July 21, 2021
The pandemic has substantially affected travel over the past year and a half. However, as vaccination rates increase, people are booking more business trips and vacations. Despite a greater willingness to venture out, hotel guests remain cautious about their safety, and not just in terms of their health. The rise in identity theft during the pandemic has left many customers wary about the privacy and security of their personal information when they are away from home. Given these dynamics, there is no better time for hospitality companies, such as hotels, to review their data security measures and make sure they are fully prepared to protect guest information.
What Are the Data Security Risks for Hotels?
The hospitality sector is a popular target for information thieves due to the potentially valuable personal information collected from, used by, and distributed to guests. Data at risk includes credit card data and other personally identifiable information (PII), as well as data from loyalty programs, reward programs, and confidential, material, including travel habits, account numbers, and other guest information. Hotel guests frequently have driver’s licenses, passports, health insurance information, and travel documents on their person, which, if stolen, could lead to identity theft.
Point of sale (POS) intrusions are perhaps the most concerning risk for hotels. Since credit card data is widely distributed throughout a hotel, fraudsters have multiple points of access, and credit card information often arrives at the hotel long before a customer enters the building. Due to the interconnectivity of hotel shops, restaurants, personal services, and business centers, data breaches can spread quickly across a hotel, becoming complex and costly.
How Do You Ensure Confidentiality of Hotel Guest Information?
There are several ways to ensure guests’ sensitive information remains private and secure. Here are three best practices to keep in mind.
Train employees well and often. The hospitality industry is known for its extremely high employee turnover rate. Because of this, it can be challenging to keep staff up to speed on their role in safeguarding information. However, by providing robust training at new staff orientation and at regular intervals throughout the year, hotels can ensure staff are aware of potential threats and understand how to avoid them.
Training covering both physical and cybersecurity risks will be most beneficial to your staff. They should know how to properly dispose of leftover paper that houses confidential information, such as customer bills and credit card receipts. In addition, knowing how to talk with guests about paper documents that are no longer needed can be helpful. When guests arrive, for instance, front desk staff should ask if they would like their boarding pass or other travel documents professionally shredded to reduce the chances of identity theft.
Staff should also learn how to recognize threats via email or text, such as phishing, ransomware, or other malware attacks. There is a lot of room for growth in cybersecurity training. More than one in four (28%) hospitality businesses do not train employees on how to identify common cyber-attack tactics, and 27% conduct training, but only once.
Implement cybersecurity measures. Along with staff training, hotels should invest in the latest cybersecurity tools, including spam filters, firewalls, tokenization and encryption, and data loss prevention (DLP) technology. Cloud-based software that automatically updates can ensure systems remain effective at blocking new and emerging threats. Not only should hotels have this level of protection for their own operations, but they also should make sure any third-party vendors, such as hotel gift shops and restaurants, have appropriate safeguards as well.
Have processes for information destruction. To make sure that any paper waste generated as part of check-in, check-out, or during an individual’s stay is not a security risk, hotels should consider working with a professional shredding service to dispose of all paper. This may involve scheduling regular shredding either on-site or at a licensed paper shredding facility. Guests should also have access to the service in case they have sensitive documents that require document destruction. A professional media destruction service can also help when hotels introduce new technology, fully destroying the legacy equipment to reduce risk.
Keeping guest information private and secure is essential to building trust and ensuring the best possible customer experience. Learn more about how Shred-it can help you safeguard your guests’ information.