Data Security in Hospitality

The hospitality industry is easily among the most inviting targets for data hackers and would-be thieves of personally identifiable information (PII). The volume of PII available to hotels, and (all too often) a lack of rigor in safeguarding such information, has unfortunately been a recipe for frequent breaches of data security and electronic privacy.

In recent years, breaches have compromised not just hotels’ own business data, but also guest information held by third-party contractors such as travel websites and online booking services. And third-parties’ breaches sometimes make quick legal and public relations actions necessary for hotels.

As hotels continue to expand their relationships with business partners, and begin to roll out newer technologies such as in-room personal assistants like Alexa or Siri, the risks of data breaches are likely to increase.

Among the digital security problem areas or “blind spots” for hotels have been the following:

• Storing credit card information in clear, readable text
• Using easily-guessed passwords. For instance, access to the property management system for more than one hotel was “micros,” which was the name of the developer of the hotels’ property management program
• Failing to use firewalls
• Maintaining permissive networking protocols, including non-updated security programs, inadequate password protection, and even default user IDs and passwords
• Allowing easy access to networks and servers for third party vendors
• Instituting insufficient incident response protocols, and then failing to follow those protocols

With informed advice from legal and IT professionals, 2018 can be the year in which the hospitality industry more successfully meets the challenge of preventing or minimizing data breaches.