Probably the most well-known case was the 2014 Marriott data breach, where enormous amounts of sensitive data were compromised with relatively simple email spoofing techniques. A few years later in 2020, Marriott confirmed a new data breach, this time involving the personal information of some 5.2 million guests, exposing over 500 million users to significant risk. This caused Marriott 12.5 billion in damages.

MGM Resorts International also suffered cyberattacks in 2019. Hackers managed to steal the personal information of over 10.6 million people.

As travel and hotel booking moved almost entirely online, it became increasingly important to stay vigilant for cyber security attacks. Hackers and fraudsters do not only target large hotel chains, many are specialized in small hotels where the level of security is expected to be significantly lower.

What are some basic steps and recommendations every hotel should take to maintain cyber security?

Regularly changing passwords

Using secure communication channels

Setting up credit monitoring

Practicing good cybersecurity habits, such as avoiding opening suspicious links or downloading attachments

Think twice before giving access to anyone to sensitive data

Further hospitality-specific measures include:

Not sending guest databases or any sensitive information over email

Not using WhatsApp or Messenger, Skype, or any other chat app to exchange sensitive information or files

Using a trusted and secure payment method

Using a trusted and secure booking engine solution, like Synxis, SiteMinder, Fastbooking, or SimpleBooking

Securing communication and exchanging sensitive documents is a key priority for any company that takes security seriously. Gmail, Gmail for business, and Outlook are shockingly easy to compromise. Many hotels have switched to ProtonMail from Gmail in 2017 to have their business communication 100% safe.

Be careful of your employees stealing data

Unfortunately, it's quite common for employees to get tempted to steal, save or copy sensitive information in an otherwise secure environment.

This can especially happen in administrative departments, such as sales, marketing, reservations, and finance, where sensitive information and documents are present.

One major risk factor is confidential documents being printed, left around on desks, or filed in non-secure ways.

Consider cloud faxing to handle sensitive documents and information

Cloud faxing is a technology typically used by larger organizations to send documents and other important information both internally and to their customers such as receipts, invoices, and other important documents. WestFax is a trusted provider for a number of travel and hospitality companies for secure transfer of their confidential data.

The company is fully HIPAA compliant and can manage a number of advanced integrations with ERM and CRM systems. Possibilities through API are limitless. Out of the box, services include fax to email, email to fax, and fax to fax management.

About cloud faxing technology

As the name suggests, cloud faxing is a secure, cloud-based fax service that allows both the sender and recipient to send and receive secure messages without a fax machine. The technology is fundamentally different from email, and it provides a cost-effective solution for secure communication.

Cloud faxing allows sending documents in a secure way without having to worry about viruses, phishing, or malware - stuff that is very common with business emails.

How can hotels use cloud faxing to enhance their security?

Cloud faxing is a superior way of exchanging sensitive documents compared to email. This includes invoices, contracts, and any documents that have information that should be kept confidential.

Fraudsters attacking hotels and resorts are most of the time trying to get their hands on bank account numbers, credit card information, and invoices, which they will use to either directly fraud victims or resell for more advanced negative actors.

Since fraudsters are almost entirely specializing in infiltrating email accounts, documents shared via cloud faxing services are not going to be intercepted.

By Daniel Diosi, Entrepreneur, Daniel Diosi & Partners