Hotel Cybersecurity: Protecting your guests and your property from vendor data breaches - Hotel Law Blog - July 19, 2017 - 0 views
-
Hotels rely on third-party vendors to help run their properties efficiently, and often must give them access to sensitive guest data. This leaves hotels vulnerable to cyber attacks; they’re only as secure as their vendors are, and may find themselves directly liable for a data breach.
-
July was another notable month for hotel data breaches – on a single day, several well-known hotel brands and managers, including Four Seasons, Trump Hotels, Hard Rock Hotels & Casinos and Loews Hotels all announced that customer data may have been compromised as a result of a security failure.
-
In analyzing the breaches, there is something that is common to almost all incidents: the vulnerability was not with a hotel, its manager or brand, but with a vendor.
-
This article notes that many hotels have been the victims of cyber attacks. For example, in July of this year, the Four Seasons, Trump Hotels, and the Loews Hotels all had customer information hacked because of security failures. Furthermore, many of these resulted from vulnerability from the vendors. To address this issue, the article suggests that hotels should incorporate the following four actions: (1) Review data security policies; (2) Require vendors to take responsibility for their mistakes; (3) Analyze cybersecurity policies; and (4) Require brands and managers to test backup systems.