With the recent revelation of a 2013 data breach that affects 1 billion Yahoo user accounts, hoteliers should take a second look at their security measures, past and present.
Yahoo recently disclosed more than 1 billion user accounts were hacked. Perhaps more shocking than the number of accounts hacked (1 billion, I mean, seriously) is the number of people who still have Yahoo accounts (1 billion, I mean, seriously). The hack reportedly happened back in 2013—which might explain why there were so many users—and is separate from another hack announced in September that affected 500 million user accounts.
Yahoo has been hit with the “two largest data breaches” on record. This is a major technology company, and hackers were able to gain access to user names, telephone numbers, dates of birth and other personal information.
Hoteliers, how comfortable do you feel right now that your systems are safe? Anyone thinking of calling over to IT to double-check? Maybe triple-check, because it took Yahoo until almost 2017 to discover and report this hack from 2013.
We’ve reported on hotel data breaches quite a bit, mainly because they have happened so frequently and the hotel industry is a ripe target full of guests’ personal and financial information.
It’s not an easy or inexpensive thing to prepare for. From the sheer volume of breaches that have been reported lately, it seems like every hotel company could fall victim to an attack. Every company should regularly check to make sure it hasn’t happened already, and have an action plan in place in case it does.
Train your employees to be on the lookout for phishing attacks. Part of that training should include self-editing and critical thinking. When informing someone that an email is likely part of a phishing expedition, take a second look to make sure everything is spelled correctly. Also, if you have to ask whether an email link is dangerous and the reply you get says that it is “a legitimate email” but also that someone needs to change his or her password immediately, take a second, think about it and maybe ask for some clarification.
Also, please think twice before you add an amenity that could create privacy concerns for your guests. In my last column, I wrote about the voice assistants now available from Google and Amazon and how they might record more of what you say than you think. Turns out, my assessment wasn’t too far off. The devices listen to conversations, waiting to hear the activation phrase, but they don’t record those discussions and send them over a network. There are ways for users to turn off the mics and prevent this, but that requires explaining the concept and instructions to each guest. On top of that, there’s still a potential privacy risk with these devices if hackers figure out ways past security protocols.
Data breaches are going to happen. It appears to be an unfortunate inevitability in our current reality, but that doesn’t mean hotels need to make it easy for hackers. Review your current safety measures and look back to make sure you haven’t missed something from years ago. Try not to make stupid mistakes that can cost your company millions, both in legal consequences as well as a loss to your reputation. Make sure you think of the possible ramifications of any new, cool amenity you offer to guests that could compromise their privacy.
Am I stating the obvious here? Have another perspective to offer? You can reach me at email@example.com and @HNN_Bryan.
The opinions expressed in this blog do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Bloggers published on this site are given the freedom to express views that may be controversial, but our goal is to provoke thought and constructive discussion within our reader community. Please feel free to comment or contact an editor with any questions or concerns.