Toward New Data Security Rules
”Insecure databases are now low-hanging fruit for hackers.” Sen. Patrick Leahe
Vermont Senator Patrick Leahy, a sponsor of the Personal Data Privacy and Security Act of 2005, said, “We are seeing a rise in organized rings that target personal data to sell in online virtual bazaars.Insecure databases are now the low-hanging fruit for hackers looking to steal identities and commit fraud.”
If passed, this legislation will impact every hotel operator in the United States.At the very least, hotel companies will be held responsible for maintaining and documenting mandated data security procedures to protect guest information from identity thieves.At most, it will mean a complete overhaul of all guest data storage, including hardcopy archiving and disposal, and the possible upgrading of all existing property management systems (PMS) and other technologies where guest information is stored. Executives at top hotel companies acknowledge their systems are regularly probed by hackers, but for security reasons most will not discuss details of penetration attempts or the risk of identity theft.The scope of this challenge can be summed up by one chain CIO who said, “Security is the primary technology problem in the industry today.”
As a result of the security breaches in other industries, a number of lawsuits have been filed against various entities. However, because only a few of these cases have made it to final adjudication, the extent of potential liability is still unclear. What is clear is that costs associated with legal defense, customer notification, crisis management and lost business could add up to millions of dollars per breach.
Leading systems companies gear up for compliance
Almost all hotel companies maintain extensive guest information databases, most often in their PMS guest history modules. These applications store guest credit card numbers and other personal contact records.Because most PMSes were designed before data theft was a primary concern, their information is rarely protected with more than simple one-word pass code access maintained by property managers. Further, when employees move on to other jobs their passwords often continue to be valid. Of equal concern is the widespread use by hotels of thinly-secured 24-hour Internet connections for receiving online bookings and updating room availability on travel sites. Both of these technologies may provide hackers with easy access to data. Forward-looking property management system providers aware of these threats are already working with clients to safeguard guest data with layered security, and encrypt Internet communications before likely federal mandates go into effect.
Maestro supports multi-layered security safeguards
Warren Dehan, NORTHWIND’s president of US operations, said, “With identity theft growing significantly it is critical that properties protect guest data. Credit card information is the usual target of system hackers, but we are securing most guest data at multiple levels.” Dehan noted many instances where property employees have unnecessary access to guest data. “No one needs to see a credit card number after it is swiped. But with many front office systems almost any member of the front desk staff can run a report listing guest card numbers and other personal information. NORTHWIND’s Maestro PMS has always supported three separate security thresholds to prevent unauthorized staff from gaining access to a property’s system, and now because of ID theft legislation in California we are finalizing 64-bit encryption to protect credit card numbers and other guest information in our system so it cannot be viewed by staff or printed without management security approval.” This new data security technology lets property managers decide what information is accessible to its staff, and will use a random-generated key at each property so every hotel will have unique security protection to prevent cross-property data theft.
Online booking a possible open door for hackers, viruses
The public Internet is the fastest growing source of reservations for our industry, but it can also present an open door to data thieves and expose a property to liability if data is stolen. Many hotel companies use the Internet to communicate booking information and financial data between properties and third-party travel sites, but very few properties regularly update and test their virus protection and firewalls.
NORTHWIND’s Dehan said, “Numerous hotels use Internet booking engines to drive online reservations; many of these systems maintain a full-time two-way connection between the hotel PMS and the Web that passes guest data to the property, and property data to the guest.” Dehan explained that the data a guest sees through their web browser should always go though SSL, a secured socket layer, identical to those used by banks and credit card companies. He emphasized that NORTHWIND protects its Maestro users from threat from Internet viruses and hackers with the latest security technology. “For example,” Dehan continued, “Our ResEze booking engine uses 128-bit encryption for all data that passes between the property and the viewer. For data that flows between a user and the Maestro server we use military-grade 448-bit encryption that is extremely difficult to crack.” For added security the Maestro system does not store guest credit card numbers on its reservation server. “Even if a hacker was very aggressive and managed to break into our ResEze data server they would find no information of any value to them. This protects both our clients and their guests,” Dehan said.
With the popularity of remotely hosted ASP (application service provider) front office systems and other applications, more operators are running their entire PMS from off-site locations using high-speed Internet connections to access all functions from their properties. This type of system may also be susceptible to data theft and hacking. Warren Dehan explained, “With any ASP application security is particularly important. At all our Maestro ASP installations the connection between the property browser and the central hosting server is fully encrypted by SSL security so data flowing across the Internet is protected.” At the NORTHWIND ASP hosting site full credit card encryption and masking is also in place secured behind multiple firewalls.
Hotel data security checklist
With federal data security legislation pending and hotel company databases being probed regularly, it is imperative that operators review their data protection and security policies. Taking effective precautions to safeguard their systems can include the following:
At IHM&RS 2005 in New York City be sure
to visit the NORTHWIND team at Booth 3038 to discuss your security concerns
with a Maestro professional and receive a full demonstration.
NORTHWIND, known in the hospitality industry for its service and state-of-the-art technology, is widely respected for providing hotels, private organizations, and corporate management companies with flexible software solutions.
Based in Markham, Ontario, Canada, with a network of dealers and offices worldwide, NORTHWIND is a leading supplier of software for all types of hospitality operations including hotels, resorts, timeshares, condominiums, seminaries, state parks, and clubs. Maestro applications are engineered for operators who need to manage their enterprise in a real time environment for the utmost operational control and profitability. Designed to maximize the efficiency of any size single hotel or multi-property enterprise, NORTHWIND's Maestro solution offers the most productive working environment, which includes the following suite of products: PMS, Sales & Catering, Club/Spa Management, Corporate Reservations Office, Multi-Property Management, Condo/Owner Management, Yield Management, POS & Online Table Res, GDS Connectivity and ResEze Internet Reservations. This comprehensive multi-platform (Windows 2000/XP, Unix/Linux, Terminal Server & Web Enabled) suite is recognized as the solution of choice for progressive and demanding organizations. NORTHWIND is a total solution provider that offers leading-edge technologies, and unparalleled training and support.
60 Renfrew Drive, Suite #235
Markham, ON L3R 0E1
Phone: (905) 940-1923 ext – 246
Fax: (905) 940-1925
|Also See||Winthrop Rockefeller Center to Implement Maestro Enterprise Suite, PMS, Sales & Catering, ResEze Web Booking Engine / July 2005|
|Six-Property Les Hotels Jaro Chain Selects Maestro Multi-Property PMS, Sales & Catering, CRO, and ResEze Internet Booking / June 2005|
|Benchmark Going Strong with Maestro as Recommended Property Management Solution / June 2005|
|NORTHWIND Delivers Maestro Profitability Tool Suite to Boost ADR, Drive Repeat Business / May 2005|
|Maestro Users Group Findings Spotlight Operator Objectives; Incubator for Best Practices / May 2005|
|NORTHWIND Opens Virginia Office, Taps Industry Professional Margaret Legum For Business Development Position / April 2005|
|Maestro Property Management Suite Selected by Five-Diamond Stein Eriksen Lodge and Four-Diamond Washington Duke Inn & Golf Club / March 2005|
|Hoteliers Logon to New NORTHWIND Website for Maestro Solutions that Deliver Profitability and Efficiency / March 2005|
|Religious Housing, Theological Conference Centers Occupancy Up 40%, Emerge as Growing Hospitality Segment, Competition in Some Markets / February 2005|
|Maestro Property Management Suite Selected by Seven Additional Full-Service Hotels in One Month for 1st Quarter Installation / January 2005|
|Maestro™ Brings Powerful E-Booking Tools to New York IH/M&R Show and Historic Hotels of America Annual Meeting / November 2004|
|Maestro Property Management Suite Tapped by Two More Prominent Historic Hotels of America Properties / November 2004|
|Universal Resorts Selects Maestro Enterprise Suite from NORTHWIND For Chain of 9 Luxury Resorts in The Maldives / October 2004|
|Maestro Property Management Suite Installed by Three Canadian Hotels to Integrate Operations, Boost Efficiency; The 284-room International Hotel of Calgary, Stonehaven Relais & Spa, and the Exclusive Severn Lodge Select Maestro / September 2004|
|High Profile Downtown Property, Listel Vancouver in British Columbia, Taps Maestro for Integrated Functionality, Ease of Use / September 2004|
|Industry Recovery Evident as Operators Invest in Technology; Install Maestro Property Management Solutions in Over 1,500 Rooms in June / July 2004|
|NORTHWIND President Outlines Hot Technology Trends in Audio Interview; Dehan Discusses How to Halt Rate Erosion via Standardizing Rates Across all Channels, Importance of Integrating Yield Management with GDS, PMS / June 2004|
|NORTHWIND Expands Operations as Sole Provider of its Maestro Suite of Property Management Solutions in North America, Adds UK Distributors, Strengthens Support Standards / June 2004|
|NORTHWIND Successfully Completes Rollout of its Maestro ASP Front Office System to 65 Suburban Franchise System Properties / June 2004|
|Industry’s First Seamless GDS Yield Management Reservation Profitability Tools at HITEC; Client-Focused Rate Management Tutorials and Classes Provided / June 2004|
|Vintage Inn Chain Increases GDS and Web Reservations 500%; Four-Property Hotel Group Leverages NORTHWIND’s Maestro Yield Management, GDS Interface for Projected $1M in e-Bookings / May 2004|
|Holiday Inn Sydney at Rooty Hill Selects Maestro Enterprise Suite to Automate Front Office, Sales & Catering and Work Order Scheduling / May 2004|
|Canadian Military Learns from Hospitality Industry: Troops Heading Overseas Move Faster as Maestro System from NORTHWIND Streamlines Air Base Lodging Check-in From 1 Hour to 2 Minutes / March 2004|
|Suburban Franchise Systems Selects NORTHWIND to Install Maestro ASP Front Office in 65 Suburban Extended Stay Hotels / December 2003|
|State of Arkansas Woos Visitors: Automates 4 Lodge Operations and 23 Parks With Single-System Strategy and Internet Booking - Installs Maestro from NORTHWIND / November 2003|
|Extended-Stay Developer Centralizes Operation of Six Long-Term Stay Properties, Drives 70-Day Average Length of Stay / October 2003|
|Hotel Companies Accelerate Property Conversions To Vacation Ownership, NORTHWIND Supports Trend with Strong Condominium and Timeshare Owner Management Applications / Sept 2003|
|Hotel Operators Leverage Technology to Reduce Labor Costs, Increase Revenue, Drive Occupancy; ROI Verified / June 2003|
|Swan Lake Resort and Conference Center Reduces Check-In Time 25%, The Yarrow Golf & Conference Center Smoothes Operations for Well Heeled Clientele / May 2003|
|Bodyguards, Health Consultants Help Stressed-Out Professionals Take A Break At The Caribbean’s Premier Spa Adventure Resorts / May 2003|
|Maestro Enterprise Suite Leverages Strong Functionality for Multi-Property Operating Companies, Delivers Centralized Management, Cross-Selling, CRM Advantages / April 2003|
|NORTHWIND Commits to Clients' Profitability, Support Fees to Remain Low in 2003; Four Diamond Service Initiative Announced, Maintenance Renewal Fees Unchanged for Clients in Coming Year, Users Drive Enhancements / Feb 2003|
|Northwind Appoints Dave Carrick Director of Operations, Increases Value-Add to Customers Using Maestro Property Management Solutions / Jan 2003|
|Northwind Appoints Atoy Moya as New Client Service Specialist; To Build a Stronger Partnership with Existing Clients / Sept 2002|
|Maestro Adds The Sizzle To ResEze / June 2002|
|Barnsley Gardens Charms the World Using Integrated Sales and Catering, PMS from Northwind / June 2002|
|Northwind - Forsys Maestro-SilverWare Collaboration Provides Unique Hotel - F&B Outlet Operating Efficiencies, Optimizes Guest Services and Customer Loyalty / May 2001|
|Canadian Hotel Owner-Operator Drills Down into Maestro PMS from NORTHWIND to Pump Guests, Profits Into 26 Properties / April 2002|
|Château Cartier Resort Boosts Annual ADR and Sales With Maestro PMS, Yield Management, Sales and Catering from NORTHWIND / March 2002|
|Maestro at Northwind Off to a Good Note in 2002 / Jan 2002|
|NORTHWIND Announces Two–Way GDS and Internet Travel Portal Integration through Newtrade Technologies Inc. / December 2001|
|Pacific International Hotels’ selects Maestro Property Management System / Nov 2001|