If you're heading off on your summer holiday, don't let the warmer weather lull you into a false sense of security when it comes to protecting your data.
According to the 2016 Trustwave Global Security Report, the global hospitality industry has the second largest share of breach incidents. Both large chains and single properties are affected by hotel data breaches.
Point-of-sale (POS) malware is one of the biggest sources of stolen payment cards for cyber criminals but there is lots of other information to target in a hotel security breach as well.
Hotels have massive databases of confidential information from guests, used for booking rooms and/or making payments at hotel shops. Names, addresses, credit card data, passport information, personal preferences, and medical data can all be used for identity theft and account fraud. Much of this data is also printed, creating another potential and often overlooked source of a data breach.
At the same time, the interconnection of computerised systems means that when cyber criminals breach a network they may be able to affect structural parts of the hotel too, such as door locks, heating and air, and electrical systems.
Hotels have historically provided rigorous physical security for their guests, and now more than ever it’s important to show that all property, including confidential information, is kept secure.
Here are just some of the steps that the hospitality industry can take to better protect customer data, and reduce the risk of a hotel data breach and fraud:
- Assess risks: Know what critical data is on file and where exactly it resides in physical paper format as well as electronically stored; also, how does it move inside and outside of the organisation?
- Protect POS systems: According to Trustwave, 65% of breaches are caused by POS point-of-sale malware with weak remote access security contributing to 44% of the compromises. Invest in the latest cyber security tools including encryption, anti-virus software, and firewalls to safeguard against POS attacks and other malware. Patch all terminals regularly especially those in constant use. Isolate POS systems from other networks.
- PCI Security: The PCI Security Standards Council fights hotel credit card fraud by maintaining global payment card industry standards. Be sure the organisation commits to PCI compliance.
- Employee training: The hospitality industry is known for its high turnover – and this can affect front-line defence. Provide regular and ongoing security awareness training for all employees.
- Culture of security: Implement a culture of security so that security awareness is ingrained from day one. It should be evident at all levels of the organisation.
- Vet third parties: Hotels deal with airlines, car rental companies, retail organisations, and many other suppliers. Make sure all third party partners – which become access points – are committed to information security best practices.
- Store less confidential data: Clear our files as regularly as possible and restrict access to information that is stored.
- Embed security: Direct employee behaviour with embedded secure workplace processes. A Clean Desk Policy directs employees to keep work areas clear of confidential information. A Shred-it All Policy directs employees to shred all documents (digital and paper) when they are no longer needed, before being recycled.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and data security survey.