These duties are legal - obligatory for PCI compliance and required by data protection laws like DPA in Mauritius or POPI in South Africa (when it commences), ethical - it’s simply bad form to cause another person to suffer an identity theft or financial losses thanks to you, and practical - the reputational damage of being involved with a data breach could arguably be even worse for your business than bed bugs.
Now with the industry having gone digital, desktop PCs and even mobile devices such as laptops, tablets and smartphones represent the lion’s share of your IT resources. The front-desk PC may be the life of your small business, containing all of your business and customer data. Portable mobile devices may be used to make your business to be more agile and productive, providing easy access to all your data business and guest data from anywhere. This can include, social apps used to promote your business or a hosted hospitality system. What would happen if there was a burglary at your establishment, or an employee carrying a mobile device is robbed, and one of those devices you rely on for everything were stolen?
Think about what’s on those PCs or devices, and the access they offer. The thing that keeps stolen-device-owners awake at night is that you just never know what the thief is going to do with it, and when!
You’re collecting data from your guests all the time. Some data you collect is for your own safety and security in your business transactions – you need certain information to make sure your guests are legitimate and that you’ll receive payment for their stays. However, you may try taking a fresh look at the data you collect, just to make sure that it’s all necessary.
Do you keep a scan of their credit card in case they add further charges during their stay, and if you do, for how long? Do you store a copy of their driver’s license or ID number? Do you have guests fill out a complete booking or check-in form requiring them to give their full name, street address, email, telephone number, signature and more?
You may take a look and find it appropriate to reduce the amount of information you collect if some items are unneeded. When guests entrust you with their information, they want peace of mind - especially since they’re quite likely on vacation. They want to know you value your guests’ personal data as much as you value your own. And nothing takes a vacationer out of their relaxed state quite like having to get on the phone with banks and deal with the hassles of identity theft.
The big question is this: are you taking reasonable and practical approaches to safeguard all the information in your care? As a business person, you should treat yourself to peace of mind as well by putting solutions in place that make sure you’re indeed keeping that data as safe as can be. Any SMB handling personal customer information should have a service that encrypts that information on all the PCs and mobile devices where it is held. They should secure any points of access to the data, including portal mobile devices like laptops, tablets, and smartphones. That way, the burglar who steals your front desk computer - or a laptop, tablet or phone - is denied access to that information.
Additionally, services that can remotely wipe data or quarantine access on any lost or stolen devices (even if the device is owned personally by an employee) offer another powerful layer of protection. This can save the day if a device is stolen in a moment when credentials are already entered, and encryption isn’t active.
Think of data as another guest staying at your cosy establishment. Just as you have locks on the doors and other security measures keeping your guests safe, measures like encryption and remote data wiping keep the information you’re holding secure. And when your actual guests take their leave after a pleasant stay with you, for safety, it’s time to let some of their sensitive personal data take its leave as well.
