LONDON—Do you know what to do if your hotel has been hacked? Unfortunately, no company is immune to the problem, as illustrated in recently publicized events involving major hotel chains. Hackers pose a threat to any hotel accepting credit cards or housing company data, but you don’t have to be a victim.
With some preparation and training, you can mitigate the dangers and defend your property against hackers. Beazley plc, a specialty line insurer with offices in 12 U.S. cities, offers its clients a “SWAT team” approach to dealing with hackers. Katherine Keefe, Beazley’s global head of breach response services, outlined how to keep hotel data secure, and what to do in the event a data breach has occurred.
“The Beazley Breach Response is a proactive, turnkey approach that says to a company: ‘If you’re having a data incident and you suspect your data is compromised, contact us immediately and we’ll handle it from soup-to-nuts,’” explained Keefe. “In contrast to dealing with other insurers, it’s your crisis and you’re told to save your receipts. Instead, we’ll provide the necessary tools to investigate whether you have had a breach or not, and guide you through the response as a result of the breach. We provide resources and know-how to implement the response that is legally required.”
Often, the point of entry is through a phishing email where all it takes is one click of a link and malware viruses are released into the computer’s environment.
“We have a lot of organizations rolling out training on how to spot phishing emails; how to determine when something doesn’t look quite right; and tips to identify those sophisticated emails. Training is about arming employees with the tools they need to make decisions upfront,” she said. “We’ve also seen an increase in ransomware, which is a form of malware that comes in through phishing emails and doesn’t involve an intrusion into the system. The malicious code releases a virus and encrypts the data where only the bad actor has access to the data. The criminal then contacts the company to extort money. In some cases where businesses don’t have a good backup system, they are forced to pay that ransom.”
For the uninitiated, navigating a data breach is not a do-it-yourself project. Mistakes in remedying the issue may happen, and the consequences can be costly as a result. It’s best to enlist a team of experts—law, forensics and public relations—with the experience and knowledge base to help you handle the process.
“It’s not the time to learn on the job. There are 47 states with laws on this, and all of them bring regulatory enforcement, and timeframes for conducting the investigations and notifying people who may have been affected. That can be a real pressure cooker for companies,” she said.
The best defense is a good offense, so proactively arm your business with as many resources as possible. Hotels can tap into Beazley’s client portal, Beazley Breach Solutions, for a toolkit of checklists and educational materials to become more informed and help prevent data from being compromised. Most importantly, focus on compliance by drafting a comprehensive incident response plan, which provides a blueprint of the external partners to be brought in during a data breach.
Hotels with Beazley’s cyber coverage can deploy a carefully orchestrated “SWAT team” in the event of a data emergency.
“We’re the only insurance carrier to our knowledge that offers an in-house dedicated team for data breaches. Our division has been doing this since 2009 and we have handled nearly 3,500 breaches across industries—hospitality, retail, higher education, healthcare, trade associations and financial institutions. Any company with customer-facing data and employee information is ripe for mishaps and ripe for this service,” she said. “We bring a calming influence, a practical approach and a lot of professional response vendors who’ve been doing this with us for years. It’s a well-oiled machine and we support the breached company in an efficient way.”
Keefe advises hotels to thread carefully in their communications and other attempts to win back guests’ trust after a data breach. Owning your mistakes and fixing your weaknesses are paramount.
“As consumers, we expect breaches to happen but we want the people we entrust to be transparent and truthful about what happened. The best advice we give in these situations is to answer the following questions: What happened? Why did it happen? How am I affected? What are you doing to prevent it from happening again? When they can address those issues in a notification, that’s what customers want to hear and they may not like it, but they’re more likely to place their trust in the organization again,” she said.