Data breaches, cyber-attacks and IT security are not the first things that spring to mind when going on holiday. However, even the hospitality industry is affected by security flaws. The most recent data breach affecting a well-known hotel group.
Just last week Marriott International announced the records of 500 million customers were affected by a data breach.
The hotel chain said how this breach was within the database of its Starwood division including, W Hotels, Sheraton, Le Meridien and Four Points by Sheraton.
According to an internal investigation, the attackers had access to the network from 2014 onwards.
How did it happen and what was accessed?
An internal security tool alerted Marriott that the database was being accessed by an unauthorised party. As a result of investigating the issue, it was found that data had been copied and encrypted.
The database contained records of up to 500 million customers. It is believed that the information accessed was a combination of:
- Phone numbers
- Email addresses
- Passport numbers
- Account information
- Dates of birth
- Arrival and departure information
In addition to this, encrypted payment details were stolen and possibly the encryption keys too.
What are the consequences?
Marriott International have reported this breach to authorities and have notified affected customers.
They will have to comply with the EU’s GDPR rules for the affected customers in Europe.
As for any fines they might receive, it’s too early to say. In 2017, Hilton Hotels received a large fine of £525k for risking 363k accounts in two credit card data breaches.
In many data breach cases, scammers tend to send out e-mails pretending to be from the affected party. As a result, the hotel group has announced no e-mails will be sent out with attachments or requesting information.
So how likely are data breaches in my business?
The UK’s Department for Digital, Culture, Media and Sport’s Cyber Security Survey 2018 noted that over 4 in 10 businesses (43%) experienced a data breach within the last 12 months.
Under 3 in 10 businesses have a formal cyber security policy or structure in place.
The highest proportion of data breaches in the last 12 months was in the Financial/ Insurance Sector (57%).
Why do businesses tend to invest in cyber security?
The reasons for businesses investing cyber security were as follows:
- 47% invest to protect customer data
- 23% invest to protect trade secrets, intellectual property, or other assets (e.g. cash)
- 19% invest for business continuity/to prevent downtime
- 16% invest to prevent fraud/theft
How much does a business invest on average?
The average level of investment varies across different industries. Nevertheless, as each business has specific needs some may choose to invest more than others.
Financial Services/Insurance invest heavily in security, especially to meet compliance regulations.
In the last financial year*, April 2017 – March 2018, the average investments by business sector were as follows:
- Hospitality/Food £900
- Admin/Real Estate £1,860
- Finance/Insurance £17,900
*Based on Gov UK data of more than 800 companies
The cost of not investing, is much greater, especially for smaller businesses.
With GDPR in place, fines can reach up to 4% of your annual turnover.
What should you do to prevent a data breach?
- Backup your data regularly, with off-site automated backups
- Use strong passwords & an extra method of authentication
- Invest in cyber security training for your employees
- Take a proactive stance towards technology management
- Encrypt business data
- Invest in the latest technology to stay secure
Read here to find out 5 habits of cyber secure businesses and 4 things they avoid.
If you have any questions on the security of your business, call us on 020 7101 0545 or get in touch here.