The Evolution of Data Security: How to Protect Yourself and Your Guests
By William Collins Executive Director Vertical Market Strategy, Heartland Payment Systems | August 14, 2011
Co-authored by Steven M. Elefant, CIO, Heartland Payment Systems
You've seen the news. You've read the headlines. Data breaches are wreaking havoc on businesses large and small. Between the financial reparations, legal proceedings, and reputational damage, breaches are devastating for any type of business - especially hotel and lodging establishments that have their own unique challenges to contend with.
Hoteliers can no longer afford to sit idly by as their industry counterparts are attacked left and right. The hospitality industry needs to take action - now. From large chain owners to boutique operators and everyone in between, hoteliers need to confront the reality of data breaches so they can proactively protect their businesses and their guests.
A look at the data breach landscape reveals a troubled past for the hospitality industry. This sector consistently ranks as one of the "Top Three" verticals targeted by hackers, according to the Verizon Data Breach Investigations Report (DBIR). Retail and financial services are also prime targets, but in 2010, hospitality regained the number one spot as the top industry suffering from data breaches. On its own, the hospitality industry represents a whopping 40 percent of all data breaches.
Why are hotels so heavily targeted by cybercriminals? A few reasons include the use of PC-based point-of-sale (POS) systems and property management systems (PMS) - including shared systems among chains- as well as the high volume of card transactions and the ongoing practice of retaining card data for reservations. If not properly secured, these systems are vulnerable and can be infiltrated by cybercriminals. Once a hacker has penetrated a POS or PMS, they can remain tapped into in the system for days, weeks, or even months, undetected, pilfering valuable data. This not only includes guest credit card information but also other information that cybercriminals can exploit, such as personally identifiable information like full names, addresses, driver's license numbers and more.
We are not dealing with 14-year-old hacker kids. We are at war with 21st century bank robbers - organized criminal gangs in the U.S. and abroad. Today's cybercriminals are sophisticated, well trained and well financed. Many gangs overseas also have nation-state protection to boot.