The Boutique Hotel industry has seen tremendous growth over the past five years as travelers seek a more intimate and unique experience. These smaller and single properties focus on design, technology and local culture to grow and sustain business – and at their heart, often operate like any small business. However, like their retail counterparts, these types of properties may not have the adequate resources to properly manage information security.
According to the 2016 Trustwave Global Security Report, the second largest share of breaches happened within the Hospitality Industry. However, these were not limited to just large chain businesses. The breaches also affected small chain businesses, as well as single properties. Additional reports show that in the first half of 2017 alone, over 900,000 records were breached within the Hospitality Industry.
The reality is, no one is immune to a data breach and the effects can extend far beyond financial repercussion and reputational harm. Many small businesses take up to three years to recover from a data breach. With the holiday travel season just around the corner, it’s clear that smaller and single properties - who like any small business rely on word-of-mouth and reputation - must invest in data protection. Neglecting to do so could result in multiple years of reduced service and lost business.
The owners of smaller and single properties should not be discouraged, as there are many ways they can strengthen their information security. This article from Shred-it will discuss three tips for improving your business’ information security and mitigating exposure or loss to your customers’ information.
Eliminate Physical Loss
Despite the industry’s shift to go paperless, the fact is many small businesses still use paper on a daily basis. Physical loss, especially due to the improper disposal of paper, is one of the easiest ways for customer data to be compromised. According to Shred-it’s 2017 Security Tracker, less than half (49 percent) of small businesses shred all documents, including non-confidential ones. Some of the most common paper documents printed or thrown out at the check-in counter pose a major risk to information security. Requiring all paper documents to be shredded removes any uncertainty around what is required to be destroyed and maintains environmental benefits because all shredded paper is recyclable.
Follow Hardware Destruction Protocols
Technology in the Hospitality Industry continues to evolve at a rapid pace to meet customer demands, which means technology, software and device turnover is high. As new technology comes into play, remember that old technology could make or break your business if not properly destroyed and disposed. If your hard drive disposal process includes erasing, reformatting, wiping or degaussing old hard drives, you and your customers are still vulnerable. Best practice is to implement a strategy that requires the hard drive to be removed from any devices and physically destroyed before it is sent to be recycled.
Prevent Internal Threats
Committing to a culture of security requires educating and training employees on the best practices for protecting and securing company data. Even if there is no malicious intent, employee negligence costs small businesses more than $2 million annually. When you consider that 33 percent of small business owners (according to Shred-it’s 2017 Security) Tracker never audit their organization’s information security policies or procedures, the likelihood of internal threats – due to accidental employee negligence or lack of security awareness – is high. Furthermore, the report found 38 percent of small business owners never train employees on information security protocols.
To mitigate security loss, small business owners should make it a priority to establish information security protocols and hold meetings with employees to review specific best practices. The policy should identify what is considered confidential data, explain specific security and storage procedures in place, introduce non-disclosure agreements about confidential information, and determine the business’ restricted levels of access to information. By educating and creating a culture of awareness, small businesses will help prevent internal security threats.
Moving forward in 2018, small businesses should focus on securing business information through proper hardware destruction, physical document disposal and strategic employee training. By eliminating key security threats, smaller and single properties owners stand to maintain customer loyalty and decrease financial loss due to data breaches.