Lansweeper into the organization’s computers and the entire IT system.
Lansweeper, when installed into the system, enables inventory software to detect the applications installed on the system, and ascertains when the installations should happen. Lansweeper also enables network inventory to detect hardware appliances installed on the organization’s computers. Networks supported by Lansweeper also scan windows devices and other appliances such as IP enabled devices (Nyheim, McFadden, Connolly, & Paiva, 2005).
Lastly, passwords can also be used to protect the resources, which are kept in the organization’s computer systems. Passwords comprise words or numbers that are only known to the user and which they use to access their computer. Passwords are used to enhance system security and user privacy by preventing unauthorized people from gaining access to personal computers.
The use of passwords also helps to prevent unauthorized actions, which compromise the security of the IT system. Passwords also help IT management personnel to protect the system from unauthorized disclosure or unauthorized alteration of the data kept in the system (Tesone, 2006).
The paper talks about the security and privacy issues affecting the hotel reservation system at the Holiday Inn. The privacy issues are caused by internal factors, such as malicious users, and external factors, such as hackers and viruses.
Apart from the privacy issues, the paper also unveils the internal and external threats, which adversely affect the organization’s resources. Lastly, the paper recommends spyware protection, use of passwords and inventory enhancements, as some of the ways The Holiday Inn can use to protect its resources and private details of its clients.
Nyheim, P. D., McFadden, F. M., Connolly, D. J., & Paiva, A. J. (2005). Technology strategies for the hospitality industry. Upper Saddle River, NJ: Prentice Hall.
Tesone, D. V. (2006). Hospitality information systems and e-commerce. Hoboken, NJ: Wiley & Sons.