CYBER SECURITY We have established Cyber Security procedures to protect our company’s systems and sensitive information, and our guests’ privacy and confidential data. A cyber-attack is an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or electronic communications network. Our procedures are designed to thwart attempts to breach our security systems. Keep the computer room locked. No unauthorized personnel may work in the computer room without General Manager or Chief Engineer permission. Authorized personnel must sign-in and sign-out on the Log Sheet. A copy of a photo ID must be provided by each individual servicing the computer room on behalf of a third-party vendor. PROCEDURES 1. Report any change of behavior from the hotel systems, hardware, and/or software to Corporate IT. Any abnormalities must be reported to the regional corporate level utilizing the escalation criteria for these types of incidents. 2. Do not change; turn off or on any computer if a message is prompted unless the Corporate IT support department communicates to do so during the incident. 3. If a cyber event disrupts the normal business of the hotel, contact Corporate IT immediately to perform a manual backup, securing every record in order to utilize it later as the backup of the data entry if needed. 4. If the Corporate IT Department identifies that there has been a cyber-attack this must be reported by Corporate IT to the proper authorities and to Risk Management for reporting to insurance carrier. MANAGER’S RESPONSIBILITIES: 1. Document the incident and report by the hour.
2. Establish an alternate plan to continue business uninterrupted. 3. Establish communication with the Corporate IT Department. 4. Establish the crisis communication guidelines for the incident with Corporate IT.
Page 84
Made with FlippingBook. PDF to flipbook with ease