Hotel Data Breach

Hotel Security: How to Protect Your Hotel and Your Guests from a Data Breach - By Kevin Pollack

A man on a hotel bed using a laptop
Hotel Security: How to Protect Your Hotel and Your Guests from a Data Breach


Information thieves are increasingly targeting hotels due to the large amount of personal information collected from guests. A 2017 Data Breach Investigative Report confirmed that the hospitality industry accounts for 87% of point of sale breaches. Therefore, it should come as no surprise that hotel guests are paying more attention to information security protocols when choosing where to stay. This signals a new call to action: Confidential information collected from guests’ must not only be kept secure, but these information security practices should be openly publicized for guests to see.

One data breach has the ability to drastically impact guests’ perception of your hotel satisfaction and word of mouth referrals. A recent study conducted by the International Journal of Contemporary Hospitality Management investigated data breaches in the hotel industry and the findings support the need to re think information security practices in the hotel industry. Failure to take precautionary measures can ultimately affect your hotel’s bottom line, and lead guests to feel unsafe and not wanting to return.

Even though statistics support the need to take better information security precautionary measures, the Hospitality Technology’s 2017 Lodging technology Study showed that a surprising 74% of hotels do not have proper protection measures in place. This is worrisome since data breaches can cost hotels millions of dollars in lost revenue, not to mention the reputational damages associated with breaches.

The good news is that there are practical ways for hotels to better protect themselves and their guests.

1.) Destroy information you no longer needed. The easiest way to avoid a data breach is to eliminate any information that a fraudster could steal. Hardware devices and missing document devices were listed as the top 10 most common items stolen in a 2016 report by Risk Based Security. Partnering with a document destruction company is one solution.

2.) Provide on-going staff training. Implementing a training program that continuously educates employees on best practices is an important part of protecting your guests. Even though staff might not intentionally breach protocols, phishing emails that provide hackers with easy access to your hotel’s server, provide good reason to re visit training programs. Phishing emails resemble those sent from the C-suite and entice employees into clicking a link or opening an attachment that allows hackers to access guest’s confidential information. Educating employees through continuous on-site staff training will help eliminate these practices.

3.) Continuously update crisis plans. In the event that a breach does occur, it is important to have a crisis response procedure in place. Having a plan that proactively identifies emerging threats and prevents breaches from occurring will work to eliminate these occurrences before they even happen.

4.) Implement a mobile security policy. It is important for organizations to have employee mobile devices secured. A Ponemon report shows that 63% of organizations have had a data breach as a result of employees using their mobile devices to access the company’s sensitive and confidential information.

5.) Create a document destruction schedule. A Shred-it All policy requiring documents to be destroyed within a certain time frame will help prevent data breaches. Despite the fact that 86% of companies have document destruction procedures in place, only 40% of businesses have a system followed by employees.

With technology changing hotel operating systems, it is important for the hotel industry to re-visit information security procedure and continuously educate themselves on data security protocols. For more information about data security, please visit the Shred-it resource center.

About Kevin Pollack

Kevin Pollack is Senior Vice President of Operations at Shred-it, a division of Stericycle. In his role, Kevin is largely focused on excellence in sales, marketing and customer experience. He has a passion for service line enhancement, driving growth and commercial strategy. Since 2004, Kevin has held various leadership roles at Stericycle, including VP, Sales, Marketing & Business Development and Director of both Sustainability & Strategic Sourcing. As a result, Kevin has held roles that have supported each of Stericycle’s multiple service lines.

Prior to joining Shred-it, Kevin worked as a management consultant at Alaris Consulting (now part of PwC), focusing on procurement, logistics, continuous improvement & B2B sales.

Kevin holds a Bachelor of Sciences in Business, with a focus on Finance & International Business from Indiana University.

Logos, product and company names mentioned are the property of their respective owners.