Verizon's 2022 Data Breach Investigations Report, which looked at 5,200 confirmed breaches, found that 91% of breaches in the accommodation and food services industry are the result of criminals who are financially motivated and target payment and personal data.
So how can a hotelier protect against a hotel data breach? IT and security services should be looking at:
- Limitation and control of network ports, protocols and services
- Boosting boundary defenses
- Robust data protection measures
Prevention is better than cure, but of course, nothing is foolproof—there will be times when perimeters are breached. To detect these, ensure your IT security teams are fully up to date on the threat landscape and are vigilant about system protection. A hotel data breach must be identified and contained promptly because it can spread like wildfire.
Some common indicators and event types that could indicate a hotel data breach may have occurred include:
- Unusually high system or network activity, or activity in unusual parts of the system
- The presence of unexpected software or system processes
- Configuration changes that can't be traced back to an approved action, such as added scheduled tasks or new software installed
- Unusual user activity, such as logging in at strange times or from unusual places
- Repeated system or application crashes
- Reports of unusual messages coming from your system or networks
If it's a ransomware attack, you could also receive a message directly from the attacker.
It's important to think beyond the organization's own internal infrastructure, especially as more services are moving to the cloud. While cloud-based and "as a service" applications continue to grow in popularity—they bring efficiencies, make maintenance simpler, are automatically updated—they also result in more exposure to security risks.
Good management is critical to good cloud security, with visibility and monitoring key to securely running any cloud environment. It can pay to work with independent partners to shore up these security protocols and manage risks to help prevent a hotel data breach.