Sometimes it feels like no matter what you do or how you do it, you end up making a misstep or a mistake and chaos ensues.
The same goes for companies and data security. Every large enterprise puts considerable effort into protecting its customers’ and employees’ personal information from prying digital eyes. It’s not an easy feat to achieve total security and sometimes a cyberattack happen anyway, as it did with the Marriott International hotel chain.
Travel bookers know the name well; it has more than 6,000 properties in over 100 countries across the world. In November 2018, it informed the world that it had suffered a data breach involving customer information. It serves as a reminder that business hotel booking has risks that you have to keep in mind, even if sometimes there’s not much you can do about stopping them.
While you may not be able to stop an attack, you can try to keep your employees’ information as safe as possible.
Marriott International’s data breach originated from its Starwood Hotels and Resorts chain, which it had originally purchased in 2016.
The hacking campaign began in 2014 and was discovered in 2018. Marriott quickly informed its customers and the public and gave the initial estimate that 500 million customers had been affected. This figure has since been revised to 383 million records, though it’s estimated that fewer individual customers than 383 million had their information compromised.
Personal information like names and addresses were among the details that hackers may have gotten their hands on. Passport numbers and credit card information – some of which was stored unencrypted – was also among the data available to the cybercriminals.
Because of the length in time the campaign was active, 5.25 million unencrypted passport numbers and 8.6 million encrypted payment cards were stolen – though only 350,000 of the cards were still active and usable at the time of the attack.
The Marriott data breach is hardly the first – or even worst – large-scale data breach and it certainly won’t be the last. Consumer privacy has increasingly earned more of the spotlight as peoples’ information has become more exposed.
It’s important to understand that once data is handed over to another company, its security is literally and theoretically out of your hands. Unfortunately, the fact that a data breach can take place at nearly any company is something that you have to accept as a travel booker. The Marriott security incident was only one of more than 6,500 data breaches and 5 billion personal records that were compromised across the world in 2018, according to Risk Based Security research.
Fortunately, organisations can take a few steps to try and protect themselves and their employees who are travelling for business as much as possible.
Data breaches can lead to stolen identities, compromised financial accounts and fraud. Defending against them – especially when you’re not steering the wheel – has no one-shot solution. A mix of preventative measures can potentially reduce the impact of a data breach should one affect you or your travelling workforce.
There’s a lot of different hotels and hotel chains you can book with across the world. Whether they own just one location or over 6,000 of them, they’re always a target for hackers because of the information they store.
Travel bookers can try to reduce their surface area of risk by paring down the list of hotels that employees can book with into a preferred list that has been thoroughly vetted by the company. Keeping this list small can save your team from spreading its information in more places than it has to.
The Marriott breach was spotted after four years, but it’s hardly the only company that has difficulty detecting data breaches. The simple fact of the matter is that most organisations have trouble with this, and it won’t get easier anytime soon.
Travel bookers should encourage members of the workforce to have credit monitoring to quickly identify if their details were compromised and used for fraud. While you won’t be able to trace it back to the original incident unless the company has announced it, your team member will be able to mitigate the damage before it’s too late.
If a company uses a business hotel booking platform that pulls in all expenses and issues only one monthly invoice, you’ll be able to pick up on any strange spending immediately – and you can go back to the source to relay the message.
While there’s no 100 percent cure for stopping cyberattacks, you can ensure that you follow best practices to keep your company’s precious information safe.