In this exclusive interview with Hospitality Technology, Jason Shane, VP of IT at Hersha Hospitality, shares how the company is using machine learning and staff training to reduce its risk of a data breach.
What have been your biggest challenges in your role as Vice President of IT of Hersha Hospitality?
Jason Shane: The hospitality industry continues to face challenges in the protection of personally identifiable information (PII) and customer credit card data. Cybercriminals have increasingly targeted hospitality, knowing the industry has numerous legacy systems that store and transmit sensitive customer data. Numerous large hotel brands have reported large-scale data breaches through a variety of threat vectors such as point-of-sale exploits, targeted spear phishing, and malware-based attacks.
Credit cards are the primary payment method in the hospitality industry, which drives our team to prioritize credit card security to protect our customers. Year after year, email continues to be the most significant threat vector to the hospitality industry including threat to consumer credit card data. Email is used as an entry point to carry out sophisticated malware or phishing attacks. The attacks attempt to deceive their intended target into divulging sensitive information, with a target to break back-end computer systems that contain customer data or financial assets.
Our business consists of more than 5,000 employees who are spread across 120 hotels and resort complexes in the United States. Since we have geographically dispersed operations, email is a critical channel for us to collaborate throughout the day and night. In fact, we process about half a million incoming and intra-organizational emails weekly, including those that communicate new HR policies and procedures, guidance from the executive team to regional managers, business changes, and customer requests.
What tools does Hersha use to train staff on best practices to avoid a data breach?
Shane: As with many businesses today, email is our primary mode of communication. While training serves as a decent baseline education on best practices to follow, we’ve found that our employees are far more likely to follow those best practices when we provide proactive tools that remind them at the moment of risk. Our email security solution, GreatHorn, places a banner on the top of emails to warn employees to take extra care when interacting with emails it deems suspicious.