Many key players in the global hospitality industry have fallen victim to cyber-attacks over recent years, including the Hilton, the Trump Hotels and the Mandarin Oriental.
Why are these businesses such tasty targets?
We’re talking about hotels, restaurants and other retail outlets which process (and store) customer data all day, every day.
The emergence of this industry as a lucrative target and the increasing number of high-profile attacks over the last couple of years only demonstrate that these businesses are not pushing security and privacy up high enough on their agenda. It is only a matter of time when customers of these establishments will kick up a fuss and demand answers on security breaches and why they cannot be trusted with customers’ personal details – it will be the burger or overnight stay that these customers might come to regret.
It will not be long before businesses are forced to take the protection of personal data more seriously. The ownership of such data lies with customers and employees (and not the business) so increased security measures are required to minimise the risk of compromising the privacy of personal data.
Though it is not just personal data at risk. Whatever you can do with your systems, cyber attackers can do too: access bank accounts, turn on the ACs or crank up the heat, set all the fire alarms off, get the sprinklers going, you name it. If all hell is breaking loose in your business, you risk losing control of your employees and your customers.
And what about the legal and financial risks?
The UK will adopt the General Data Protection Regulation (GDPR) soon and we are all expected to be compliant by May 2018. The GDPR is intended to provide the general public with confidence that its personal information is being handled with care. This means that businesses will need to be more transparent, including disclosing any security breaches affecting personal data.
Once someone with time on their hands and the requisite skill set gains access to your system, you will most certainly be at risk of reputational damage. You could also be looking at penalties of up to €20m or 4% of your worldwide turnover (whichever is higher), plus compensating individuals who are not too pleased with the way their personal information has been handled. That’s colossal.
The regulators of the new laws will also have the power to intervene in the way you run your business and implement appropriate changes.
How to prepare?
There is no simple trick to preparing for the regulatory changes. Businesses must think of the preparations as a lifestyle change, like healthy living which involves a well-balanced diet and exercise rather than crash dieting for short a period of time to achieve a quick, temporary result, which can have dramatic repercussions.
Security breaches can impact upon personal data at risk as well as operational matters. Safeguard your business with system security audits, annual health checks for your business, employee training and keep policies and business models relevant. A combination of such healthy measures, and being able to learn from own and others’ past mistakes, will reduce risk of security breaches, ensure you are prepared for attacks and help keep you on the good side of the law and your customers.
