Data Security Do's and Don'ts for Hoteliers
By David Hogan Executive Director of Major Accounts, Heartland Payment Systems | February 23, 2014
By no means is the importance of data security new. It has now been a decade since the first introduction of the Payment Card Industry Data Security Standard (PCI DSS). Infamous data breaches of some of the nation's largest hotel chains have been highly publicized for years. Influential industry groups are committed to educating hoteliers about security tools and strategies that can help protect against the devastating effects of a criminal intrusion. Yet, some hoteliers across the country continue to put their businesses and their guests at risk by failing to adequately secure valuable payment and personal information, making their networks a prime destination for unwelcome guests - cyber criminals.
Payment card security is not a trend… and it is not going away. Rather, cybercriminals are becoming more and more sophisticated in their attack vectors as we collectively learn how to better thwart their efforts, while also evolving their strategies to exploit easy targets of businesses that do not have effective security controls in place.
Hoteliers cannot afford to put data security on the back burner any longer. The subject is indeed complex, but one that is worth committing to and investing in considering the crippling reputational and financial repercussions that take hold should a breach occur. These data security do's and don'ts will help break down some of the questions and confusion in the industry, and can help lay the foundation to jumpstart your data security strategies in 2014 and beyond.
DO Realize the Threat of Data Breaches is Real
The evidence is all around us. Unfortunately there are more than a few cases in recent history that demonstrate hotels can and will continue to be hacked. In fact, data breaches in the hospitality industry, specifically at hotels and restaurants, are on the rise and occurring at an alarming rate. This is due, in part, to vulnerabilities resulting from the use of antiquated property management systems (PMS), shared systems among chains, wireless networks and the high volume of card-based payments, making hotel networks a digital goldmine for hackers.
This target is further exacerbated as cybercriminals from around the world shift their efforts toward U.S.-based businesses, as the country is the last major holdout whose payment system relies on magnetic stripe cards, which are easy to be reproduced and used fraudulently, as opposed to more secure chip cards that are broadly used globally.