Data security has become a hot topic lately. Over the past few years, there have been major data breaches that put consumers at risk and cost companies a lot of money. Although your business is probably not at the risk of exposing tens of millions of consumer credit cards, you still need to make data security a priority. There are several manageable things you can do to protect your guests and yourself from a costly data breach. Let’s explore a few.
Let’s take a look at a few of the largest data breaches in recent history. They’ll demonstrate that when proper security messages aren’t in place, it can quickly become a nightmare. These companies put themselves and their customers at risk, causing a headache for just about everyone involved.
Hilton Hotels: Hilton identified that malware had been installed on an undetermined amount of payment terminals. The malware stole names, credit card numbers, security codes, expiration dates. All transactions through the property’s restaurants, bars, gift shop, and front desk were put at risk. Source
Starwood: Starwood identified malware installed in some restaurants, gift shops, and other retail areas at 54 of its hotels. They believe the software was installed for almost an entire year before it was discovered. Sources did not say how much the malware cost Starwood. Source
Hyatt: In late 2015, Hyatt Hotels announced that they found a malicious software installed on their payment gateways. The breach affected 318 properties managed by Hyatt, but franchise locations were safe. Source
There are many things you should and should not do to increase your property’s security and lower your risk of a cyber attack.
If you, at this very moment, are using an Excel spreadsheet to manage your property, you’re putting yourself and your guests in jeopardy. If you use Excel spreadsheets to track and manage payments, that is even more dangerous. Credit card numbers should never be stored in full on a document that can be easily saved somewhere else and taken. While it is possible to password protect a spreadsheet, you cannot encrypt it and anyone could read the information.
Even if the information is not online, a virus or hacker can access information on your hard drive.
Pay careful attention to who has access to sensitive information. Any identifying information about a guest should be kept under lock and key. All of your guests’ names, address, email address, credit cards, passports, pictures, etc. should only be accessible by those who absolutely need it. You want to put yourself at as little risk as possible. One of the easiest ways to do this is by limiting who has access and therefore limit the temptation for anyone to steal information.
Make sure that you keep guest information somewhere safe. Only those who need access to sensitive information can get it. Each employee should have their own username and password.
When you choose a company to host your website, make sure that they are a reputable company with security measures in place. If you build your website on WordPress, we suggest using Bluehost or WPEngine. Both of these companies have been around for years and offer strong server protections.
However, these companies do not 100% protect their servers. They are not fully protected, because they allow you to upload whatever you want to create your site. If you upload malicious files or if a hacker places a virus, the server can’t stop them.
If you’re using WordPress, we suggest installing plugins that help protect your website. Here are two of the most common.
iTheme Security: This powerful plugin helps keep your website safe in more than 30 ways. Some of the most popular features include user tracking, two-factor authentication, and masked dashboards.
They also offer brute force protection. A brute force attack is one that uses a machine to try to guess your site’s admin login credentials until it succeeds. iTheme tracks users who brute force other sites and block them from accessing your site. The plugin will also help you identify potential security risks and help you correct them quickly.
Akismet: This plugin blocks spam comments. Comment spam can weigh down your website and cause it to run slowly.
The best and easiest way to encrypt your website and protect yourself is to utilize Secure Sockets Layer security or SSL. An SSL certificate creates an encrypted connection between a web server and a browser (Safari, Internet Explorer, Chrome, etc). Basically, they bind together a domain name, server name/hostname, and an organization’s identity and location. This helps keep user sessions safe and also encrypts sensitive data like credit cards when users make purchases.
We wrote an entire article on how to secure your website that you can view here.
A payment processor is the safest and easiest way for you to conduct online transactions. A payment processor acts as a relay between a merchant (you) and a bank which connects to all the credit card issuing banks (source). Payment processors use SSL to encrypt data during the entire purchase process. This keeps you and your clients safe from people trying to steal sensitive information.
Not only are these systems safe, they’re also efficient. They allow people to make purchases 24/7, reduce paperwork, and help you create reports. If you don’t use a payment processor and rely on pen and paper or Excel spreadsheets, they’re unsafe and waste time. A payment processor can gather all the transactions and present them in a manageable format. Actual efficiencies will depend on the payment processor you choose, but almost anything is more secure than manual payment processing, which is prone to human error.
There are many payment processors out there, here are a few we recommend:
Stripe: This payment processor connects to a whole suite of APIs that allow you to power your booking engine. They also offer code that works on all types of websites such as curl, Ruby, Python, PHP, JAVA, and more. Myfrontdesk has a direct integration with Stripe.
Sage Pay: Sage Pay is also another popular option. They create a safe gateway for you to conduct online transactions. They also offer several other products, such as invoicing, that help you run a smoother operation.
Intuit Quickbooks: Intuit’s payment processing solutions are popular. Intuit has a strong reputation for providing reliable and safe services. They offer payment processing and e-invoicing to simplify your life. Myfrontdesk has a direct integration with Quickbooks.
It seems so simple and obvious, but you and your staff should change your passwords at least once a month. It’s wise to change important passwords that guard access to sensitive information like names and credit card info at least once every six months. Constant changes make it harder for hackers to guess your password and access sensitive information.
Even if your staff does not have access to sensitive information, they should change their passwords frequently. It always better to be safe than sorry.
The best way to migrate from unsafe operating methods such as pen and paper and Excel, is to use a property management system (PMS). A cloud-based PMS, such as myfrontdesk, encrypts all the data that is inputted online. Myfrontdesk also allows you to set user permissions. Administrators can control who has access to sensitive information.
Most PMSs connect to payment processors that add another layer of security to credit card transactions. Even if myfrontdesk does not support your payment processor, it allows you to enter payment information manually. Myfrontdesk will then use this data to run reports and keep your property up-to-date. However, you’ll be managing two systems separately rather than two that operate together.
Payment processing integrations ensure that you and your guests are safe. Not only will a PMS keep your property safer, it will increase efficiency and give you peace of mind.
Have you made your customers’ data safety a top priority? As the world becomes more connected on the Internet, there are more chances for the bad guys to take hold of sensitive information. It’s important to take a proactive approach to data security, because if you get hacked, the repercussions can be huge.
Cloudbeds creates cloud-based hospitality management software that simplifies the working lives of professional property owners, operators, and employees. Tens of thousands of hotels, hostels, vacation rentals, and groups in over 135 countries trust Cloudbeds’ award-winning software. Founded in 2012, Cloudbeds has expanded to hundreds of team members in 31 countries who altogether speak 17 languages.