Cyber threats seem to be a customary ignorance in this era of digitisation, and the hotel industry is not much prepared to tackle such sophisticated assaults. October, being the Cybersecurity Awareness Month of 2021, let’s look at how the data breaches have affected some of the globally leading hospitality brands in the recent past. Moreover, in line with this year's theme, "Do Your Part. #BeCyberSmart", it’s now high time to go through some critical security aspects to help you stay alert and in averting such attacks.
Listing some of the theft incidents involving hotels. Please note that these incidents were reported in 2020.
* The UK's data privacy watchdog had imposed a fine of £18.4m on the Marriott Hotels chain due to a data breach that has reportedly affected up to 339 million guests.
* In another incident, hackers managed to breach the Ritz Hotel restaurant's reservation system. Then they contacted the hotel's patrons and asked for credit card numbers, claiming that their initial payments toward reservations had been declined.
* MGM Resorts International acknowledged it had suffered a data breach in 2019 concerning 10.6 million of its guests.
Causes of data breaches at hotels
For the hackers, hotels are easy targets as they store large volumes of data about customers and employees. They constantly scan hotels' databases and other IT infrastructures to locate weak spots. Here are some of the loopholes that assist those cyber fraudsters to breach your system and steal your critical data.
* Application vulnerabilities: It could be any application you implement at your hotel from a hotel property management system, point of sale, to a reservation system. Outdated applications with no security standards or new systems not armed with adequate safety measures let hackers crawl straight into your database. Usually triggered by design/coding defects/flaws, application vulnerabilities fail to detect data buffer size, leading to a memory stack overflow. This forces your computer to run and execute the codes implanted by cyber criminals.
* Malware: These are malicious software downloaded by you unintentionally and unsuspectingly. Once downloaded onto your system, they allow hackers to exploit all other connected systems.
* Unmonitored access management: This is another area of vulnerability that can lead to online data thefts. When left unguarded, users at your organisation might make mistakes or even intentionally take malicious actions leading to data breaches on a larger scale.
Impact of data breaches
The alarming surge in cyber fraud does not correlate with the hospitality industry's preparedness to prevent such incidents. Many of them are sitting ducks and waiting for a breach to happen. A few more alarming statistics to be aware of –
* Around 21 per cent of hospitality C-suite executives say that they have experienced data theft.
* While 27 per cent of them offer relevant training only once a year, 28 per cent of them never do it.
Now let's look at the damages it can inflict upon your hotel business:
* Hefty regulatory fines can lead to substantial financial loss
* Operational downtime, again leading to financial loss
* Damaged brand reputation
* Diminished customer trust
* Do Your Part! #BeCyberSmart
As a hotel owner, you must make every effort to secure your and your guests' sensitive data. As a chain of hotels or an independent property, your prime focus should be on having all possible checks in place to ward off cyber criminals.
Adopt a smart Hotel PMS like Hotelogix – one of the top Hospitality Technology Leaders in the world delivering Cloud Based Hospitality Solutions.
Hotelogix cloud Hotel PMS is a PCI compliant hotel software that uses industry-standard TLS/SSL encryption to transmit data. In addition, it saves your data on firewall-protected servers with automatic backups and recovery. The application comes with a Strong password policy with Multi-Factor Authentication. Some of the key upcoming features are Antimalware, Application Security and control, File integrity, and Web Application Firewall. Encryption/Masking of personal Information ensures the privacy of your guest is intact.
* Invest in anti-malware/virus software, digital password manager.
* Ensure that all your systems/applications are up-to-date with the latest security patches.
* Regulate and limit employees' system access rights.
* Carefully store and dispose of confidential and sensitive data.
* Make sure your third-party integration partners/organisations have all the required compliances, determine how secure their platforms/applications are.
* Make sure your connected multifunction printers have all the security aspects.
* Have secure and robust Wi-Fi settings.
* Educate and train your employees.
* Have cybersecurity experts evaluate all the safety measures.
Summary
The threats that target hotels are emerging continuously, as hackers develop a way around to bypass the system security.
In order to keep your property and guest information protected, it is important for you to understand the risks and choose software that will help to safeguard your most sensitive data.