February 14, 2017

Checking In for Valentine's Day: 8 Ways to Prevent Hotel Data Breaches

If your Valentine’s Day celebration includes a weekend away in a hotel, keep a close eye on your credit card statements – you may not feel the love for long.

According to the 2016 Trustwave Global Security Report, the global hospitality industry has the second largest share of breach incidents. Both large chains and single properties are affected by hotel data breach incidents.

Point-of-sale (POS) malware is one of the biggest source of stolen payment cards for cyber criminals but there is lots of other information to target as well.

Hotels have massive databases of confidential information from guests used for booking rooms and/or making payments at hotel shops. Names, addresses, credit card data, passport information, personal preferences, and medical data can all be used for identify theft and account fraud.

At the same time, the interconnection of computerized systems means that when cyber criminals breach a network they may be able to affect structural parts of the hotel too, such as door locks, heating and air, and electrical.

Hotels have always provided rigorous physical security for their guests, and now it’s important to show that all property including confidential information is secure.

Here is how hotels can better protect customer data, and reduce the risk of data breach and hotel fraud:

• Assess risks: Know what critical data is on file and where exactly it resides; also, how does it move inside and outside of the organization.
• Protect POS systems: According to Trustwave, 65% of breaches are caused by POS point-of-sale malware with weak remote access security contributing to 44% of the compromises. Invest in the latest cyber security tools including encryption, anti-virus software, and firewalls to safeguard against POS attacks and other malware. Patch all terminals regularly especially those in constant use. Isolate POS systems from other networks.
• PCI Security: The PCI Security Standards Council fights hotel credit card fraud by maintaining global payment card industry standards. Be sure the organization commits to PCI compliance.
• Employee training: The hospitality industry is known for its high turnover – 66.3% according to U.S. Bureau of Labor statistics – and this can affect front-line defense. Provide regular and on-going security awareness training for all employees.
• Culture of security: Implement a culture of security so that security awareness is ingrained from day one. It should be evident at all levels of the organization.
• Vet third-parties. Hotels deal with airlines, car rental companies, retail organizations, etc. Make sure all third-party partners – which become access points – are committed to information security best practices.
• Store less confidential data: Purge files regularly, as possible, and restrict access to information that is stored.
• Embed security: Direct employee behavior with embedded secure workplace processes. A Clean Desk Policy directs employees to keep work areas clear of confidential information. A secure information destruction process directs employees to destroy all documents (digital and paper) when they are no longer needed.

Learn how a document destruction partner can help an organization protect confidential information and the environment.