How to Protect Your Hotel Data and Prevent Security Breaches

October 18th, 2017 Jeff H General

How well are you protecting sensitive data about your hotel and its guests?

Large-scale security breaches are plaguing the news, and cases like Equifax, and more recently, Deloitte, reveal the damaging consequences of confidential information being released to the public.

While property managers and hoteliers might feel immune, hackers are increasingly targeting small- to medium-sized businesses, hotels included.

Cyber hacks stain your public image, and quickly become costly. Guests also lose trust in your ability to protect their personal information, which diminishes loyalty towards your brand. Fortunately, there are best practices that you can easily adopt at your property to protect your hotel’s data. 

Manage your passwords

Implementing strong passwords is an easy and highly effective way for you to protect your hotel data.

Passwords that are hardest to crack tend to be between 8 and 12 characters long, and include symbols, numbers, and a mix of lowercase and uppercase letters.

Roland Cloutier, a National Cyber Security Alliance board member, recommends people change their passwords every 90 days. When it’s protecting highly sensitive information, the more you change your password, the better.

Store and protect your passwords

Password management software, like LastPass, protects you from data hacks by automatically generating hard-to-crack passwords. LastPass passwords are stored for safekeeping, and can easily be shared between staff at your hotel.

You can also set security controls and restrictions, so only the necessary staff can gain access to highly sensitive data.

Want to check the strength of your password? Use this tool here.

Train staff in best practices

Your cybersecurity is only as strong as the people who manage your data on a daily basis, like your hotel staff.

In fact, the 2014 Ponemon Cost of Data Breach study revealed that one third of cybersecurity incidents are caused by negligent employees or contractors.

With data breaches plaguing many industries, staff should be trained to protect themselves, and your hotel, against data hacks.

Like many independent businesses, hotel employees often feel immune to data breaches. Most staff don’t properly protect their personal data, which means they’re also unlikely to engage in safe online habits professionally.

Build an effective staff training manual

As you design a staff training plan, make sure cybersecurity best practices are covered, including actionable tips and defense strategies for protecting sensitive information.

Educate your staff about email phishing

Email links that may seem harmless can easily be infected by a virus, or something even more compromising.

Companies like Duo Security send out simulated phishing emails that try to trick your employees into clicking malicious links or providing sensitive information.

Fake practice tests, like these, help staff to detect potentially threatening emails when they actually do arrive.

Upgrade your hotel technology

Keeping all the software used by your property up to date, is an effective way to prevent mass data breaches.

Hackers are always learning new, sophisticated ways to gain access to your hotel’s data. Manually updated on-premise software and automatically updated cloud solutions will keep your system up to date with the latest security patches built to fight off new and emerging security threats.

Receptionist giving room keys to customer at reception in hotel

Invest in anti-virus and monitoring software

Anti-virus software is typically the last line of defense in the instance that a hacker gets through your network. Meaning? It’s a worthwhile investment.

Here are a few solutions we’d recommend:

  • Bitdefender Antivirus Plus
  • McAfee Antivirus Plus
  • Symantec Antivirus

You can also onboard data-leakage prevention software. By monitoring the information that comes out of your internal network, like credit card numbers and the personal details of guests, this software detects data breaches early-on, and helps to minimize the potential damage.

Check in with your third-party providers

Most likely, your hotel relies on third-party vendors to efficiently manage your property, and enhance the overall guest experience.

If you’ve already onboarded a property management system, or other technology solutions at your hotel, that means you’ve also had to share sensitive data about your guests.

Many large-scale breaches in high-threat industries, like hospitality, retail and finance, have not been direct hacks, but rather resulted from data breaches to third-party vendors.

How can you ensure the technology solutions on your property are effectively protected?

Start the conversation

InnQuest has strict data breach prevention measures in place, but other vendors you work with may not be adequately addressing these areas. Don’t be afraid to ask your vendors what they do to protect your hotel’s data.

Look at your contract

Update or review your contract to clarify who is liable in the instance of a data breach, and discuss how both parties can best prevent this from happening.
You can also vet the existing preventative procedures outlined in your contract by cross-checking them with best practices.

Consult with a technical expert

Data breaches are complicated, and require highly technical skills, so don’t hesitate to contract the services of an IT professional, or a firm that specializes in cybersecurity.
These IT experts can run security audits on your property and identify potential gaps in your existing defenses. Additionally, they can train your staff on how to protect hotel data and respond to breaches when they happen.

Consider investing in insurance

Hackers are becoming increasingly sophisticated, and often operate overseas, making it difficult to identify or prosecute suspected hackers.

If a cybersecurity threat does happen on your property, privacy and data breach insurance coverage can ensure you’re financially protected, and aren’t responsible for the costly aftermath.

Policies can cover most of the financial impact caused by data breaches, just make sure you’re clear on exactly what is and isn’t covered in your policy. That way, there won’t be surprises later on.

With the rise in competition, data breach insurance carriers that were once costly are steadily becoming more affordable.

Your insurance provider might also be able to help with pre-breach protection and risk management, and post-breach response services.

Implement an incident response plan

If you’re hacked, it’s important to have a crisis response plan in place to effectively minimize the financial and public impact on your hotel.

All staff should properly understand their role and responsibility in the instance a data breach occurs.

Cybersecurity threats are a daunting prospect, but if you’re well-prepared for the worst-case scenario, you can easily bounce back from potential breaches.

Implementing effective safeguards will also prevent data from ever leaving your property in the first place.

Avoid a checkbox approach to security

These are just a few easy steps you can take to protect your hotel’s data.

While this article covers basic essentials for preventing security breaches at your hotel, it is by no means an all-encompassing or exhaustive list of best practices. A “basics” or to-do list is not a replacement for a robust cybersecurity strategy designed by IT experts around your property and how technology powers your operations.

Finally, at the end of the day, satisfying compliance standards only goes so far. Your IT environment must be secure too. The most effective way to protect your hotel data in the face of dynamic and ongoing threats, is simple: follow the guidance of your IT experts.

Wondering how InnQuest protects your hotel from data breaches or how you can improve cybersecurity at your property? Just ask.