Contact Us

Disaster recovery
after a hotel
data breach

Author: Lauren McMenemy

Hotels are a hot target for cyber criminals: all that personal data, all those identities, all those credit card details, all of it ripe for the picking. Fortunately, disaster recovery is a realm of cyber security that can help protect the hotel industry from the effects of bad actors.

As noted by Robert E. Braun for Lexology, hotels have "systems that by necessity must be accessible to many different levels within the company." He adds that as privacy regulations around the world continue to tighten, hoteliers face higher stakes than ever before when it comes to protecting their guests' personal information.

Even with the most robust security in place, hotels may fall victim to data breaches, and their response is critical both for customers and the brand, as Marriott International found in 2018 when its reservations system was hacked and more than 300 million guests had their information compromised. Credit card details, passport numbers and dates of birth were stolen, and legal proceedings have been raised by affected customers.

The hotel industry has become more aware of cyber threats since the Marriott breach, but there is still more to be done. So, what can the hotel industry do to increase security awareness and ensure protocols and disaster recovery processes are not only ready and fit for purpose but also flexible enough to change at the same pace as the threat landscape?

Detecting and Preventing Breaches

Verizon's 2020 Data Breach Investigations Report, which looked at 3,950 confirmed breaches, found the responsibility for breaches in the accommodation and food services industry is spread evenly among several attack types including malware, error and hacking via stolen credentials.

Financial gain is the biggest motivation—at 98% of all attacks—for these breaches of cyber security in the hotel industry.

To best protect against these attacks, hotel IT and security services should be looking at:

  • Limitation and control of network ports, protocols and services
  • Boosting boundary defenses
  • Robust data protection measures

Prevention is better than cure, but of course, nothing is foolproof—there will be times when perimeters are breached. To detect these, ensure your IT security teams are fully up to date on the threat landscape and are vigilant about system protection. Data breaches must be identified and contained promptly because they can spread like wildfire.

There are some common indicators and event types that could indicate an intrusion in your systems, including:

  • Unusually high system or network activity, or activity in unusual parts of the system
  • The presence of unexpected software or system processes
  • Configuration changes that can't be traced back to an approved action, such as added scheduled tasks or new software installed
  • Unusual user activity, such as logging in at strange times or from unusual places
  • Repeated system or application crashes
  • Reports of unusual messages coming from your system or networks

If it's a ransomware attack, you could also receive a message directly from the attacker.

It's important to think beyond the organization's own internal infrastructure, especially as more and more services are moving to the cloud. While cloud-based and "as a service" applications continue to grow in popularity—they bring efficiencies, make maintenance simpler, are automatically updated—they also result in more exposure to security risks.

Good management is critical to good cloud security, with visibility and monitoring key to securely running any cloud environment. It can pay to work with independent partners to shore up these security protocols and manage risks.

Taking action for disaster recovery

The experience a hotel delivers to its guests starts well before they arrive in reception and ends long after they check out. Every interaction a guest has with a hotel adds to brand reputation, and you don't want your hotel to be in crisis mode and disaster recovery all at once.

Once a breach is detected, consider the following actions:

  • Immediate: Collect evidence, log everything and validate it with peers, then report internally. Notify affected parties, and communicate your plan of action.
  • Short term: Identify the extent of the breach, and provide trustworthy means of contact for those affected.
  • Long term: Identify the faults that led to the breach, bolster security and test security protocols. Build an internal training program for cyber security hotel industry awareness.

The hotel industry must understand the connection between data breaches and consumer trust, and reinvent policies and protocols to protect information security. Just as important is a robust employee training program—don't rely on a one-off course or on employee self-service. Cyber security training that is specifically geared toward the hotel industry is key to protecting customer data and brand reputation. It must be regular and it must be kept updated.

Remember that insider threats can be just as dangerous: those employees who are untrained in cyber security hotel industry best practice, careless employees who don't follow protocols and even disgruntled employees leaking information.

Any data breach response plan must prioritize payment and personal information, as well as Payment Card Industry Data Security Standard compliance requirements and ultimately, protect the brand reputation.

Discover how Verizon Business's travel and hospitality services can deliver higher levels of security and service while helping you control costs.