5 Ways to Arm Your Business Against Data Breaches
The uptake in online business has triggered an uptake in cybercrime and therefore, an uptake in the need for digital information security. Due to the personalized nature of event and travel bookings, hotels and travel companies are prone to data breaches and online criminal activity. According to an article written by EHL Insights, companies in the industry that use multiple online databases and devices to gather and electronically store sensitive customer information, such as names, phone numbers, addresses, and credit card details, are ideal environments for cybercriminals to conduct identity theft and credit card fraud. Here are 5 ways you can arm yourself and your customers against data breaches.
1. Know Your Systems
Knowing how each one of your systems works is much more important than it seems. To recognize if something has gone wrong, or if there has been some type of data breach, knowing the ins and outs of each system will help you identify what happened, where it happened, what needs to be done, and who is going to be affected.
2. Go Digital
Even in 2022, many companies are still using paper and fax machines to collect, share, and copy information from customers. Information that has been written down or printed is automatically at risk of being misplaced or even stolen. Due to high staff turnover rates at hotels, a customer’s personal information can be easily accessed and may even end up in the wrong hands. All paper copies of receipts, invoices, and event and travel arrangements that have served their purpose should be destroyed, but keep in mind that even shredded copies can be recovered.
3. Become PCI Compliant
The PCI Security Standards Council defines PCI DSS (Payment Card Industry Data Security Standard) as “a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment”.
PCI DSS has changed the way credit card payments are handled and processed in the hospitality and travel industry, designed to help prevent payment card fraud. It’s applied to any business involved in the transmission and storage of cardholder data while being the security standard for most credit card companies. Having PCI compliance shows that a company is taking the appropriate security measures needed to keep cardholder data secure.
To achieve PCI DSS compliance, follow these steps:
- Speak with the financial institutions and banks your company works with (e.g., Visa, MasterCard, AMEX) to determine the correct PCI Self-Assessment Questionnaire for your business.
- Complete the appropriate SAQ for your business.
- Submit the SAQ, evidence of a passing scan (if required), the Attestation of Compliance, and any other requested documentation to your acquiring financial institutions and banks.
To learn more about PCI compliance and how to achieve it, check out this guide.
4. Restrict Access to Personal Information
When it comes to sensitive data, greater access equals greater risk, which is why sensitive data should be protected from not only cyber criminals but staff as well. Password protecting and encrypting information can go far. Multi-layered sign-in systems that require users to identify themselves using something they know (like a password or PIN) and something they have (like a text message sent to a phone or an email sent to a specific inbox) make a data breach much more complicated. The technology you use to finalize agreements, collect payments, and take care of other activities should come built with protections, such as Okta’s single sign-on capability. If your system allows it, individual accounts are another great way to manage who has access to what type of information and how many times they have accessed it.
5. Lock Down and Consolidate Your Programs
It is very important to make sure all your booking, payment, contract, and planning programs are integrated and locked down. It is not enough to have a Secure Socket Layer certificate on your website or to rely on a third-party service, such as Apple Pay or PayPal, to keep a customer’s payment information secure. An SSL only creates an encrypted link between a web server and a web browser. If your company uses more than one program to collect and record customer data and one is not PCI compliant, a customer’s data can be intercepted at any time as the customer is going through the booking process. Another way to protect customer and company data is by offering customers a different Wi-Fi network than the network company programs use when handling sensitive information. Fewer systems equal less information to be stolen and a stronger online infrastructure.
One thing we know for sure is that cybercriminals are finding new and more efficient ways to sharpen their tools and take advantage of web users every day. No hotel or event venue is too big or too small to be subjected to this type of crime. The best thing you can do is educate yourself and your staff on data breaches, how they happen, and how you can prevent them.
The Definitive Guide to PCI Compliance for Hotels
Get a deeper dive into PCI compliance so you can reach and maintain compliancy and stay protected. We cover topics like how it works, what's required, and the consequences of not implementing a strategy.