Disaster recovery
after a hotel
data breach

Author: Lauren McMenemy

Anyone in the hotel industry knows that a hotel data breach is a very distinct possibility. That’s because hotels are a hot target for cyber criminals: all that personal data, all those identities, all those credit card details, all of it ripe for the picking. Fortunately, disaster recovery is a realm of cyber security that can help protect the hotel industry from the effects of bad actors.

As noted by Robert E. Braun for Lexology, hotels have "systems that by necessity must be accessible to many different levels within the company." He adds that as privacy regulations around the world continue to tighten, hoteliers face higher stakes than ever before when it comes to protecting their guests' personal information.

Even with the most robust security in place, a hotel data breach can still occur, and how a hotel responds is critical both for customers and the brand.

One highly publicized hotel data breach involved Marriott International. In 2018, more than 300 million guests had their information compromised when its reservations system was hacked. Credit card details, passport numbers and dates of birth were stolen, and legal proceedings have been raised by affected customers.

The hotel industry has become more aware of cyber threats since the Marriott breach, but there is still more to be done to guard against a hotel data breach. So, what can the hotel industry do to increase security awareness and ensure protocols and disaster recovery processes are not only ready and fit for purpose but also flexible enough to change at the same pace as the threat landscape?

Detecting and Preventing a Hotel Data Breach

Verizon's 2022 Data Breach Investigations Report, which looked at 5,200 confirmed breaches, found that 91% of breaches in the accommodation and food services industry are the result of criminals who are financially motivated and target payment and personal data.

So how can a hotelier protect against a hotel data breach? IT and security services should be looking at:

  • Limitation and control of network ports, protocols and services
  • Boosting boundary defenses
  • Robust data protection measures

Prevention is better than cure, but of course, nothing is foolproof—there will be times when perimeters are breached. To detect these, ensure your IT security teams are fully up to date on the threat landscape and are vigilant about system protection. A hotel data breach must be identified and contained promptly because it can spread like wildfire.

Some common indicators and event types that could indicate a hotel data breach may have occurred include:

  • Unusually high system or network activity, or activity in unusual parts of the system
  • The presence of unexpected software or system processes
  • Configuration changes that can't be traced back to an approved action, such as added scheduled tasks or new software installed
  • Unusual user activity, such as logging in at strange times or from unusual places
  • Repeated system or application crashes
  • Reports of unusual messages coming from your system or networks

If it's a ransomware attack, you could also receive a message directly from the attacker.

It's important to think beyond the organization's own internal infrastructure, especially as more services are moving to the cloud. While cloud-based and "as a service" applications continue to grow in popularity—they bring efficiencies, make maintenance simpler, are automatically updated—they also result in more exposure to security risks.

Good management is critical to good cloud security, with visibility and monitoring key to securely running any cloud environment. It can pay to work with independent partners to shore up these security protocols and manage risks to help prevent a hotel data breach.

Taking action for disaster recovery

The experience a hotel delivers to its guests starts well before they arrive in reception and ends long after they check out. Every interaction a guest has with a hotel adds to brand reputation, and you don't want your hotel to be in crisis mode and disaster recovery all at once.

Once a hotel data breach is detected, consider the following actions:

  • Immediate: Collect evidence, log everything and validate it with peers, then report internally. Notify affected parties, and communicate your plan of action.
  • Short term: Identify the extent of the breach, and provide trustworthy means of contact for those affected.
  • Long term: Identify the faults that led to the breach, bolster security and test security protocols. Build an internal training program for cyber security hotel industry awareness.

The industry must understand the connection between a hotel data breach and consumer trust, and reinvent policies and protocols to protect information security. Just as important is a robust employee training program—don't rely on a one-off course or on employee self-service. Cyber security training that is specifically geared toward the hotel industry is key to protecting customer data and brand reputation. It must be regular and it must be kept updated.

Remember that insider threats can be just as dangerous: those employees who are untrained in cyber security hotel industry best practices, careless employees who don't follow protocols, and even disgruntled employees leaking information can all result in a hotel data breach.

Any hotel data breach response plan must prioritize payment and personal information, as well as Payment Card Industry Data Security Standard compliance requirements and ultimately, protect the brand reputation.

Discover how Verizon Business's travel and hospitality services can deliver higher levels of security and service while helping you control costs.

The author of this content is a paid contributor for Verizon.