The threat of cybersecurity threats, hacks and data breaches has never been higher, affecting a whole host of industries. From hospitality and recruitment to entertainment spaces, cybersecurity is an issue that affects us all and shouldn’t be taken lightly. Escape room owners hold on to contact details for bookings and could be at risk of this information being stolen. These are some of the most prominent cybersecurity threats escape room businesses face and how to prevent them from impacting your reputation.
Ransomware hackers encrypt your data so staff can’t access the information they need, and then demand payment to release the data again. It’s an increasing issue for a wide range of businesses and something that can be particularly detrimental to small businesses who may not have the funds in place to get their data back. From bookings and billing, escape room businesses can lose money in two ways if they suffer a ransomware attack: one in the form of the loss of the ransom itself but also from the degradation of the customer experience which can impact reputation and future bookings.
Best practices to prevent the threat of ransomware impacting your business include maintaining good security habits, making sure your antivirus software is kept up to date, and exercising caution when it comes to emails with attachments. It can also be beneficial to ensure that you’re minimising privileges within the company when it comes to who has access to data and booking systems. Sam Waylen, Senior SOC Analyst at Redscan, argues that “by adhering to the principle of least privilege, businesses can significantly reduce the potential damage an attacker can inflict should a user’s password and credentials be compromised”.
Social channel threats
Social media is something that’s fully ingrained in our society now and it’s an essential marketing tool for escape room businesses to reach a broader audience, highlight discounts and events, and promote the location and theme of your business to your target customers. But because it’s something we use every day, it can be easy for businesses to neglect it when it comes to security. If your organisation’s accounts aren’t secured, or you’re not enforcing proper usage policies, you could be putting your business at risk.
Social channels are at threat of malware attacks, with cybercriminals focusing their efforts on data-rich environments such as Instagram, Facebook and Twitter to gain access to the personal information of your customers. Industry journalist Bruce Sussman states that knowing how your organisation uses social media, and which members of the team are responsible for it, can help to control your assets more effectively, but also that businesses should “train employees on best practices for social media use and other relevant cybersecurity techniques [to] help your social media users understand the way hackers can use social media to attack or spoof your organisation”.
PoS (Point of Sale) systems and payment card systems are integral to escape room businesses to book customers in for events and sessions and take payment. PoS systems are a concerning area for businesses as they’re often breaches for the payment data of customers. Businesses can be left vulnerable from the likes of weak passwords, insecure remote access and poor configuration of the system, making it easier for criminals to access the system and hijack it. But what makes these a more difficult feature to secure is that they attack the vendor, not the escape room business, so it’s actually a third-party crime that results in money loss for customers and a bad reputation for your business.
There are several ways to protect your business against PoS attacks, from amping up employee training so that everyone accessing the system has knowledge of the potential risks, to installing antivirus software on the system itself. End-to-end encryption is also an essential feature of your PoS system to protect them against theft. While it’s unlikely that your staff will use PoS devices for criminal purposes, there’s still potential for human error to occur, such as accidentally leaving devices somewhere they shouldn’t or losing it entirely where it can be picked up by someone else. Make sure that devices are locked down at the end of each day to prevent a data breach and limit who has access to it.
If you’re using email, you’re at risk of phishing attacks. In fact, levels of phishing exposure via mobile devices increased by 161% in the latter half of 2020 and the first half of 2021. And with escape room owners dealing with emails from customers all day long, it’s a big threat to their operations. In recent years, cybercriminals have become more sophisticated in how they implement phishing attacks and they can be difficult to spot if you’re not clued up on the risks and threats out there. Phishing is the act of sending and receiving emails that seem at first glance to be from a genuine source, asking for details, passwords or payments to be sent.
There are two types of this threat, spear phishing and whaling, with the former aimed at individuals and the latter involving more people. Employees need to be trained regularly on catching phishing emails and stopping them in their tracks, such as scrutinising email addresses, checking for poor spelling and grammar, and being mindful of what’s being asked for in the email itself. Businesses should also back up their data regularly and avoid disclosing sensitive data or customer details unless absolutely necessary.
Escape room owners have a duty of care to the details and payment information their customers provide, and with cybersecurity such a huge threat to businesses today, staying knowledgeable about the threats is the first step to preventing an attack or data breach.