3 minute read
Data Protection in the Hospitality Industry
Bob’s mobile phone has been ringing off the hook. He stares at it blankly as the flurry of calls from known and unknown numbers come in. To say he is stressed is an understatement. His mind replays the events of the past one week that have led to this moment. To fully grasp the magnitude of the current situation, one needs to go back further, 6 months to be precise.
Bob is the Manager of one of the 5-star hotels in the Coastal city, a spanking new hotel that had the highest number of customers during the December holidays, locals and foreigners, who spared no expense when it came to having a good time after a long year.
Advertisement
Substantial Personal Information
Bob’s establishment went all out in terms of services and ensuring the customer experience was seamless, everything was heavily digitized; cashless payments, online booking and checking in, electronic doors, high-speed WiFi, smart appliances linked to the customers’ phones for the duration of their stay. You see Hotels — especially high-end hotels such as Bob’s — collect substantial personal information on their guests to give them a more personalized stay. For a whole three months, the hotel was fully booked and had an avalanche of customers every month. The business was more than good! Then the nightmare began!
No one knows how breached Bob’s hotel systems were. Cybercrime investigators and digital forensic specialists are still trying to piece together details of the breach. With such a digitalized hotel, the entry point could boil down to a single point of failure or an increased surface area of potential loopholes and low hanging fruit that the hackers could have exploited.
However, how? Let us consider the average hotel stay: The process begins and ends with credit card details. These are a special weak spot for hotels, as every process, be it online bookings, drinks at the bar or treatments at the spa require payment by credit card, It could be possible that a POS (Point of Sale) system was compromised. However, the cybersecurity risk extends further than just the POS.
Privacy and Discretion
The hotel Wi-Fi, for example, can be used to access a guest’s private devices, such as mobile phones and laptops, or personal guest information could be been leaked from hotel servers and databases if their protection is lacking.
Considering that privacy and discretion are paramount in the hospitality industry, information leaks have huge negative effects on businesses. Generally, all of the guests’ personal information is highly sensitive. The hotels gather and store it on a long-term basis, meaning guests are potentially at risk before, during, and well after the actual hotel stay. Add integrations with booking sites, tours and travel companies, and other third-party systems, it can be the proverbial needle in the digital haystack. Bob, the Hotel and Hotel owners/shareholders are staring at potential lawsuits and fines. The hotel’s public trust, confidence, and brand health may suffer irreparable damage. A leading world-class hotel with a presence in Kenya had to pay a Kes 74,335,800 fine after being accused of mishandling two separate credit card data breaches. In another instance, another 5-star world leading hotel chain had a massive cyberattack compromising personal information for up to half a billion individual guests, the data breach ranks as the second-largest known theft of sensitive personal records to date.
Shifting from Perimeter Defence
Bob is a fictional character, but replace his name with the managers of any of the local hotels or the worlds’ leading hotel chains and you now know that hospitality businesses are a very concerned lot. The security of their data is crucial and they strive to protect themselves and most importantly, their customers.
One of the ways the hospitality industry can enhance the security of their data in today’s digital environments is by following the global trend of shifting focus away from perimeter defence and investing in solutions that can provide a datacentric approach, Improve authentication and provide enterprise-grade encryption of data at rest.
One such solution is the ESET Identity & Data Protection. It has seamless enterprise-grade encryption and two-factor authentication to ensure protection of an organization’s per compliance requirements. It helps companies with data breaches prevention, Intellectual property protection, GDPR & other regulations compliance.
For more than 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology.
Allan is the Technical Lead at ESET East Africa