« Back

Hotels and Hospitality: 5 ways to protect yourselves and your guests from a data breach

August 10, 2020

Our top tips for giving your guests a holiday to remember for the right reasons…

HotelWith the summer holidays in full swing and the hospitality sector opening back up again, staycations have become the order of the day, as Brits flock to UK beaches and countryside for some time away. Making sure they give their guests a safe place to stay, hotels, B&Bs and other holiday accommodation have all put measures in place to protect against COVID-19 – and this is essential. But these aren’t the only protective measures they need; in the hospitality sector, data breaches are rife, with big names falling victim to leaks. Last summer, Marriott was fined almost £100m by the ICO after hackers stole the records of 339 million guests and, this February, the personal information of more than 10.6 million former guests at the MGM Resorts hotels were leaked on a hacking forum. So it happens, especially in this age of technology. But it can be avoided. Here are our 5 top tips for protecting yourselves and guests from a data breach…

 

Carry out regular security audits

If you’re not sure where to start, this is the place. By carrying out a security audit, you’ll gain a better understanding of what you’re currently doing to protect the sensitive information you hold, you’ll be able to identify any weak spots or areas you’ve missed, and you’ll be in a better position to create a plan for going forward that addresses these. But don’t just do one audit and leave it there – make them a regular occurrence, so you can spot any new issues as they arise.

 

Put security measures in place

Once you’ve done that first audit and made a plan, you can put the appropriate security measures in place to protect your data. There are too many to list here, but this could include:

  • Investing in a digital password manager
  • Facing computers and laptops away from public areas and installing privacy screens on them
  • Putting access controls on room doors, cupboards and cabinets that store confidential information or network equipment
  • Installing a strong firewall and anti-virus software
  • Keeping all computers up to date with the latest security patches
  • Having a clear process in place for storing and disposing of confidential materials
  • Putting a retention policy in place

 

Train your employees

With the appropriate measures in place, it’s now time to get your staff on board and train them up on the policies and procedures you’re implementing, as well as general security awareness. Make the training clear, easy to understand and be consistent in what you’re saying. Teach them to identify suspicious behaviour, report it and, when in doubt, ask. Cater to different learning styles by training in different formats, such as online courses, workshops and on-the-job training. And, most of all, repeat, repeat, repeat until it becomes second nature.

 

Know who you’re doing business with

Do your research on all vendors, suppliers and companies you intend to work with and buy from. Ask questions, understand the way they work, make sure they are GDPR-compliant. Only partner up with them if you’re satisfied with their answers. If the vendor is going to be processing your guests’ personal details, know what data that will be, what it’s being used for and obtain a Data Processing Agreement from them.

 

Destroy confidential information securely

Don’t fall at the last hurdle – any documents, products and electronics containing sensitive information must be securely disposed of when no longer needed. They can’t just be thrown in the general waste bin or the recycling; they have to be shredded. Make sure your staff know what materials count as confidential and have a clear procedure in place for these materials. To make things easier for yourselves, work with a professional data destruction company (like Printwaste!), who will help you identify what is confidential, implement the best procedures, provide you with secure storage consoles and safely destroy your sensitive information for you.

 

Here are some examples of confidential information your hotel might hold:

  • Booking information
  • Boarding passes
  • Customer bank account information
  • Customer receipts
  • Guest itineraries
  • Financial reports
  • HR documents
  • Presentation materials
  • Loyalty account statements

 

For more on our confidential shredding services, click here.

 

« Back