In 2018, after detecting suspicious activity in the reservation database of a Marriott hotel company, security investigators discovered two forms of malware. Hackers had used one program to access the hotel computer system and another to surf its memory for valuable data. The massive security breach stole private information like passport numbers and credit cards from over 300 million guests.
Aside from the scale of this attack, hotel data breaches are becoming all too common: Hilton Worldwide Holdings, InterContinental Hotels Group, and Hyatt Hotels are just a few of the many major companies that have been affected by cyberattacks.
Due to the number of financial transactions that take place at hotels and their global reach, hotels appeal to cybercriminals seeking to monetize the unauthorized use of other people’s information.
So how can the hospitality industry protect their guests?
Here are some hotel cybersecurity best practices and proactive approaches to help prevent hotels from being targets of cybercrime.
Increase Staff Training and Expertise
- Require all staff dealing with computer databases to have sufficient security training on a regular basis.
- Make training consistent and relevant. For example, have an expert such as a software engineer, train relevant staff on ways to identify suspicious behavior and report it.
- Recruit more Designated Systems Security Officers and IT Specialists.
- Conduct in-depth employee training on how to catch all types phishing scams.
- Have IT staff audit suspicious user behavior and track the user logs on Property Management Systems and servers to see the details of what information users are accessing.
Increase Security Measures
- Put access controls on doors, and any other places in hotel rooms that store network equipment.
- Secure all hotel computers with the latest security systems and anti-virus software.
- Invest in the best anti-malware software.
- Meet all PCI Compliance Requirements for all card readers, servers, routers, and networks.
- Use only encrypt Point of Sale systems and install antivirus software on said system.
- Back up all data and change passwords often.
- Avoid disclosing any sensitive personal or business information.
- Encourage guests to use a trustworthy VPN, especially if they will be conducting business while using hotel WIFI and/or accessing any sensitive data online.
Vet Your Vendors
- Research your vendors and ideally get trustworthy referrals.
- If the vendor is going to be involved in processing guests’ information, obtain a Data Processing Agreement from them.
In addition, cyber liability insurance for hotels is essential to protect against potential financial and reputational loss. Learn more about Distinguished cyber liability insurance for hotels and restaurants on our website.