February 14, 2017

Prevent Hotel Credit Card & Data Breaches

If your Valentine’s Day celebration includes a weekend away in a hotel, keep a close eye on your credit card statements – you may not feel the love for long.

According to the 2016 Trustwave Global Security Report, the global hospitality industry has the second largest share of breach incidents. Both large chains and single properties are affected by hotel data breach incidents.

Point-of-sale (POS) malware is one of the biggest sources of stolen payment cards for cyber criminals but there is lots of other information to target as well.

Hotels have massive databases of confidential information from guests used for booking rooms and/or making payments at hotel shops. Names, addresses, credit card data, passport information, personal preferences, and medical data can all be used for identify theft and account fraud.

At the same time, the interconnection of computerised systems means that when cyber criminals breach a network they may be able to affect structural parts of the hotel too, such as door locks, heating and air, and electrical systems.

Hotels have always provided rigorous physical security for their guests, and now it’s important to show that all property, including confidential information, is kept secure.

8 steps hotels can take to better protect customer data

  • Assess risks: Know what critical data is on file and where exactly it resides; also, how does it move inside and outside of the organisation?
  • Protect POS systems: According to Trustwave, 65% of breaches are caused by POS point-of-sale malware with weak remote access security contributing to 44% of the compromises. Invest in the latest cyber security tools including encryption, anti-virus software, and firewalls to safeguard against POS attacks and other malware. Patch all terminals regularly especially those in constant use. Isolate POS systems from other networks.
  • PCI Security: The PCI Security Standards Council fights hotel credit card fraud by maintaining global payment card industry standards. Be sure the organisation commits to PCI compliance.
  • Employee training: The hospitality industry is known for its high turnover – and this can affect front-line defence. Provide regular and ongoing security awareness training for all employees.  
  • Culture of security: Implement a culture of security so that security awareness is ingrained from day one. It should be evident at all levels of the organisation.
  • Vet third parties. Hotels deal with airlines, car rental companies, retail organisations, etc. Make sure all third party partners – which become access points – are committed to information security best practices.   
  • Store less confidential data: Purge files as regularly as possible and restrict access to information that is stored.
  • Embed security: Direct employee behaviour with embedded secure workplace processes. A Clean Desk Policy directs employees to keep work areas clear of confidential information. A secure information destruction process directs employees to destroy all documents (digital and paper) when they are no longer needed.

Learn how a document destruction partner can help an organisation protect confidential information and the environment with this free guide.