Sadly, according to last year’s Data Breach Investigation Report, the hospitality industry grabbed the top spot for the most data breaches in both 2011 and 2012. Released in April, the results for 2013 show the same ranking. The industry snapshots, aimed at helping organizations understand the anatomy of a data breach and how to best provide protection, offered an in-depth view of the financial services, health care, retail and hospitality sectors. Ranking behind the retail industry is, in my opinion, embarrassing.
   It was interesting that 76 percent of all industry breaches were based on weak or stolen password credentials. That’s why in the Summer 2014 issue of Hospitality Upgrade ("Tips for Password Security That Actually Work") you’ll learn some valuable tips on how to establish a corporate password management program that really works.
 
   The article covers the problems and solutions around the use and misuse of multiple passwords; how to compose hard-to-guess passwords; the importance of non-Latin passwords; changing and reusing passwords; the art and science of keeping passwords secret; intruder detection and lockout; synchronizing passwords and the latest in single sign-on; user authentication; and IT support for forgotten and locked out passwords.
 
   A strong password management program also should include the ability to shut down passwords when people leave. Over half of the insiders committing sabotage (think Edward Snowden in a waiter’s outfit) were former employees taking advantage of old accounts that were never closed.
 
One portion of the upcoming article on “Tips for Password Security That Actually Work” provides insight into the 25 worst passwords of 2013 courtesy of Splashdata, who measures them. Last year, “123456” dethroned “password” as the No. 1 password in use. My personal favorites were “iloveyou” (ranked 9th); “letmein” (very clever and ranked No. 14); “photoshop” (ranked No. 15, thank you Adobe); “monkey” (which dropped dramatically from No. 6 to No. 17—but is so random I question why it made the list in the first place); and my personal favorite “princess” (coming in at No. 22. That one might have ranked higher but I made my daughter stop using it…).
 
Read the article, “Tips for Password Security That Actually Work,” in the upcoming Summer issue of Hospitality Upgrade, due out June 18.
 

Verizon Data Breach Investigation Report 2013

  • 76% of network intrusions exploited weak or stolen credentials
  • Over 50% of the insiders committing sabotage were former employees taking advantage of old accounts.
  • Unapproved hardware (such as handheld card skimmers and personal storage devices) accounts for 41% of the cases of misuse in the report.
  • It wasn’t IT-savvy developers and administrators that were responsible for
    most data breaches, but customer service staff (like cashiers and call center
    employees) and end users. 
  • Administrators came third, but in 60% of the cases, their involvement was accidental. 47% came from customer service (call centers and cashiers)
 Hospitality and Foodservices
  • This industry has been particularly vulnerable to data breaches, and for the past two years has had more breaches than any other industry. This remains true for 2013.
  • The POS systems, which are needed to process payment transactions, have proven to be easy targets for organized criminal groups.
  • This industry, more so than any other, should emphasize preventive actions.