TECHNOLOGY : SECURITY
THE
INEVITABLE INVASION
With the hotel industry a perpetual target for hackers , experts say planning for an eventual data breach is the best policy — even though many hotel companies are adopting a “ wait and see ” attitude when it comes to planning against potential security breaches of internal systems .
“ The real issue is that people don ’ t have any plan in place ,” says Lara Shortz , senior associate with law firm Michelman & Robinson , Los Angeles . “ I see a real need for properties to put together an incident-response plan .”
Changing methodology Experts say one of the main problems companies face from a security perspective is basic day-to-day procedure . In a fast-paced environment like a hotel , employees are logging into various systems constantly and in some cases sharing administrator passwords . Simple techniques like switching passwords every day , while seemingly inconvenient , can go a long way toward beefing up security , according to Robert Cole , founder and CEO of RockCheetah , Menomonee Falls , Wisconsin .
It ’ s also advisable to review and potentially limit what systems and information employees have access to . Instead of sharing one admin password among multiple staff members , experts say each user should have his or her own unique login and should only be able to access the systems and data they absolutely need . Sources say some 15 % to 20 % of data breaches are “ inside jobs ” traced back to an employee . Background checks for all employees are also a vital part of the hiring process .
“ In one of the recent breaches in the retail industry , one of the people in charge of the security had been dismissed
I see a real need for properties
TO PUT TOGETHER AN INCIDENT- RESPONSE PLAN .
– LARA SHORTZ , MICHELMAN & ROBINSON
from a prior job for stealing from his employer ,” says Doug Rice , CEO of Hotel Technology Next Generation ( HTNG ), Schaumburg , Illinois . “ They didn ’ t do a good background check . It wasn ’ t in the hotel industry , but it could have been .”
Preparing for the worst Still , there is only so much a business can do to prevent an incursion . Many experts feel it ’ s not a question of if your systems will be breached , but when . And once that does happen , there are a host of ramifications — from IT and legal fees to public-relations problems and liabilities from any resulting theft . Hoteliers need to prepare for all of these possible events .
One solution is to investigate the newer insurance policies being issued to cover businesses in the event of a data breach . Many policies cover losses stemming from liability but may also cover the expense of discovering and repairing the affected systems .
“ The insurance policies that are coming out now are much better than they were in the beginning ,” Shortz says . “ It really depends on the policy , but sometimes it will cover for liability , and sometimes it will cover all response measures . A smaller property or franchisees that don ’ t have the ability to do that themselves can look into policies that can help with some of those things .”
If and when a data breach does occur , it is also important for hoteliers to be ready to handle PR . Whether it ’ s handling the media or calming a flood of irate guests , the immediate response to the crisis is essential .
“ There are huge PR ramifications , and so you need to have everybody on board with pre-prepared messages ,” Shortz says . “ Have that all set up in advance .”
54 HOTELS May 2015 www . hotelsmag . com