Stopping Data Breaches in Hospitality
Data breaches in hospitality, just as in any other industry, are on the rise.
You don’t have to look too hard to find examples of this—take the recent Marriott breach in March, where around 5.2 million guests had their data compromised, including names, credential information, and other personal data.
This is the second such attack to target Marriott in the last two years, and is the latest in a string of cyberattacks affecting organizations in the hospitality industry.
What does this mean for hospitality SMBs? And how should they be safeguarding themselves?
Cyberattacks in 2020
To those who have been following the business security landscape for the last few years, this rise might not come as much of a surprise—attacks have been increasing in number across virtually every industry, and hospitality is no different.
In the past year alone, two-thirds of businesses experienced a phishing attack—emails that are designed to hoodwink users into giving up sensitive information.
And while it’s the large corporations that tend to take the headlines, as ever it’s the small- and medium-sized businesses that have the most to lose.
Nearly half of all cyberattacks target SMBs, a number which is expected to increase.
By comparison to larger counterparts, SMBs are frequently undefended and underprepared to meet the dangers of modern cybersecurity risks.
A survey of IT decision makers found that 96% believe their organizations are susceptible to external cyberattacks and 71% say they are not prepared to cope with them.
Those are damning numbers and should be concerning to any SMB owners.
Related Post: 10 Cybersecurity Stats You Need to Know for 2020
So, What Does This Have to Do with Hospitality?
Some industries, notably healthcare, have very strict laws like HIPAA regarding information protection that providers must be in compliance with or else they risk strong penalties.
Hospitality, however, like most others, have to be in accordance with local state laws, which are the primary legislation for consumer data protection in lieu of any comprehensive federal laws.
And while some states, most notably California with its CCPA and New York with the newly introduced SHIELD act, have made significant progress in passing information protection laws, many have not.
This has led to many SMBs simply not feeling the need to improve their cybersecurity standards, leaving them vulnerable as attackers continue to target smaller businesses.
Data breaches in hospitality businesses are no exception, and given the nature of the kinds of sensitive information these organizations have of their customers, the industry as a whole has a target on its back.
Cybersecurity Challenges in Hospitality
The nature of hospitality means organizations in the industry are uniquely susceptible to falling victim to attacks.
Consider how many guests at a hotel or restaurant use the building’s WiFi. The number of endpoints in any given hospitality establishment outweighs that of most other industries.
Are these endpoints being protected sufficiently? Can hospitality businesses guarantee the safety of user data shared using their networks? Many of them cannot.
Hotels and restaurants compete doggedly to create their own custom dedicated apps, through which customers will store personal information—is that data backed up correctly and securely? According to the number of companies who have cybersecurity plans in place, the answer is no.
Then there’s the human element.
Human error is the number one cause of data breaches from cyberattacks, with 52% of incidents directly attributable to them.
The majority of attacks that occur within businesses happen because somewhere along the line, someone made a mistake. Perhaps they opened an attachment they shouldn’t have or visited a risky website.
Hospitality professionals are not expected to behave like IT professionals in terms of their ability to sniff out an issue, and at the same time there’s a strong likelihood that they won’t have to adhere to the strict compliance rules that a healthcare professional would.
And yet, they are expected to operate computers and deal with mountains of sensitive customer information on a daily basis.
So, it should come as little surprise that businesses in the hospitality industry are enormously affected by cybersecurity issues.
You don’t have to look far to see that there have been a myriad of breaches in recent years precisely because of these challenges.
Being Breached
Data breaches in hospitality, like any industry, should serve as a cautionary tale to business owners.
All too often, however, it can be easy to acknowledge the breaches and continued survival of larger more resourceful organizations without considering the full implications that a breach has on smaller companies.
93% of companies without a disaster recovery plan who suffer a major data disaster are out of business within one year.
SMBs simply don’t have the resources to survive breaches and are risking their entire business by not fully preparing against attacks.
Further consider that even for businesses who can survive a breach and save their data, long-term consequences can be dire.
Hospitality relies on a positive customer experience as much as and perhaps more than any other industry.
Research suggests that 70% of consumers would stop doing business with a company if it experienced a data breach.
If your business falls victim to a breach, then all your customer goodwill can be wiped out in an instant, making it a long, uphill battle to win them back.
Stopping Data Breaches in Hospitality
So, how can organizations stop data breaches in hospitality? What measures can they put in place to protect themselves and their customers from cybersecurity threats?
Protect your endpoints
Businesses in hospitality must get a handle on their endpoints under network.
Hundreds of devices log on to your network every day, often unsecured and mostly unpredictable.
This is in addition to the multitude of devices owned and operated by staff, and extends beyond just their phones—TVs, printers, vending machines; there’s no shortage to network-connected devices, and all of them can be vulnerable.
Consider a true next-gen antivirus for everyone under your network to minimize the potential for attack.
Related Post: What Is Next-Gen Antivirus?
Disaster recovery
Businesses must approach data breaches in hospitality as an inevitability rather than a chance.
The stakes are too high to assume that an attack won’t hit you, and making sure that you’ve got the right business continuity solution is essential in mitigating the negative effects of a breach.
By keeping all your data periodically backed up in secure data centers, you can rest a lot more easily knowing that should the worst happen, you can respond quickly and effectively.
Businesses that fail to overcome a data breach are more often than not those who have neglected on their security and their business continuity strategy.
Educate
One of the most effective ways of counteracting the dangers of cyberthreats is by training employees and establishing policies around a security strategy.
As we previously discussed, human error is the primary cause of data breaches, so businesses should look towards preventing this weak link as much as possible.
Phishing emails have spiked by over 600% since the end of February 2020 as cyber-criminals look to capitalize on the fear and uncertainty generated by the COVID-19 pandemic.
This means making sure staff understand what threats look like and establishing company-wide policies so that the correct procedures are followed to stay safe.
In light of recent events, many organizations have found themselves playing catchup with their cybersecurity, trying to implement makeshift solutions to make up lost ground while their workforces are working remotely for the immediate future.
To find out more about how you can ensure your business’ cybersecurity is in good shape for now and for the future, download our eBook, “What Makes a Good Cybersecurity Defense for a Modern SMB?”.