Hoteliers.com has trained all staff to be vigilant with personal data and to ensure the best security of systems and places where personal data is kept. We require our partners to have the same security levels in place. This article provides some tips to prevent unauthorized access to personal data.
Organisational security measures
Protection of personal data begins with a good infrastructure of the physical measures within your organisation.
- Hiring the right people
Make sure to check references of applicants, to ensure you can trust them with personal data of your guests.
- Confidentiality agreement
Make sure to let employees sign an agreement, requiring them to keep personal data of your guests safe.
- Train all staff
Make sure to train all staff on protection of personal data and on the security measures your organisation has taken to prevent unauthorized access. Password security is an important part of this training as well.
- Clean desk policy
Make sure that no papers are laying around in the office. Remind employees to keep files with personal data locked in a cupboard. This counts for offices, but especially for public areas as a hotel's reception desk, spa or restaurant.
- Portable devices
Never leave portable devices, such as smartphones, tablets or laptops, unattended. Always lock your computer if you walk away from your desk. Never leave a portable device in your car (thieves now even have trackers which can see if a portable device is left in the trunk of a car).
- Printed documents
Do not throw documents with personal data just in the trash, use a paper shredder. Refrain from taking printed documents outside your organization.
- Secure the office
Make sure to have the best security in place possible. Ensure access control is in place, preventing unwanted visitors to enter the office. This counts for offices, but especially for public areas as a hotel's reception desk, spa or restaurant.
Technical security measures
Organisational security measures are the base. Technical security measures have the same importance if not more, as unauthorized computers access can be hard to detect.
- Access control
Make sure that only people who need access, get access. Does this person really need all administrator rights? Think of Privacy by Design and give the least access as possible.
- Do not share accounts
Never share accounts with your co-workers, as it will be impossible to tell who leaked information. Most systems allow user management, just ask the administrator to create an account for each new employee.
- Strong passwords
As users have many passwords to remember, unfortunately they make up passwords such as "Welcome123@" or "JohnDoe1983!". These passwords can be cracked within minutes, see Reasons why secure passwords are important.
- Use a password manager
To make your life easy, use a password manager. This also allows you to securely share passwords with co-workers (if there is no way to create seperate user accounts).
- Virus scanner
Make sure that your virus scanner is set to can every day and to download updates automatically.
Do not use USB-sticks, as these are a common reasons for data leaks or virus infections. Use document sharing solutions such as Dropbox or WeTransfer instead.
- Secure your computer and smartphone access
A four-digit code is insufficient and can be cracked within hours. Change your access code to at least six digits. Also make sure to activate tracking apps, such as Find My iPhone.
- Two-factor authentication
Many systems now offer the possibility to activate two-factor authentication. When you login with your password, a code is sent to your smartphone double-checking if it's really you.
Activate two-factor authentication when possible. Do not open messages that you don't expect. Do not open attachments that you don't expect. Ask your system administrator if your email is encrypted.
If you have any questions on the above which can be relevant for others, please write a comment below this article or contact Support if the question is specific to your case. We're happy to help!
NB Wondering how secure your password is? Check How Secure Is My Password to see how fast your password can be cracked.
A password such as "Welcome1234!" will have a good score in this tool, but is still easy to crack as it's a commonly used password.