Consumers and many employers suffered a significant blow with the massive data breach recently revealed by Marriott International Hotels. Their hacked data included personal information from nearly half a billion guests. Marriott’s reservation system for their Starwood line of hotels exposed personal data including guest names, passport numbers, phone numbers, email and mailing addresses, along with some credit card information which included the encryption software that could decode the stolen numbers. Along with the enormous number of travelers affected, the fact that the data breach went undetected for approximately four years is particularly disturbing.
In addition to all the Starwood hotels, other affected hotels included Four Points by Sheraton, Tribute Portfolio, Westin Hotels, The Luxury Collection, Sheraton, Design Hotels, Aloft, Element, W Hotels, St. Regis, and Le Méridien. While the mechanism the hackers used to accomplish their heist is still unknown, there are a few things concerned companies can do that may help them avoid issues in the future, particularly if they had any interaction with the affected hotels.
Change Marriott-Related Passwords
As many as 50% of people use passwords that are at least 5 years old. Even if any company interaction with an affected hotel occurred earlier than 2014, it’s time to change all old passwords. For any Marriott passwords shared with other entities, those shared password should be updated as well. It’s also time for companies to seriously consider establishing a standard of using two-factor authentication, along with a password management tool if their corporate devices will allow it. Companies should also establish a standard of changing passwords at regular intervals, such as every 6 months or perhaps even more frequently.
Have a Backup and Disaster Recovery Plan
Even small businesses are becoming increasingly dependent upon company data. One of the best ways to protect vital corporate data is to have an established and tested backup and disaster recovery plan. In the event a company’s data is held for ransom, they can breathe easier knowing they can restore one of their most vital assets.
Large companies can afford to have multiple teams dedicated to protecting their data resources. Small to medium-sized businesses rely on their data just as much, but cannot necessarily afford to hire dedicated staff. This is where a Managed Service Provider can step in and fill the gap. A professional MSP can evaluate a small company and find their security gaps. They can then create a complete security solution, including a backup and disaster recovery plan for their client.
If you would like to know more about how we can develop a complete security plan for your company, please contact us.