Hack attacks are a real threat to the hotel industry but with the right protection in place hotels can keep their data safe.
Text: Paul Wheatley // FOTOS: iStock/shutterstock
Impacting a potential 500 million customers, on 30 November 2018 Marriot made the shocking revelation that that they had been the victim of a major hacking attack. Reports suggested that the attack had started to target Marriott International back in 2014, and it had taken until 8 September 2018 for the security breach to be recognised – apparently when the company was alerted by an internal security tool.
A hack attack is the stuff of nightmares for any company, and it seems that hotels are increasingly on the receiving ends of such cyber-crime cases that result in hotel data breaches. As security expert Paul Leybourne explained to Hotel Industry magazine, because ‘digital networks are now the backbone of every hospitality company’s operation … they are also a very attractive target for cyber criminals.’ In the Marriott International case, vast quantities of booking data had been compromised, though the sheer number of guests affected, which Marriott now estimate to be 327 million, shocked not just the hotel industry, but just about anyone who heard about it.
There are clearly lessons to be learned from such a security breach and one can hope that Marriott will be at the forefront of coming up with better hotel security measures. Here are some of the most important preventative measures hotels can and should take to avoid attacks by hackers:
Constant risk assessments lead to a culture of taking care and thinking clearly about one’s own action. This in turn raises the chance that employees not only understand the risks but that they should also be more accountable. This, of course, can only be part of a wider cyber-security plan, created and put into place by experts – a dedicated security person, or team, is much better than relying on an existing employee with a bit of cyber-security knowledge to deal with such a complex and vital issue.
goes the old saying, and often the weakest link is human – or, more precisely, human error. Cyber security experts constantly push this narrative, for good reason, with Laybourne in his Hotel Industry article also noting, ‘No matter how strong hospitality outlets’ security is, or how robust their network configuration, they are at risk of scoring an own goal if they don’t adequately train their staff. All employees, therefore, need to be trained in a range of threats, how they might appear and what tell-tale signs to look out for. Simulated phishing attack exercises for staff, for example, can build up knowledge and create an environment of ‘keeping aware’. Educate all employees about what is expected in terms of passwords, data access and protection, file integrity monitoring, Malware, email use and security information for when taking sensitive material home to work on or during event management. Regular training is vital in order to keep staff alive to ongoing threats.
and make sure you have the right protection in place. Nowadays, for anyone with a smart phone or tablet, a computer or an Internet of Things device updates will be common. Updates not only keep your device functioning as it should, but they are also necessary in keeping you, your data and your device safe. Update your security system and its technology regularly – after all, one update may contain the very patch that will protect your hotel’s data from an attack. As well as using high-quality cyber-security tools, it is also a good idea to back up your company’s data in order not to lose it.