CYBERSECURITY IS AN important topic year-round, but during October, officially proclaimed as National Cybersecurity Month, hotels should take time to review their own digital defenses. Certain preventative steps can save money and headache, experts say.
President Donald Trump declared National Cybersecurity Month in late September with an emphasis on the need for individual action. Tools for providing better cybersecurity are available through the Department of Homeland Security’s “Own IT. Secure IT. Protect IT.” campaign and the National Institute of Standards and Technology’s Cybersecurity Framework, the president said.
“All Americans have a responsibility to defend their sensitive data stored on devices and in the cloud,” the presidential proclamation says. “From browsing social media sites to managing online banking accounts, practicing a few simple steps can make a substantial difference in keeping you and your online data secure. To be better protected at home, school, or work, DHS recommends individuals limit the amount of personal information they share online, regularly update devices and software, and utilize complex passwords and authentication methods.”
Cybersecurity should be of particular interest to the hospitality industry, according to a blog post from website design firm Vizergy.
“The hospitality industry is vulnerable from many angles when it comes to cybersecurity. Generally when hacking hospitality companies, hackers are looking to gain access to customers’ financial data. In recent years, some of the industry’s most well-known brands have fallen victim to cybersecurity crime,” the post said.
That includes the major data breach Marriott International announced in November, saying when it acquired Starwood Hotels & Resorts Worldwide Hotels in September 2016 the old reservation system was compromised. That led to the breach that compromised the information of more than 300 million guests.
Marriott set aside $126 million in the second quarter to cover a possible fine by the United Kingdom’s Information Commissioner’s Office related to the breach.
“Organizations are held responsible for data breaches with threatened lawsuits and hefty fines in the event of a cyber attack,” Vizergy said in its blog. “For these reasons, along with others, it is important to have cybersecurity infrastructure in place to protect your property and its customers.”
Companies should secure websites first to best prevent cyber attacks, Vizergy said. Under the 2018 SSL Standards for Data Security and Privacy Protection, all websites are required to have the secure sockets layer, or digital certificate, security method in place. The SSL certificate encrypts data being transferred over a server.
“When installed on a website server, these certificates activate padlocks and the HTTPS protocol that enables secure connections to be made between websites and browsers,” Vizergy said. “Without a TLS or SSL certificate, a secure connection cannot be established, leaving all information transferred between a website’s server and users’ browsers vulnerable to cybercrime.”