Hotel Cybersecurity: Reducing the Risk of Cyber Threats and Data Breaches

In 2017, the hospitality industry became a prime target for bad actors and it doesn’t look like things will change anytime soon. It’s a significant cause for concern as data breaches can have dire consequences for both single properties and giant multinational corporations.

From the Hard Rock Hotels & Casinos guest data breach to the Hyatt Hotels Corporation credit card data breach, these security incidents are quickly becoming the norm. Unfortunately, with the rapid adoption of the Internet of Things (IoT), the threat level is only going to increase.

Last November, it was reported that the Hilton was fined $700,000 for the mismanagement of a couple of credit card data breaches in 2014 and 2015 where over 363,000 accounts were put at risk. In this scenario, bad actors were able to gain access to their systems by installing point of sale malware.

If this data breach had occurred in Europe after the forthcoming General Data Protection Regulation (GDPR) (EU) that will be implemented later this month, that fine would have risen to about $420 million (or up to 4% of the company’s turnover).

So what should hospitality professionals do to reduce the risk of cyber threats and data breaches? Let’s take a look.

1. Train Your Staff (On a Regular Basis)

One of the weakest links in this whole process is the human element. This makes it critical to regularly train staff on how to identify and protect themselves from potential cybersecurity threats.

Educating your employees can help them recognize suspicious behavior and popular hacking tools like phishing emails. It can also go a long way to help deter them from engaging in risky online activities while they’re at work.

If you haven’t already developed a cybersecurity best practices training manual (with actionable tips and defense strategies), it’s important to create one as soon as possible. It’s also important to have a robust crisis response procedure in place to react appropriately and effectively to an active data breach.

2. Update Hotel Systems

Staff training will be futile if the software used by the hotel isn’t up to date. Ensuring that all updates and patches are installed when they’re released can be an effective approach to avoid a significant data breach.

At the same time, hotels should also invest in a real-time antivirus monitoring system, enhanced encryption, a strong firewall, and network security to better protect sensitive data. This will also be a good time to make sure that default passwords aren’t used anywhere on the network.

3. Talk to Your Third-Party Vendors

More often than not, hotels rely on various third-party vendors to efficiently manage the property and provide enhanced guest experiences. So whether it’s your on-premise hotel management software or IoT sensors and devices, you might be sharing sensitive data about your business and your guests.

As a result, it’s important to engage third-party vendors to ensure that they’re following cybersecurity protocols that meet your standards. If they’re not adequately addressing these issues, you have to take steps to protect your data.

For example, bad actors were able to gain access to a casino’s high-roller database or casino slot machines by hacking into an IoT connected fish tank thermostat in the lobby. IoT devices tend to come with default passwords and limited protection, so a little due diligence may have helped prevent this incident.

4. Conduct a Cybersecurity Audit

It’s important to conduct a cybersecurity audit and cross-check them with established best practices. This will provide an opportunity to identify any gaps in existing defenses and resolve them quickly.

Cybersecurity threats are complicated and continuously evolving. As a result, it’s important to conduct security audits on a regular basis to ensure that your property is adequately protected against the latest cybersecurity threat.

Although the hotel industry can’t eliminate the threat of a data breach, following these best practices can help minimize the risk. Furthermore, effectively managing this risk will be an on-going process that the hospitality industry just can’t afford to ignore.