PhoneSuite - Blog

Lessons to Learn from Marriott's 2018 Security Breach

Written by PhoneSuite | Tue, Mar 05, 2019 @ 09:16 PM

It seems as if we've reached the point where security breaches will simply be a fact of life for all businesses going forward. Hotel communications systems are absolutely no exception, which is why we have covered such breaches in the past and provided tips on how to prevent them.

Last year, Marriott International, one of the largest hotel corporations, and its subsidiary Starwood experienced a security breach that affected approximately 500 million customers. In this case, hackers stole encrypted data that included personal information, banking records, passport information, and credit card details. What can hoteliers learn from this breach? Here are five takeaways:

Access Keys Must Be Separated from Encrypted Data
 
Most companies utilize encryption with their digital information so that if hackers do break into a system, then what they retrieve will often be worthless. However, decryption of these files is enabled by the use of access keys. One flaw in Marriott's situation was that their access keys were kept in the same digital location as the encrypted files, which made it much easier for the hackers to retrieve everything they needed all in one place.
 
Previous Breaches Increase the Likelihood of Being Breached Again
 
They say that lightning never strikes twice in the same place, but just the opposite is true as it relates to security breaches. Once a location has been hacked into, these criminals will often target them it because they assume that most companies will not improve their security, even after a breach has occurred. In the case of Marriott, this is exactly what happened. The company had experienced a breach in the past but had not taken the proper precautions to prevent it from happening again. This is a prime example of where you must learn from your mistakes.

Mergers and Acquisitions Come with Huge Data Security Risks
 
Mergers and acquisitions always come with a certain amount of risk, but data security risks are often overlooked. In the case of Marriott, they represent what may be the perfect cautionary tale in this regard. In 2016, the company acquired Starwood and had to integrate disparate systems and immediately had technical difficulties because of this. One reason for the problem was that Starwood's own systems had been cobbled together from the systems of other companies that they had previously acquired. This means that Marriott had absorbed a ton of risk due to multiple systems from various companies that clearly did not have proper security measures in place, and then Marriott didn't really have a great plan to secure them.
 
24/7 Network Monitoring Is No Longer a Choice - It’s a Must
 
Digital data that is stored within your hotel's network cannot simply be locked up at the end of the day as you would the doors to a department store. Hackers do not operate on any kind of time schedule, which means that 24/7 network monitoring is absolutely essential if you want to protect your hotel against a cyber attack. This includes the use of automatic protection tools, in addition to highly trained security personnel. This one-two punch is your best bet in keeping your data secure.
 
Hoteliers Must Assume That a Breach Will Occur
 
When a company the size of Marriott gets hit by hackers, it's a reminder that any hotel can become the victim of cyber attacks. No longer can companies simply sit idly by and hope that a breach will not happen to them. In fact, the most effective approach is to assume that a breach will occur, especially if your system might be attractive to the most sophisticated hackers as in the case of Marriott. So, what you must do is that in addition to taking proper security precautions, you must also have a plan in place that will allow you to react to a breach accordingly if or when one does occur.
 
Security breaches are here to stay, but if you have a robust system that is monitored by consummate professionals, then the chances of having a breach are severely lowered. Reach out to the experts at Phonesuite today and learn about how upgrading to VoIP and utilizing our Hosted Solution can put your mind at ease.