In 2015, the hotel industry suffered unprecedented cyberattacks. In one month alone, Hyatt Hotels Corporation, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings all fell prey to savvy cyber thievery.
Hyatt confirmed hackers used malware to collect cardholder names, card numbers, expiration dates and verification codes from at least 250 hotels globally. Just a few days after the company announced its planned merger with Marriott International, Starwood Hotels also stated malware had been used to steal credit and debit card data that was found on point-of-sale cash registers.
Hilton also began investigating credit card breaches at several of its properties, including its Hilton, Embassy Suites, DoubleTree, Hampton Inn and Suites, and Waldorf Astoria Hotels & Resorts brands. Hilton confirmed the breach and, much like Hyatt and Starwood, cited unauthorized malware that targeted payment card information in point-of-sale systems as the cause of the breach. Additional hotels targeted by hackers in 2015 included The Trump Hotel Collection, Mandarin Oriental and White Lodging Services Corporation.
To help prevent breaches, management should take steps to clearly define employee policies and procedures, which include:
Create protocols for access and transfer of sensitive information
Once a hotel has its IT network secure, only certain individuals should have access to the data. Further, user activity should be monitored using insider threat detection solutions that notify management of suspicious activities, both externally and internally. This includes monitoring applications for phones or computers that have access to sensitive data.
Hoteliers should tighten all network security. Simple ways to help accomplish that include:
- ensure logins expire after short periods of inactivity;
- require strong passwords that are never written down in public or unsecured locations; and
- scan devices for malware every time they are plugged in.
Confirm that off-site technology is secure
Data housed off-site should be routinely backed up, and hoteliers should ensure that Web application firewalls are cloud-based solutions that are secure and encrypted. Hoteliers also should use top-notch anti-malware software and update it routinely.
Securing paper files that might include personal information
Employee files are a major target area for data breaches by way of paper files. They are typically easy to access (particularly in smaller hotels) and provide a significant source of data for a low-tech inside job.
Employee files also might include medical information protected by HIPAA. According to the Department of Health and Human Services, hacking has been involved in the HIPAA breaches of nearly 3 million patient records since 2009. Employees across all industries, including hospitality, should be aware that this highly sensitive information needs to be protected.
For more:Â http://bit.ly/1mHKrMn
