5 key points to improve the security of your hotel's guest data
The summer period is regularly accompanied by an upsurge in cyberattacks on hotels that happen to be full and busy. Operational staff are prime targets for hacking into hotel systems and gathering personal guest data. They are not always well trained to detect these attacks, and are too overwhelmed to remain vigilant at all times. Unfortunately, human error is the main cause of cyberattacks (74%), with phishing remaining the most common type of attack. New AI tools and deepfakes have made threats more effective and less detectable, contributing to a 500-900% increase in attacks since ChatGPT was launched.
As a reminder, the hotel establishment is responsible for processing its guests' data, even when using a data management solution. The establishment has a duty to guarantee its guests the management and control of their personal and confidential data, in line with the GDPR.
The 5 key points for securing your guests' data:
- Equipping your teams
- Train teams in the importance of constant vigilance
- Activate the highest level of software security
- Never use the same password twice
- Require intrusion test reports from your service providers
1. Equipping teams 🛠️
The choice of your technology providers is crucial. Your tools must be reliable, secure, and stable, and give you full control over user management, editing rights (administrator rights) and so on. Updates must be regular, precisely to correct potential flaws.
The ergonomics of the solution are also important, and the solution must be quick to use, to optimise a security-oriented configuration.
2. Train teams in the importance of constant vigilance 🎓
As mentioned earlier, three quarters of cyber attacks are caused by human factors. Employees are the first targets, and need to be trained and regularly reminded to be vigilant. Basic checks can already thwart many attacks (testing the domain name of an e-mail, systematic verification with the people concerned via other communication channels, etc.). All employees need to be trained in these matters, and reminded several times a year of cybersecurity risks and good practices.
3. Activate the highest level of security on your software 🔒
Two-factor authentication (2FA) is the most widely used security protocol, due to its level of protection and how easy it is to set up. Available on many sites and applications, it requires two factors: a password and a device (such as a mobile phone). It may be a good idea to use a certain phone assigned to reception, for example, for sending the security codes. Some solutions allow registering a device (like a computer) as a trusted device, to avoid having to fill in a security code several times a day for different daily connections.
4. Never use the same password twice 🛡️
No one can remember all their passwords. If you can, this is because your passwords are not secure enough, or are used for several different logins. With a password manager on your phone or computer, there's no need to remember all your logins, and it's easy to share logins with other team members securely. These tools also make passwords more secure with much more complex and longer combinations, making them harder to crack.
5. Require a penetration test report from your service providers 🥷
Penetration tests, also known as pen-tests, are carried out by a third-party company that are experts in IT security, in an attempt to detect security breaches or flaws in a solution. A solution provider managing personal data is obliged to carry out penetration tests to keep its security system up to date.
This list is not exhaustive. If you would like some more information on cyberattacks and how to prevent them, consult this article on the basics of hotel cybersecurity, where you can also watch a webinar on the subject.
When it comes to choosing your technology suppliers, consult and download our checklist to help you assess their suitability in terms of security.