In August 2018, Chinese hotel chain Huazhu Hotels Group was hit by a data breach that could have affected 130 million customers.
In what is thought to be the largest data breach in China in the last five years, hackers successfully gained access to 240 million lines of data that contained email addresses, bank account numbers, telephone numbers and booking details.
This is the latest in a string of high-profile data thefts in the hospitality industry. Back in 2016, 250 hotels within the Hyatt group were victim to a digital attack that resulted in payment card details being stolen.
Don’t be fooled, though. Cyber criminals don’t reserve their attacks for the big brands – they’re just as intent on wreaking havoc on smaller businesses, too. And with that in mind, we’ve got some vitally important cybersecurity essentials for independent hoteliers.
Put security at the heart of your business
As much as we’d all prefer it didn’t have to be, cybersecurity is now a top priority for most businesses. This starts with selecting technology providers that have the same mindset.
All of your technology providers must be committed to keeping their technology compliant with current data security standards but also with all patches for their operating systems or hosting environments.
InnQuest harnesses the power and security standards of Amazon Web Services for the roomMaster Cloud PMS. In addition to PCI and GDPR Compliance, as a roomMaster Cloud user, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. Talk to a sales consultant to learn more: Start a Conversation
Attacks can take place at any time, and while the chances of your independent hotel being hit are still relatively low, it’s far better to take a security-first mindset with everything you do. That means maintaining high levels of compliance throughout the business and investing in employee training.
What’s more, if you’re compliant, you’re far less likely to fall foul of regulations or run into costly legal investigations following a breach.
Employing the services of a cybersecurity expert for regular audits is must. Ask them to conduct a thorough audit of your defenses and approach. Then respond and resolve any issues. In this arena, no publicity is the goal!
Keep all systems up-to-date
Your hotel PMS, computer network, room key system and guest entertainment platforms are all potential back doors for skilled hackers.
The vendors of these systems should also be operating on a security-first mindset, therefore make sure you keep everything up-to-date whenever a new release or patch is offered. Not all systems update automatically, therefore if the option exists to check for updates, make it a weekly routine.
Don’t just think digital
Cyberattacks can unfortunately originate from within – they’re not always the work of an anonymous hacker stationed in a random part of the world.
Disgruntled, tech-savvy employees or unhappy guests – although rare – can sometimes become your digital enemies.
Hotels with a security-first mindset and positive approach to employee engagement and mentoring are unlikely to attract or inadvertently nurture such individuals, and providing you have tightly controlled, separate internet access for guests, you’ll limit the chances of attacks originating from that source, too.
Demonstrate to guests that you’re cyber aware
With so many data breaches taking place and making the headlines, data security is firmly in the minds of consumers.
Businesses who demonstrate that they’re cyber aware can differentiate themselves from those who take a more lackadaisical approach. Make it clear on your website and on all guest correspondence that you invest considerably in the protection of their data.
Be ready with a response plan
Regardless of how strong your cyber defenses are, things can go wrong, and your hotel might be on the receiving end of a hack.
The important thing in such instances is to be ready with a swift, effective response. Work with your cybersecurity expert to create a disaster recovery plan which includes provision for getting your systems back up and running, administering password changes across all platforms and any PR communication that might be required to limit brand damage.
You can’t stick your head in the sand when it comes to cybersecurity. Every business is at risk, but if you follow our tips above, you’ll be able to rest safe in the knowledge that you’re doing all you can to protect the hotel and its guests from nefarious online activity.