Starwood data breach serves as wakeup call to Tennessee bars, hotels and restaurants11.30.18
We suspect that thousands of Tennessee restaurants, hotels, bars and other hospitality businesses gather personal information from their customers for marketing purposes.
It’s just a birthdate, address, anniversary, spouse’s name – good stuff to know, right?
That’s all fine and dandy until some hacker steals the information. Marriott’s disclosure that 500 million Starwood Hotel guests’ personal data was stolen should be a wakeup call.
We’ve had Beastie Boys’ classic Paul Revere stuck in our head all morning:
The kid said, “Get ready ‘cause this ain’t funny
My name’s Mike D and I’m about to get money”
Pulled out the jammy, aimed it at the sky
He yelled, “Stick ‘em up!” and let two fly
Hands went up and people hit the floor
He wasted two kids that ran for the door
Don’t expect Mike D to come knocking on the door at your restaurant demanding you to turn over personal information squirreled away in a computer somewhere in the back office. Modern Mike D is coming through the internet. He’s gonna hack your computer while you are sleeping off that last martini.
Don’t delay. Call or email your IT person now and review your security procedures to ensure that employee data, as well as customer data, is protected. Although your system may not be sophisticated enough to withstand cyberattacks from the likes of Mike D in Ukraine, anything you do is better than nothing.
Here are a few simple tips from Waller’s IT team:
- Physically lock the office where the computer is located when it is not in use
- Use a password to log in
- Use complex passwords and change them regularly
- Create very simple software that requires password changes, which annoy the heck out of us but work
- Encrypt your hard drive with BitLocker or other encryption software, so that if the computer or drive is stolen, the data is not easily read
- Password protect important files, particularly those that contain personal data such as social security numbers and dates of birth
One of the easiest things to do is minimize the amount of personal information you amass. Although an owner needs employee data, do you really need personal data on your customers?
Heed the warning and be on the lookout for Mike D.