Hotels 'hot targets' for cyber criminals

You might be cautious about using your credit card for some online shopping - but do you ever think twice about swiping it at a hotel?

With most hotels requiring guests to have a credit card‚ accounting firm PricewaterhouseCoopers (PwC) reckons that the hospitality industry could be the perfect breeding ground for cyber criminals.

“Hotels are considered big targets for cyber criminals because they hold a host of personal and financial information on their guests‚ as well as other sensitive data‚ such as payment card information‚” the firm said in a statement.

“Hospitality is the industry with the second-highest number of cyber security breaches‚ after the retail sector. Most of the industry’s prominent hotels have fallen victim to cyber breaches.”

In a report titled PwC’s Hotels Outlook‚ cyber lead for PwC Africa Kris Budnik said high-profile security breaches happened worldwide and had unfortunately threatened trust‚ confidence and reputations.

“The last two years have been particularly worrisome for the hotel industry‚ with a number of high-profile breaches taking place and if we look at this trend it is not going to get better‚” said Budnik.

PwC’s latest Privacy and Security Enforcement Tracker showed that regulators were coming down harder on businesses because of data breaches. “This is shown by the significant increase in the number of financial penalties imposed on businesses that have failed to safeguard information in the last five years‚” PwC said.

“The European Union has adopted the General Data Protection Regulation (GDPR) which fundamentally changes our perceptions of how personal data should be handled in business. The GDPR will also have a global effect as businesses offering goods and services to EU residents fall within its broad territorial scope.

“South Africa’s Protection of Personal Information Act (Popi) is expected to come into force in the next year‚ giving companies a year to comply. In the interim‚ the regulator is not taking a wait-and-see approach‚ but is actively responding to privacy complaints‚ asking businesses to investigate and remediate.”

The PwC’S Global State of Information Security Survey‚ which polled 9,500 executives in 122 countries‚ revealed that the top source of security breaches were current employees‚ followed by former employees and unknown hackers.

“The main attacks as reported by the executives surveyed were customer and employee records being compromised‚ as well as the loss of internal records‚” PwC said.

The firm added that while hotels collected client information in order to provide a better service for their customers‚ the exercise had instead increased risk for their clients. Offering advice on how to find a balance in this‚ the PwC recommended that hotels took at a holistic view of the value chain from how guests placed bookings‚ checked in and out‚ and looked at everything that happened in between to identify cybersecurity and privacy exposures and how they could be addressed.