Steps are now increasingly being taken to protect hotel guests from data theft, in light of the growing trend of cybercrime in this sector.
According to Mohammad Amin Hasbini, senior security researcher, global research and analysis team (GReAT), Kaspersky Lab Middle East, Turkey and Africa, hotels have a duty to protect the data of their guests.
Carrying out a risk assessment of where the security gaps and possible cyber-attacks can come from, has become essential.
“One relatively inexpensive system that hotels can use to keep credit card information safe is ‘tokenisation’, which replaces sensitive data while it’s being transmitted with a ‘token’. This can be done at POS and will go a long way to protecting customers’ payment information,” Hasbini added.
Hotels can also protect guest data by transmitting information through firewalls or VPNs, meaning that sensitive data is re-routed through safe and secure servers and protected behind firewalls for added security.
According to Dukes Dubai general manager Tristan de la Porte du Theil, hackers are becoming more and more sophisticated in how they are attacking systems, which means hotels must be increasingly vigilant and regularly audit all aspects of their security systems in order to identify any vulnerabilities. He commented: “Some hotels are investing in biometric technology, using fingerprints or facial scans to restrict access to data, but fundamental to the entire process is staff training. At Dukes Dubai, an account and password are required to access any system, password needs to be changed in a certain period. Accounts can only be created if approved by HOD, HRM, and DoF. Whenever an associate leaves, her/his account is immediately disabled or deleted. We have different levels of security on our network and we also have a running system that protects company data.”
Loss of customer data, financial ramifications to their company, and the resulting loss of reputation in a major breach are avoidable for hotels, according to Kafity.
“If hotels take the right measures for attack prevention, detection, and response, they can avoid a data breach. Efficient detection for advanced threats is no longer optional and should be viewed as a critical control in any organisation’s security stack in order to derail attackers early and efficiently,” he noted.
However, Hasbini also emphasised that it is imperative for hotels to share best practices to protect the interest of their customers. This includes actions such as never storing credit card information in the hotel’s systems, which thwarts cyber criminals’ attempts at stealing information in the event that they gain access to the hotel’s systems.
| Advertisement |