Marriott International. Hilton. Four Seasons. Trump Hotels. InterContinental. Hard Rock Hotel.
These are some of the biggest hospitality chains in the business. But there’s another detail also that connects the above names: In the last couple of years, all of them have been at the receiving end of a data breach which has given them uncountable headaches and pain.
It’s easy to see why the hospitality industry makes for such an inviting target to cyber criminals. Simply put, hotels store a huge amount of data about their customers. While a hotel may not have the same number of transactions as a retail store, the data they store about their own customers is substantially more. This includes plenty of personal and both financial data. The data on offer is detailed, rich and substantial – making it a gold mine for cyber criminals.
The risks involved
On the other hand, hotels are huge, gargantuan systems. They have thousands of endpoints on which customer data is stored and can be accessed, say through WiFi, Point of Sale (POS) devices and more. What complicates things further is they can often be interconnected (i.e. restaurant data may be connected with hotel data) which exponentially increases the risk of data breach, as hackers have many avenues to enter and steal data.
And apart from these, there are the usual security risks that come with POS transactions which are an integral part of the hospitality industry. Whether it is the lack of patches which make POS devices vulnerable to new threats or unencrypted transactions, the number of security risks involved is quite high.
Keeping all the above points in mind, it is quite clear why the hospitality industry is an appealing target for cyber criminals. And with the recent spate of attacks on some of the world’s leading hospitality chain, more and more players are waking up to the need of implementing strong, secure cybersecurity solutions. A few ways in which cybersecurity can be bolstered are:
Segregate your data – It might just seem easier and less time-consuming to put all your data and networks in one place. But it’s also a recipe for disaster and should be avoided by the hospitality industry. Keep different data in different places, especially by importance.
Create User Groups – Everyone doesn’t need to know everything. Attritions rates are always high in the hospitality industry with a number of employees coming in and leaving. This is a significant security risk and hence network administrators at hospitality groups must maintain user groups with access to only the data pertinent for each group provided.
A Back-Up Plan – For the hospitality industry specifically, the need of a back-up plan is extremely important. There are just too many variables in this industry – floating employees, thousands of endpoints, thousands of customers, inter-linkages, etc., making it humanly impossible to prevent an incident. But that incident does not need to create huge losses, if there is a strong incident response plan outlined with key data backed up and a plan of action to take in the event of a breach.
Track, Monitor, Analyze – Is there any suspicious activity going on? More data being consumed suddenly? An employee behavior that seems suspicious? These are all portents of a cybersecurity incident and in many cases, early warning and detection could help stave off a disastrous outcome down the line. But for that, network administrators must continuously keep tracking their system data for anomalies.
Hospitality companies can consider Seqrite’s Endpoint Security (EPS) solution which would provide a robust defense against the challenges outlined here. With features like Advanced Device Control, Ransomware & Malware Protection, Data Loss Prevention, Asset Management, and many others, it provides simplicity and control through a single platform providing hospitality companies with the best in cybersecurity. Seqrite has helped leading hotels in different countries with great results to improve their cybersecurity challenges.
As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more