The incidence of security breaches where user credentials are used to gain access to data or damage brand reputation is increasing. Below are some tips we have to help you keep your customer's data secure and protect your brand reputation.
Ensure anti virus and computer operating systems are patched and up to date.
Do not reuse passwords on different business-related accounts. This is the most important thing to do to protect the security of your business-related accounts.
Ideally, use a different, complex password for each online account you have where you have sensitive customer or financial data processed. For a monthly fee, most password manager solutions, like 1Password.com, remember all your passwords for you to help keep account information safe.
Don’t use shared email accounts (i.e. info@hotel.com) to log in to any online platforms and solutions you use for your hotel or property. Create individual account for each employee and disable their access when they no longer work for your hotel or property.
Don’t use an email address which is listed on your website as a log in for any online platforms. The listed email address is potentially an easy avenue for a hacker to target your property.
Turn on the 2-Step Verification setting for your email account. Google and Microsoft both support this feature. 2-Step Verification is an extra layer of security and will help keep other people out, even if they have your password. 2-Step Verification works by requesting an additional piece of information that only you could know, this is in addition to your username and password.
eg. Instead of immediately gaining access after entering your username and password, you are required to provide another piece of information such as a code sent to your phone.
Regularly run security health checks on your email account to assess your risk of being compromised. If you use Gmail, visit https://myaccount.google.com/security. If you have a Microsoft email, use https://account.microsoft.com/security to run the check. Other email providers may have similar options to check the security of your email account.
Schedule monthly reviews via https://haveibeenpwned.com/ to check if your email account has been involved in a data breach that you might not even have known about. Subscribe to Have I Been Pawned (HIBP) to be alerted of any future breaches.
This is not an exhaustive list but should help to make it less likely that you will suffer a data breach.