Data breaches are now a risk of doing business today and are an everyday part of the hotel business. In 2018 alone, the Marriott & Starwood Hotels event lost almost 500 million guests.
Hospitality is now the 2nd most popular target for hackers & cybercriminals, largely due to the huge amount of payment data processed by hotels & restaurants.
EYGM Limited highlights on their website that “Fines for hotel chains which have been breached in the past year (2018) may amount to USD $1 billion.” Hospitality businesses are only second to financial institutions and the retail industries when it comes to cyberattacks.
PricewaterhouseCoopers 2018-22 Hotels Outlook report established that the hospitality industry has the second most number of data breaches, only preceded by the retail sector. In the last 10 years, almost all major U.S. hotel chains have suffered data breaches.
The alarming factor here is that some of the breached hotels were hacked into more than twice. Trump hotels were successfully breached numerous times between 2015 & 2017. The Starwood Hotels breach began in 2014 and was only identified after Marriott Group acquired the franchise.
What is a hotel data breach?
The legal definition of a data breach in the U.S. is:
“a subset of such situations−where there is evidence of an unauthorized “acquisition” of and/or “access” to certain types of sensitive personal information (e.g., social security numbers, driver’s license numbers, or financial account numbers)−that trigger a legal obligation by an organization, such as a hotel, venue or other hospitality organization, to investigate the situation and to notify consumers, regulators, or business partners. ”
In his handbook, Data Security Breach Handbook For Hotels, Venues, & the Hospitality Industry, Bryan Cave categorizes cyberattacks into three categories:
- Security Event
A security event, according to Cave, refers to an attempt to steal data from an organization or a situation where data can be exposed by criminals. In a security event, it is not necessary that the organization experiences data theft, but this can easily evolve into a security incident.
- Security Incident
A security incident refers to a situation where data has been stolen or there is a possibility that data may be stolen from the organization. There is uncertainty over the unauthorized acquisition or access to company data.
- Security Breach
A security breach, although legally defined, has issues with the notification laws that govern data breach laws in the U.S. This event is when the organization knows that sensitive data was stolen, or acquired by an unauthorized third party leading and its disclosure can cause harm to a consumer.
Popular Data Breach Types in Hospitality
According to EYGM Limited a global leader in assurance, tax, transaction, and advisory services, there are six popular data breach attacks that most hotels experience. Although we have covered most of these in a previous blog, let’s quickly list them down:
- POS (point-of-sale) attack
- Personal data theft over Wi-Fi systems
- Ransomware attack
- Spear-phishing attacks
- Social engineering attacks
- Non-compliance with protection and privacy regulations
Protecting Your Hotel Technology Against Data Breaches
The IntSights Cyber Threat Report: 2019 Gaming, Leisure, & Hospitality recommends six steps to robustly secure your hotel against data breaches. These are:
- Staff Training
Staff training remains one of the most overlooked aspects of data security, compliance, and overall integrity of security guidelines. IntSights concludes that almost 95% of data breaches were caused due to human negligence and errors.
Advanced Hospitality Technologies Inc. offers hoteliers a comprehensive training solution to keep POS machines protected, networks secure, and hotel technology compliant. Our PCI certified trainers are equipped with the latest knowledge and insights to assure your staff is prepared to handle even the most severe cyber threats.
- Compliance & Updates
Compliance with data security & privacy legislation is also an essential part of hosting technology in your hotel. This compliance with privacy laws like the GDPR (essentially for European guests) ensures that hotels are following a strict data management & security regime when processing personal or financial information.
Updates are also crucial to the security of your hotel technology systems. An updated system will have fewer vulnerabilities, compared to a legacy system. At AHT Inc. we constantly monitor your hotel technology, patch vulnerable touchpoints, and deliver instant reports to ensure you are updated about the major activity.
- Benchmarking Vendors
A great way to ensure your hotel install quality technologies is by benchmarking your vendors. Like any franchise hotel, every hotelier should establish standards of technology vendors that are viable for the business.
AHT Inc.’s long term partnerships and vendor audits are an excellent way to assure your hotel technology is secure, stable, and invulnerable to modern attacks. Working together with global franchises like Marriott, Wyndham, Hilton, Hyatt, and several others we have developed our very own benchmarks to contract vendors for different hotel types & sizes.
- 24/7/365 Network Monitoring
To assure a minimal attack surface, hotels require hands-on monitoring and management of their entire network. Servers, POS machines, computers, tablets, mobile devices, WIFI routers, and room technology all require proactive monitoring to ensure instant threat reporting.
At AHT Inc. we constantly monitor your hotel network 24 hours a day, ensuring all systems are optimized and secure from data breach events. Our proficient team enhances your network security and monitors your local devices for infiltration and intrusions from within the hotel.
- Monitor External Threats
Monitoring external threats requires a proactive approach from hoteliers by deploying several cybersecurity measures with their tech. As new threats come up, it is quite impossible to keep an eye on every single development.
For rigorous data security, it’s recommended to consult with a hotel technology management company for real-time insights and solutions. Advanced Hospitality Technologies Inc. delivers quarterly health reports, vulnerability reports, and compliance lists to ensure your hotel is safeguarded from external data breach threats.
- Digital Security & Data Management Planning
Your hotel’s security usually begins with an elaborate and actionable digital security policy or data management & security policy. This policy identifies the attack surfaces across your hotel, how to keep them safe, how often to update them, what compliance they need, and who is responsible for its security.
These policies can be broken down into sections to address multiple areas of technology at hotels. Hotels usually need to address data security, payment & card data security, office & front desk security, staff authorization & access rules, compliance & upgrades, and routine maintenance.
I hope you enjoyed this edition of our blog, stay connected for more daily read, interesting insights, interviews, news, and articles from hospitality experts.
For more information about our services visit our website today, call us at
510-900-5990, or simply email us at [email protected]