The hospitality industry has one of the highest numbers of security breaches. A lot of sensitive customer data is processed daily, including names, addresses, and credit card details. As a result, the hospitality sector seems to be an ideal target for cybercriminals looking to carry out credit card fraud and identity theft crimes. It is, therefore, of prime importance that companies in the hospitality industry take steps to ensure the safety of the data they handle.

Primary factor of security breaches: human error

Businesses in the hospitality sector such as hotels, and restaurants, often have a complex ownership structure consisting of a management company which runs the business, a separate owner or group of owners, and a franchisor. These different entities may store important data in different computer systems and such information may be moved around frequently.

Such complex ownership structures could result in breaches as in the case of the Wyndham Worldwide breaches which occurred back in 2008 and 2010. The perpetrators gained access to the entire corporate network of the organization through an individual operating company.

The reliance of the industry on cards as the major form of payment has also been exploited by cybercriminals in the past. These criminals infect point-of-sale systems with malware that scrapes card information. 20 out of the top 21 high-profile breaches that have occurred since 2010 have been a result of this strategy.

One of the more recent data breaches in 2019 - the Earl Enterprises data breach involved the theft of over 2 million credit card numbers. It is believed that the breach was the result of malware installed on POS systems at the popular restaurants run by the company.

High turnover rate creates more challenges

Having well-trained staff is invaluable for ensuring the secure collection and storage of sensitive data. However, the hospitality industry has a very high turnover rate due to the fact that it largely involves seasonal work.

Employees often leave after a few months or are transferred to other locations. This makes it a challenge to maintain teams of properly trained employees. Just one untrained individual can give cybercriminals easy loopholes to gain access to sensitive customer data.

Insider threats

That's another type of risk faced by companies in the hospitality sector. It involves employees selling customer data to third parties unknown to the management of their organization. Selling such data, which may include information on customer preferences and behavior, could be a very lucrative endeavor for such employees that have access to them.

With the increasing number of data breaches around the world in recent years, it's no wonder that more individuals are becoming aware of the implications of data collection practices. High profile breaches such as the recent Marriott International data breach which resulted in the leakage of the personal data of over 500 million guests continue to drive up awareness levels.

Companies are, therefore, tasked with the responsibility of ensuring that their customers can rest assured that their data will be protected at all times.

The consequences of data breach in hospitality

Failure to provide adequate data protection can have catastrophic consequences for hospitality companies. Some of these include damaged customer trust, a tarnished brand reputation, and legal and financial penalties. The last thing a business needs is to have to settle legal problems with judges, litigants, and regulators.

With the introduction of the GDPR regulation by the EU in 2018, organizations in different industries around the world have been taking steps to ensure greater security of their customers' data. Let's look at some of the steps and best practices an organization in the hospitality industry can implement to protect user data.

How to ensure data security in the hospitality industry

Organizations in the hospitality sector can protect the data of their customers by implementing a number of best practices for mitigating the risks associated with data collection.

  • Encryption of credit card information

This is one of the fundamental steps. It is also important to secure all electronic devices such as laptops, desktop computers, and flash drives.

  • Operating a continuous training program in cybersecurity

This will help to ensure that every employee is trained and proficient with handling sensitive data securely. Organizations can also limit the insider threat by limiting access to sensitive data to trusted employees only and by implementing multi-factor authentication for users who have access to such data.

  • Adhering to relevant regulations

Companies also benefit from adhering to relevant regulations such as the PCI DSS regulation which protects credit card data and the GDPR regulation.

  • Using firewalls, network monitoring, traffic filtering, and anti-malware security measures

These should protect against common cybersecurity threats. Organizations could test their defenses by simulating cybersecurity attacks and making adjustments as needed.

  • A detailed response plan in the event that a data breach should occur

Doing so enables the business to respond quickly, thereby limiting the harm caused by the breach.

With a proper understanding of the importance of data security in the hospitality industry, companies are in a better position to implement effective strategies to ensure the safety of customer data. As companies in this sector continue to expand the ways they collect data from their customers, it is more important than ever that they commit to securely managing such data.

Alex Mitchell
Marketing Manager