The notion that “no news is bad news” generally doesn’t apply to businesses in the service industry. Especially when that news pertains to data breaches or other privacy shortcomings, most companies in this industry would prefer to avoid the headlines altogether.
This may be one of the reasons businesses in the hotel industry, in particular, are giving data security more attention these days.
According to a USA Today report, a panel of IT executives from Starwood Hotels, Hilton and other lodgings operators recently told an audience at the LodgeNet’s Customer Technology Symposium in Chicago that protecting customer data is becoming their top priority.
Similar to retailers, restaurants and others in the service industry, hotel operators tend to collect vast amounts of data from their customers, including names, contact information and credit card numbers. Furthermore, hotels often collect additional information about a customer’s special needs and interests, so they can offer accommodations during their stay. Given the sensitivity of this information, it is important that hotel operators keep it out of the wrong hands or risk exposing it through faulty data protection practices.
“[Personally identifiable information] is considered high-risk because if there were to be a breach, you’re exposing the guest’s identity,” Mark McBeth, vice president of IT at Starwood Hotels, said during the conference, according to USA Today. “It paints some pretty scary pictures.”
This type of situation was brought to a head earlier this year when marketing services giant Epsilon experienced a massive breach to its email systems. According to a SecurityWeek report, among those impacted by the breach were several hotel operators, including Hilton, Ritz-Carlton and Marriott.
Though the extent of the damage to each client is unclear, the incident came as a scare for many of these companies. Service industry organizations were especially worried that the hackers would use the information obtained during the attack to send out scam emails to their customers, impacting the credibility of the company and shaking consumer confidence.
According to a 2010 Wall Street Journal report, the most common security vulnerability in hotels is point-of-sale software. Often, hotels do not require employees to change the default names and passwords of these programs, making it easier for hackers to break in and steal customer information.
To overcome some of these and other concerns, McBeth said hotel operators are applying the best practices detailed by the Payment Card Industry Data Security Standard (PCI DSS), which aims to address data security for businesses that handle payment cards. However, he admitted that the task of ensuring protection throughout an organization is difficult, given the number of channels where vulnerabilities could be uncovered.
“We want to protect the Starwood name by making sure all 542 properties are compliant,” McBeth said, according to HotelNewsNow.com, “but it’s tough to do when each hotel is only required to perform a self-assessment.”
A 2010 report from data security firm Trustwave found hotels were involved in 38 percent of the data breach investigations it conducted in 2009. This makes hotels the most-frequently breached type of organization – ahead of financial institutions with 19 percent, the Wall Street Journal reported.
This being the case, it is encouraging to see some hotels are making moves to lock down their data security practices. There is clearly a great deal of work that needs to be done, but if a hotel can demonstrate it is capable of protecting customer information, it may be more likely to inspire confidence in consumers, which, in turn, could afford the hotel a competitive edge.
Data Security News from SimplySecurity.com by Trend Micro