With cyber-attacks becoming increasingly sophisticated, hotels today need to look beyond their standard security frameworks and implement all the necessary guardrails to ensure guests’ credit card and personally identifiable information (PII) are protected. While EMV chip cards have resulted in safer transactions at the point of sale by encrypting account information, the threat has now shifted to PII. This means the data stored in guest loyalty programs or at the time of booking should be safeguarded.
Loyalty programs represent both an opportunity and a risk for hotels. The main benefit is, of course, ongoing promotions and incentives to encourage repeat visits. With guest information such as name, email address, zip code, telephone number, passport number, date of birth, and more, as part of a guest’s loyalty program profile, this information needs to be well protected to avoid the potential for identity theft, phishing scams or other fraudulent activity.
Hotels are responsible for protecting this information not only for the benefit of their guests, but also for that of the hotel’s as data breaches can affect the business reputation and profits. Some proactive measures to ensure improved cyber security include:
Building Employee Awareness
It’s important to implement a training program that continuously educates employees on the importance of data security and best practices. For example, informing employees about phishing emails, and how to spot them, can help minimize the risk of them clicking on links or opening attachments that grant hackers access to confidential information.
Managing Access to Data
Businesses should constantly ensure that employees only have access to the crucial information necessary to their jobs. Most data breaches occur due to an employee breach. Restricting data permissions is vital in preventing breaches.
Investing in Up-to-date Machines
Updating computers and POS systems with up-to-date technology is an important step in avoiding a potential breach. These investments can include stronger firewalls and a protected Wi-Fi network to keep malware away from sensitive data.
Hotels should take proactive measures to develop data protection governance capabilities and take a holistic approach that treats PII data as if it were personal financial information.