Hotel Data Security: What You Need to Know

NATIONAL REPORT—Widely publicized data security breaches are serving as catalysts for change in the way hotels handle guests’ private information. Indeed, the most recent example could come from Hilton Worldwide, which is reportedly investigating a possible data breach.

As significant risks to brand reputations mount, protecting consumer details and combatting fraud is becoming an even greater priority. “The hardest part is every time something like this happens, it creates a reputational stain and people don’t really trust it. The fact is, if Wyndham is seen as a place that will not protect hotel information, people will not go there and that’s going to lay in the lap of the owners,” shared Robert E. Braun, partner, Jeffer Mangels Butler & Mitchell LLP. “Owners have a significant responsibility to use safe cyber behaviors.”

With hotel data security under a microscope, it’s not enough to guard against outside hackers as the main focus—there are also cases where employees have posed a potential risk. “In terms of hotel owners, they cannot ignore what their managers and franchisors are doing or they’ll pay the price, ultimately,” said Braun. “If something happens and a claim is brought by the FTC, individual or class action, the hotel has to indemnify the manager and it would be at the owners’ cost.”

In August, a U.S. appeals court determined that Wyndham will have to face accusations of allegedly insufficiently securing its computers from threats. In a statement, Wyndham expressed confidence the findings will prove otherwise: “It is important to note that today’s opinion was decided solely upon our motion to dismiss the FTC’s complaint, which requires the Third Circuit to take the FTC’s allegations at face value. Once the discovery process resumes, we believe the facts will show the FTC’s allegations are unfounded. Safeguarding personal information remains a top priority for our company, and with the dramatic increase in the number and severity of cyber attacks on both public and private institutions, we believe consumers will be best served by the government and businesses working together collaboratively rather than as adversaries.”

Experts agree it’s vital to identify potential security weaknesses, devise a plan to correct any issues and stay in compliance with government regulations. “The first thing to do is to get your house in order because you have to be aware. Every owner has access and collects personal and sensitive information. Make sure you have technological security in place, such as firewalls and sandboxes to keep names safe,” said Braun.

HTNG CEO Michael Blake advises hotel owners to seek out professional expertise on the matter and prepare for a worst-case scenario. “HTNG advises all hotel companies of all sizes to hire their own IT security professional or chief information security officers, who will follow data security best practices in attempt to avoid data breaches,” he said. “Assume your systems will be breached, devise a plan to limit the damage, and know which data could be compromised. It is important to ensure compliance to PCI at a minimum.”

Education should also be a key part of the strategic effort to bolster security; hotels must carefully train their staff to minimize red flags and future occurrences. “All personnel should be trained in cyber security, as up to 100% of incidents are human-error related. Everyone should be trained and know they can be a vector for intrusion. It can’t be solved by tech alone and hotels have to step up on training,” said Braun.

—Corris Little