Are you pitching to a client from the hospitality industry? Then, here are a two industry-specific vulnerabilities to discuss when speaking with them.
Tell them about the risks of being a consumer-based business
One of the most obvious vulnerabilities of the hospitality industry is that it is primarily consumer-based. It is all about individuals. This means that, just like the retail sector, it interacts 24/7 with Personally Identifiable Information (PII). This is data that is particularly attractive to criminals, especially payment card information (credit and debit cards). Consider what a hotel collects: full name, address, credit card information, sometimes driver’s license and even passport information. Also, the hospitality industry relies on the use of payment cards for reservations. This means PII is collected long before any service or product has been used. Additionally, rewards programs provide data about an individual’s patterns of travel. For this reason alone, hospitality is an excellent target for cybercriminals.
Ownership/operational structure in the industry
Frequently, in this industry there is a complex structure of ownership and operations that tends to disperse authority over collected data. While this issue isn’t entirely unique to the hospitality industry, it is a dominant organizational model. Branded hospitality companies (think chain hotels and restaurants) often have a three-tiered structure that involves different entities.
The Franchisor is the party that carries the flag of the brand.
The Operator is responsible for providing much of the experience that a consumer receives on a day-to-day basis. In other words, when you receive services from a branded hospitality business, the operator is most responsible for meeting branding standards. This matters because it is at the franchise level that much of the PII is collected, including Point of Service (POS) systems. Regardless of the ownership of the POS, it is at the franchise level where critical data security procedures must be observed. Also, since they operate the property, they will be the employer and hold employee personal data, including SSNs, insurance data, etc.
The Owner could be an individual or an investor group. The owner may or may not have strong involvement in the day-to-day operations of the property. Usually owner involvement is limited, but they may still own some POS systems separate from that used by the operator.
In short, what matters here is that data may cross platforms between the franchisor, operator and even the owner. More importantly, oversight of data security is dispersed.
By talking about these very industry-specific IT vulnerabilities with your clients from the hospitality industry, you will send the message across that you understand their sector and related IT risks very well. This will help you gain a upper hand in the sales process. Next week, we come back with more tips on the same topic. Meanwhile, don’t forget to check out the most comprehensive MSP marketing and sales program in the industry today! A blend of ready-to-use sales and marketing content, tools and support, the MSP Advantage Program is used by more than 10,000 MSP partners, worldwide. Please visit out our website, www.mspadvantageprogram.com to learn more.