Seekom takes security seriously: From phishing simulations to IT health checks

Is online security front of mind in your accommodation business? The consequences of a security breach can be major and include financial loss, reputational damage and losing the trust of your customers.

 

Seekom takes security seriously: From phishing simulations to IT health checks

At Seekom, we believe security is paramount and have recently taken some extra steps to keep both our systems and our customers safe in the face of cyber threats. Measures include regular security scans by external experts to maintain compliance with Payment Card Industry (PCI) requirements and random phishing exercises with staff to ensure they don't fall prey to someone wanting to hack our systems.

To make doubly sure that our online defences are watertight we also engage independent experts to run IT Security Health Checks of our systems and web services each quarter.

External security scans ensure PCI compliance

Seekom conducts regular external security scans to check our compliance with PCI standards, which provide a strong framework for protecting customer payment data and are critical for any business that handles credit card information

Our security scans, performed by independent external providers, assess our entire system to identify potential vulnerabilities and make sure we meet the strict security requirements established by the PCI Security Standards Council. These scans involve testing firewalls, encryption protocols, access controls, and ensuring sensitive data is stored and transmitted securely, among other things.

Random phishing exercises raise awareness of cyber attacks

One of the most common methods hackers use to infiltrate businesses is known as ‘phishing’, where cyber hackers attempt to deceive employees into revealing sensitive information, such as passwords or financial data, by posing as legitimate entities.

The weakest link in a security chain can often be human error, which is why we’ve incorporated random phishing exercises into our security protocol. These exercises simulate real phishing attempts, testing our staff’s ability to recognise and respond to suspicious emails or messages. By doing this we create a security-conscious working environment where our team remains vigilant and on alert to detect fraudulent behaviour.

Quarterly IT Security Health Checks safeguard our systems

Seekom undertakes quarterly external IT Security Health Checks of our systems and web services. These health checks provide a comprehensive evaluation of our IT infrastructure and identify any potential vulnerabilities. By conducting regular checks we proactively ensure our systems remain robust and resilient in the face of new and emerging threats and maintain a strong line of defence.

At Seekom we’re proud to be ‘walking the talk’ when it comes to online security. We do our utmost to make sure we’ve got your back with solid cyber defences so you can have peace of mind as you go about your business.

The measures outlined above are recent additions to our security efforts, but they aren’t the only steps we take. Other steps to safer online security that we’ve blogged about include introducing stronger passwords and multi-factor authentication, as well as implementing security updates in many of the version upgrades we release for our Seekom system. We’ve also published advice about how to stay scam savvy – it’s worth a read if you want to keep your online guard up.

Recent Blog Post

Smarts to help you operate more effectively and efficiently. From guides of our systems and integrations to tips and tricks you can use every day - we've got you covered.

Seekom promo codes blog image

Promo codes are back, plus other Seekom enhancements

Promo codes are back, plus other Seekom enhancements Seekom users can now manage promotional codes and make it easy for guests to use them when making online bookings at their accommodation, thanks to a recent update that re-introduces the feature alongside some other small but helpful improvements. These changes are designed to support marketing efforts and make management of last-minute […]

Seekom takes security seriously: From phishing simulations to IT health checks

Seekom takes security seriously: From phishing simulations to IT health checks

Seekom takes security seriously: From phishing simulations to IT health checks Is online security front of mind in your accommodation business? The consequences of a security breach can be major and include financial loss, reputational damage and losing the trust of your customers.   At Seekom, we believe security is paramount and have recently taken some extra steps to keep […]

Save time and boost security with Seekom’s latest improvements

Save time and boost security with Seekom’s latest improvements

Save time and boost security with Seekom’s latest improvements As part of our constant commitment to improving Seekom’s functionality to save you time and keep your systems and data more secure, we’re highlighting three of our latest system enhancements. Discover how to save time by addressing emails to groups and locating guest details with handy new search fields, plus be […]

Stay scam savvy: keep your guard up with Seekom

While customers bear some personal responsibility for avoiding scams, it’s also crucial that companies can be relied on to safeguard the data they hold on their customers’ behalf.

After all, the last thing you want is for any credit card details or your business’ email list to be stolen by scammers and used with malevolent intent.

Data security

It can sometimes be hard to identify scams, not least because scam types and techniques are constantly evolving, but also because scammers often use psychological techniques to make it less likely for people to identify a scam.

Scammers contact their targets via all sorts of methods: text, email, phone, social media, messaging apps, fake websites, or even in person. Regardless of the scam, or how it is presented, there are some established actions you can take to reduce the likelihood of being taken in by it.

Maintain a healthy level of scepticism

Maintaining a healthy level of scepticism is no bad thing. Anyone contacting you legitimately will respect the fact you might need to ask some hard questions upfront before you are comfortable dealing with them.

Also, if you are asked for money or to confirm personal details, take some time to think before you respond. Very few situations are so urgent that you need to act straight away. If you’re not sure whether a request is legitimate, you could phone someone you trust to get an objective perspective on the situation, or Google the company’s details and contact them through their official website.

If they have emailed you, carefully check their email address - does it look suspicious or is it a slight variation on their business name (e.g. an extra character added in the middle - think @nike.com instead of @ni-ke.com)? Many banks maintain lists of known scams from people pretending to be bank staff. So it is worth keeping up to date with those as well (e.g. you can view BNZ’s ‘latest scams’ page here).

One of the more worrying approaches used by some scammers is blackmail, or demands for a ransom. In some cases this can involve claims that they have hacked your system and a threat that they will release information that is embarrassing or financially damaging if payment isn’t made, while in other cases they may demand a ransom to restore access to systems they claim to have taken control of. It is possible that your security may have been compromised, but in many instances these claims are bluffs, so don’t take all such claims at face value and get an expert to look into it.

Make sure your staff permissions are up to date and beware of attachments

If you have multiple staff using your online systems, now may be a good time to review the permissions you have in place. It’s easy to forget to update permissions when someone moves into a new role within your business, or to forget to remove their account when they leave. Undertaking regular account and permissions reviews, as well as having sound policies in place for how team members should store and protect passwords, is time well spent.

It goes without saying you should never open attachments or click on links you’re not confident are from a reliable source – you could be opening a Pandora’s box of malicious code ready to infiltrate your computer or personal device.

For more useful advice check out Consumer Protection NZ advice on avoiding scams.

And of course, always remember the ancient adage your parents might have told you: if it seems too good to be true, you’re probably about to get scammed hard.

The Auckland Transport example

In September this year, Auckland Transport suffered its second ransomware attack in a month when a group called Medusa threatened to release financial data it claimed to have stolen from the agency’s ticketing system.

The initial attack crashed Auckland Transport’s HOP card system, meaning top ups of customers’ travel cards and other HOP services had to be taken offline.

The agency responded promptly by getting their HOP card system back up and running within a short space of time. It chose not to bow down to the scammers’ ransom demands, apparently confident in the IT security safeguards it had in place to protect its customer’s financial details.

Despite making the news, Auckland Transport’s situation is an example of a business that could trust the security of its systems and therefore avoided a worst-case scenario.

Business owners are well-advised to employ the same general scam identification and handling tools in their day-to-day dealings that individuals would use.

With a chain being only as strong as its weakest link, and businesses being much juicier prizes for scammers due to the amount of personal data they might hold, businesses also need to make sure their software systems are equipped to repel cyber threats. This can avoid a worst-case scenario that gets a business in the news for all wrong reasons.

If you need detailed security advice there are many experts you can engage to help you put tools in place that are fit for purpose –there’s no one-size-fits all solution so it pays to consider your own business and the specific risks you and your users face.

What Seekom does to keep you safe

Seekom employs a host of IT security measures to stay one step ahead of scammers, eliminate cyber threats and protect the data your customers trust you to look after.

Monthly IT and cyber security health checks allow us to identify any areas for security improvement and ensure we are sticking to best practice. We engage a trusted third party to run quarterly vulnerability scans on our software to meet our PCI DSS requirements.

On top of this, strict data use and security policies for all Seekom staff are in force and we are 100% GDPR (General Data Protection Regulation) compliant.

All Seekom’s critical systems are behind a virtual private network as well as being cloud-hosted in Amazon Web Services, giving a double layer of security. Going one step further, secure credit card storage adds another layer of ‘armour’ to minimise the risk of financial data being hacked.

We regard scam protection and cyber security as a team effort, that’s why we’re busy behind the scenes, maintaining best practice and playing our part to provide a safe and secure software platform. For more handy advice, read our recent blog on playing it safe online with Seekom.

With all these measures in place Seekom’s premium protection offers you the peace of mind to concentrate on doing what you do best – making a success out of your business.

Sign Up For Updates

One of our amazing business development managers will be in touch to showcase our product to you and talk you through how we can help grow your business.

Our fully scalable Property Management System can provide you the tools and integrations you need to scale and grow your business year round. With the added functionality of a fully integrated channel manager, connect your property or properties to as many channels as you'd like.