Latest News
HomeColumnsArticlesFour ways to keep your hotel website safe from security breaches

Four ways to keep your hotel website safe from security breaches

You must remain diligent and always be up-to-date on the best practices suggested by the “cats.” Adhering to the best practices of security measures goes a long way towards thwarting the attacks and encouraging the bad guys to move on to other targets.

Hilton, Trump, Starwood, Mandarin Oriental, and Omni hotels.  What do they all have in common? 

Recently, these hotel chains have been among those that have suffered from a security breach. Hackers, trolls, and thieves do not discriminate – they will infiltrate any hotel website with security gaps and take whatever information they can.

What you can do to protect your site
Security experts and hackers seem to be playing a game of internet security cat and mouse, in which the experts (cats) put in to practice security measures, and the hackers (mice) break through them. Due to this dynamic, security practices you put into place today may not be effective down the road. 

You must remain diligent and always be up-to-date on the best practices suggested by the “cats.” Adhering to the best practices of security measures goes a long way towards thwarting the attacks and encouraging the bad guys to move on to other targets.

Best practices for avoiding breaches

Currently, there are 4 recommended best practices for hotel websites to protect themselves:

1. PCI compliance
We often have negative connotations related to “compliance.” In the case of digital fraud, however, compliance is your friend. The Payment Card Industry Data Security Standard (PCI DSS) is a framework for protecting digital information based on best practices for network and data security. If your hotel stores, processes, or transmits credit card transactions, you are bound to comply with PCI DSS.

In the case of PCI compliance, the easiest way is also the best. By using a payment service provider that has attained a Level 1 PCI DSS certification, hotels maintain the required compliance, and can feel rest assured that everything possible to reduce fraud and protect cardholders is being done for them.

2. Train Staff
While security breaches are usually perpetrated by outsiders, “the network openings that allow outside cyber attackers to burrow in, infect databases and potentially take down an organization’s file servers, overwhelmingly originate with trusted insiders,” according to Recode.

The majority of these security gaps are created inadvertently by insiders who simply do not know any better, so the best way to protect yourself is to properly train anyone with access to privileged information.

Proper training helps take security compliance from the realm of “bureaucratic annoyance” to the realm of a “culture of protection.” By teaching and motivating staff to be vigilant about their handling of security, you greatly reduce the risk of creating security gaps from which hackers can penetrate your security perimeter.

3. Restrict information
In this age of “big data,” there is a temptation to store as much information as possible. In the case of personal information about hotel guests, this is absolutely the wrong approach. In fact, hoteliers should make every attempt to store less information (especially financial information) about their guests. Having less “valuable” data stored on your systems reduces your risk of being a target of data breaches.

Furthermore, hotel management should restrict access to information that is stored and given access to employees solely on a “need-to-know” basis. Only employees who absolutely need to know the information in order to do their jobs should have access to the data.

Lastly, any access point must be logged and tracked to always know who was privy to what information and when.

4. Invest in technology
There are technologies that exist to protect hotel websites from infiltration. Invest in anti-virus software, hardware (like firewalls), and software-based DDoS protection and mitigation services.  While these technologies change rapidly, their investment will pay for itself many times over if they can help you stay clear of a security breach.
 
Hotel website goals
Hotel websites have many goals: increase reservations, improve user experience, provide information, encourage positive feedback, and many more. Adding “avoid security breach” as one of the top initiatives for your hotel website is an important cause and one you will be glad you invested in next time you hear of a competing hotel being hacked.

Founder - 3G Direct Pay Group | + Posts

Eran Feinstein is the founder of  Direct Pay Online, a global e-commerce and online payments solutions provider for the travel and related industries. With over 14 years of experience leading technology, sales, marketing and operation teams, Eran is an authority in the East African e-commerce and payments arena. He's also an avid marathon runner.

29/03/2024
28/03/2024
27/03/2024
26/03/2024
25/03/2024
22/03/2024