These days, it’s more a matter of when you’ll get hacked than if. As more and more companies experience data breaches or fall victim to cyber scams, it is so important to have a plan in place in the event of an incident, says Ted Julian, vice president of product management and co-founder of cyber security organization IBM Resilient. Julian spoke with LODGING about what owners can do to protect their businesses, as well as what to do if the worst happens.
Why is having a cyber security plan so important? Everybody gets hacked or breached, but most organizations haven’t done anything to prepare. They also haven’t invested in creating response protocol. This isn’t good, especially in the lodging business, which is privy to tons of customer data, credit card information, phone numbers, and addresses. And, if a hotel company gets hacked, it’s worse than if a mass-market retailer loses credit card information, because with a hotel, there’s an implied relationship.
How can the hotel industry be better prepared? It starts with having a plan and practicing the procedures, same as they do with fire alarms and their evacuation process. They need to develop that same ability when it comes to a cyber security incident response. Acknowledge that there’s any number of ways that you could be attacked or run into cyber security issues and put together the appropriate people and practice different scenarios.
Who should be involved in these drills? Because of the personally identifiable information, especially for people in the lodging industry, these exercises have to include people outside of IT. There should be corporate counsel, or if you’re large enough to have compliance or privacy professionals, they should be involved in these exercises. It will also teach you how your process could be improved or who you forgot to include. Maybe you have the internal capacity to handle a breach on your own, or maybe you bring in a consultant to help you do a tabletop exercise for a day or two to get the gist of it.
