In late November 2018, Marriott hotels reported one of the largest security breaches of personal data ever – once again demonstrating the vulnerability of the industry and growing importance of cyber insurance.
Vulnerable Data Calls for Risk Management
It was a rough day for the execs at Marriott. Reports allege that the personal information of up to 500 million guests in its Starwood reservation system may have been exposed in a hack. Compromised personal information could include names, mailing addresses, phone numbers, email addresses, passport numbers, date of births, and even encrypted credit card numbers.
Cyber experts suggest that the Starwood chain may have been a target due to the mass customization and customer service-focus of their operations. The significant amount of personal data held by hotels makes them prime victims of cyber attacks.
How Can Your Hotel Business Prepare?
Corporate Account Manager and hotel expert, Steve Cox, shares his top three risk management tips for hotels in the face of growing cyber security threats.
1. Segment and secure your data
Segment your information between web servers and database servers to make it harder for hackers to access and understand. Additionally, always have a back-up strategy. Your data is your business, but it also your responsibility to protect it. Have a plan in place for how this data will be securely stored and used.
Maintain your software by always having the most recent editions and keeping up with updates. Companies are constantly improving their cyber security, and using the most up-to-date version will help ensure that cyber criminals cannot easily access the data.
Install and maintain a firewall and antivirus software on all digital systems that interact directly or indirectly with customer data. Access to client, employee and vendor devices via wireless or LAN connects are a constant risk.
2. Have the proper insurance policy for your risk
The risk of a cyber security threat is significantly higher in the hospitality industry due to the large amounts of personal information kept on file. Hotels and their staff have many touch points with their clients before, during and after their stay. Malicious materials will seek to access customer information such as addresses, credit cards, spending/ buying preferences and remote electronic access.
Insurance companies offer many different types and sizes of cyber coverage to keep your business safe in the face of costly cyber security threats. These options can include protection from ransomware, work-stoppage, legal fees and IT recovery services. We encourage you to take the time to investigate the best strategy for your needs and to ensure that your insurance policy covers cyber security issues for your hotel.
3. Be smart about responses
A public announcement of the data breach should be made promptly and in an informed manner. Hotel managers should begin by gathering and verifying all relevant information. Take advantage of cybersecurity professionals who can identify sources of intrusion, assess the extent of the breach and provide details of the compromised material.
Hotel managers should also notify their security teams at the corporate level so that actions can be taken to protect related properties and their guests.
Taking these steps will ensure that customers can be properly advised and further exposures are limited.
Does Your Hotel Business Policy Include Cyber Insurance?
If you don't know the answer to this question it's a good idea to speak to your commercial insurance broker sooner than later. As your trusted insurance advisor, your broker will be able to help you understand the impact on your business of the changes to Canada's federal private sector privacy law.
Related Articles View All
The recent ransomware attack on the City of Stratford demonstrates our vulnerability to ever-evolving cyber threats. Do you know how your business is protected from disruptions to your software, data, and business operations?
Whether it’s employee data, customer information, or supplier and partner information, your business runs on information. Find out what cyber security risks your business faces as a result.
As of November 1 2018, businesses must submit formal notification of cyber breaches under Canada's federal private sector privacy law. Learn the key cyber insurance terms in this reference guide.
New Privacy Rules come in force – making it important that businesses operating in Canada take Cyber Security Seriously
Important changes to Canada's federal private sector privacy law take place on November 1, 2018 – mandating businesses to submit formal notification of any cyber breaches.