Lessons Learned From the Starwood Breach

Lessons Learned From the Starwood Breach

Last year, the media was flooded with massive breaches. Crafty hackers just kept finding ways to wiggle into databases and expose client information. Small and large businesses alike, none are completely safe. Security isn’t just about preventing attacks, it is also about detecting them and neutralizing issues as they arise.

Even a giant like the Marriott has to keep a close eye on security.

That’s right, the Marriott Hotels joined the ranks last year. 2018 marked one of the largest breaches this large hotel chain had ever seen — well discovered. It is reported that over 500 million records of guests who made reservations in the past four years were exposed during the breach of their Starwood guest reservation database. Information like the guests name, e-mail, address, passport information, even birthdates and account information was open for attackers to lap up. There are three steps you can take to ensure this isn’t you.

1. Due diligence.

The Marriott acquired another company in the last four years and unfortunately they didn’t realize that the business was already compromised. Always be skeptical when acquiring new companies or business partners. A full Network Assessment should be part of any acquisition to rule out any potential threats that could be transferred into your organization.

2. Limit access.

Unauthorized people should not have access to all your company data. Even well-known and trusted workers should be limited to what is required for their position. Keep all client information (like personal data or payment details) secure, backed up and monitored to ensure it is not being removed from your company.

3. Monitor and test your security often.

Take a proactive stance. Monitor your systems and test your network for vulnerabilities often. Many companies turn to a managed service provider to ensure 24/7/365 monitoring and quarterly assessments. Give us a call today if you’re worried about your current security, access levels or monitoring. We’re here to help.