Information security in hospitality SMMEs in the Cape Metropole area: policies and measures in the online environment

Abstract

In the past Small Medium and Micro Enterprises (SMMEs) used to be confined to a particular geographical location to conduct their business. This is no longer the case especially since the introduction of the internet. The World Wide Web (Web) now offers SMMEs an opportunity to market, communicate, advertise, purchase and sell goods and services online 7 days a week, 24 hours a day around the globe. However, doing business online is not without risk, as companies also have to ensure that they have adequate security measures in place. SMMEs need to be kept updated on security threats that keep on emerging. They need to keep their information secure in order to avoid unnecessary losses. The advances in modern technology, especially with computers that are connected to the internet have resulted in SMMEs being exposed to cyber-attacks. In most cases, these companies do not have the financial muscle to effectively address such data breaches. Even though cyber-attacks are on the rise, hospitality SMMEs still leave themselves vulnerable to these attacks. Data breaches can be a result of both internal and external attacks. Research indicates that internal attacks are not easy to detect thus making them more deadly than external attacks. It is therefore, important for SMME to come up with policies that will curb inside attacks. However, information security policies are not common amongst hospitality SMMEs. SMMEs are not always aware of the risks that they are exposed to even though their customers expect them to keep information secure whenever they conduct online business. Most of the hospitality SMMEs are expected to provide online bookings. Credit cards are commonly used in this instance and if the information is not kept secure, companies may face lawsuits from customers. Even though the majority of the hospitality SMMEs indicate that they keep credit card data secure, there are still cases where some do not ensure secure transactions whenever credit card information is exchanged. Vulnerability assessment in order to check if there are any loopholes in networks is rarely carried out by SMMEs. These companies hire IT experts on a temporary basis; further exposing themselves as they there is no one to monitor their networks on a daily basis. In most cases SMMEs believe that technology is their answer to security problems. They omit the human aspect of security. Even though SMMEs indicate that data loss is one of the challenges they are facing, they still fail to put measures in place to address this. This research examines measures and policies implemented by hospitality SMMEs in their quest to address

data security breaches. Only hospitality SMEs that are connected to the internet are used in this research.