The more companies use and leverage technology, the higher the security risk to the company and its customer base. This past June, Twitter learned this lesson the hard way when cyberattackers managed to send out tweets on behalf of some high-profile individuals. Twitter announced that business clients using its advertising and analytics were subject to the breach. In an email to its client base, Twitter stated “We’re very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day.”
But Twitter is far from alone, countless companies including Uber, Yahoo, Facebook and eBay, have experienced significant data breaches over the years. And hotels are far from safe. In 2018, Marriott/Starwood reported that hackers had stolen the data of roughly 500 million Starwood hotel customers. That data included names, contact information, passport numbers, financial information, Starwood Preferred Guest numbers, travel information, and more. Hotels gather a tremendous amount of personal information about guests and that information must be safeguarded. Here, we discuss three things hoteliers can do to ramp up cybersecurity to protect critical data.
Maintain Adequate Cybersecurity Insurance
Cyberattacks can come from anywhere and from any direction. It’s impossible to completely avoid them so be sure you have adequate financial and legal protection in the event there’s a breach. Go through your insurance policies with a fine-toothed comb to ensure you are covered. Cybersecurity insurance, also known as cyber risk insurance or cyber liability coverage (CLIC), will cover liabilities in the event of a data breach involving sensitive data including credit card numbers, Social Security numbers, and health records. Similarly, data breach insurance can cover the hotel in the event of an information breach. Consult with your insurance broker and reac the fine print to make sure you’re covered.
Keep All Software Updated
Technology has a short lifecycle and relies heavily on updates and upgrades to keep it secure. When software becomes outdated and unmaintained, it not only becomes open to system failure, but it also becomes vulnerable to being breached. Hackers love outdated systems and programs because they can be easily exploited and weaponized. That’s why it’s critical to update all software regularly so your hotel and its guests are protected from a security breach. This goes beyond just updating Windows on the computers, it means updating all software systems as often as needed. IT systems and IoT systems are all connected to the hotel’s network and must be kept up to date. That includes things like mobile key access and connected temperature controls which are easily breached when not updated.
Perform a Quarterly Risk Assessment
While many companies perform a risk assessment only annually, we recommend this be done each quarter. Especially with the addition of many new technologies to keep guests feeling safe in a COVID-19 world. This full security risk assessment should go over all software, systems and programs; assessing their level of risk and addressing any threats right away. This quarterly review should also include devling into vendor security practices; especially if there has been a vendor change. You must ensure that every link in the security chain is strong.