Galgorm Resort and Spa

Tackling Cyber Threats in Hospitality
In a hurry? Download a PDF of this case study and save it for later!

There has been a myriad of data breaches in the hospitality industryMarriott, Radisson Hotel GroupInterContinental, Four Seasons and Hilton Hotels are just some of the major corporations that have hit the headlines in recent years as a result of a data security attack.  

Today, Marriott is often cited as one of the biggest data breaches to ever take placeresulting in a fine of more than $120 million. However, these basic security failings not only cause devastating financial losses, but they also cost organisations their reputation, jobs, investment and business. These consequences are too great to ignore and last year, PwC’s Hotels Outlook report stated that the hospitality sector had the second-largest number of cyber security breaches after the retail sector. 

Hospitality ranks third, behind retail and finance for likelihood of a data breach.

Source: Trustwave Global Security Report, 2019

The Weakest Link 

Staff are often the greatest asset of any given organisation but can also be their weakest link in cyber security, being predominantly unaware of their behaviours and cyber hygiene.  

As such, hospitality is lucrative industry for cybercriminals because of the value and volume of personally identifiable information these organisations hold. This, coupled with a large workforce, provides ample opportunities for intruders to infiltrate the reservation system or the in-house restaurant POS to capture critical customer data. 

Acknowledging the growing threat, the Galgorm Spa and Golf Resort, a premier luxury hotel based in Northern Ireland wanted to take a proactive approach to increase awareness amongst employees and educate staff about their role in keeping the organisation safe. 

Recognising and Responding to Cyber Threats 

Following an expansion, the Galgorm Spa and Golf Resort had grown their staff across multiple locations, and as a result, the organisation was experiencing an increase in email communication and phishing threats. With Cyber Security being everyone’s responsibility, the Galgorm Spa and Golf Resort were finding it increasingly difficult to clearly communicate cyber security hygiene and train employees on how to recognise and respond to common cyber threats 

Educate and Engage Employees 

With 76% of businesses affected by phishing attacks in 2019 according to Wombat Security, the Galgorm Spa and Golf Resort recognised the need to increase vigilance and help keep staff safe from phishing scams through automated training. 

Using MetaCompliance’s award winning MetaPhish, the Galgorm Spa and Golf Resort can now identify those most at risk and direct users to point of need learning experiences which help to educate employees about avoiding future phishing attempts. Using tailored phishing campaigns which are based around real-life scenarios also helps to drive engagement amongst staff and supports employees to identify various forms of phishing attacks in a controlled environment. 

“Phishing was an area of most concern and MetaPhish was the one product that met our specific needs. It has helped us identify the vulnerabilities within the organisation and has given us insight which we then use to enhance our cyber awareness training.”

Elaine Kelly, Policies & Project Manager

Reporting on Results 

Despite running adhoc awareness campaigns in the past, the management at the Galgorm Spa and Golf Resort could not determine how effective the training was or establish a baseline for current user awareness.

With MetaCompliance’s detailed reporting dashboard, the Galgorm Spa and Golf Resort can now demonstrate the evidence trail of their awareness campaigns, pinpoint users who are vulnerable to attack, and outline the need for additional staff training.  

Management has also been able to share reports with board members and executives which has helped to create a shared responsibility model across the C-suite and support buy in within the organisation 

Shared Sense of Responsibility 

For management at the Galgorm Spa and Golf Resort, creating a shared sense of responsibility was key. Since introducing MetaPhish, the organisation has been able to develop a culture of cyber security, enhance personal accountability and embed security as a top priority across all areas of operations 

Working in partnership with the Galgorm Spa and Golf Resortthe MetaCompliance Customer Success Team has been able to advise on the latest phishing trends and help create customisable templates that are relevant to specific users. 

“The implementation process was fantastic and could not have been better. The team at MetaCompliance was there to answer any of our questions, give suggestions for campaigns and provide their expert advice.”

Elaine Kelly, Policies & Project Manager

In just a few months, the Galgorm Spa and Golf Resort has noted an increase in awareness, with employees following best practice guidelines and assessing before they click on any email links. The Galgorm Spa and Golf Resort has also been able to maintain a consistent approach to awarenessissuing regular simulated phishing tests using the automated workflow which has helped to save them time and resources. 

“Working with MetaCompliance has highlighted the importance of good Cyber Security hygiene throughout the organisation. We have noticed users being more mindful of their behaviours and acting with caution because they are now aware of the risks and consequences resulting in a cyber attack.”

Elaine Kelly, Policies & Project Manager

With the hospitality industry increasingly prone to malicious cyber attacksthe Galgorm Spa and Golf Resort now plan to maintain awareness amongst staff through ongoing awareness campaigns which incorporate a hybrid approach of physical and digital assets such as poster campaigns, phishing simulations, quizzes, and engaging eLearning. 

Mitigate Risk 

With cybercriminals representing a persistent risk to organisations of all sizes, it’s vital that your cyber awareness campaign provides a real defence against cyber threats and educates staff on the importance of their role in safeguarding sensitive company data.  

Create Tailored Cyber Security and Privacy Training

For further information on how MetaCompliance can provide the best possible cyber security and privacy training for your staff, get in touch.

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations
  • This field is for validation purposes and should be left unchanged.