Cybercrime Fighter Theresa Payton Talks Data Security and Hotels
On Preparing Hotels for the Future
What are the biggest challenges travel companies are going to face in the coming years as we move into the next phase of big data and evolving technology?
It’s not necessarily a new issue, but maintaining the customer’s privacy while still providing a customized experience is the challenge that the industry is constantly solving for. Travel companies will want to make sure they personalize the experiences of their guests, and the best way to do that is to study their habits and patterns using big data, but they will need to ensure that cybersecurity programs are integrated into development lifecycles from the outset.
Where do you believe the hospitality industry stands in regards to cybersecurity vulnerability as well as its preparedness?
It’s an unfortunate reality that every industry is highly vulnerable to cyber criminals. They attack any place they can and do so frequently. Preparedness is tricky to gauge by industry since every company and corporation is different, and unlike highly regulated fields like healthcare or financial services, hospitality operates very independently. It is, however, incredibly important to be talking about cybersecurity as an industry, and that’s why I was so pleased to join HITEC as the keynote speaker this year!
How is the Internet of Things changing the cybersecurity landscape? What impact do you think it will have on hotels in terms of security?
IOT is fundamentally altering the security landscape, because it allows for so many more devices that need to be secured and in turn those devices are adding that many more vulnerabilities to their environment. Hotels will have a dual issue, in my opinion, in that they will have to manage their own operational security as well as their guests’ security. Hotels absolutely must provide an innovative, exciting user experience to stay competitive, but before implementing any new tech, they have to consider and plan for the security ramifications.
Is cybersecurity a “technology” issue, a “people” issue, or both?
It’s absolutely both! I’ve long said that one of the biggest mistakes we make in cyber is that we don’t design for the human psyche. We expect humans to be the last line of defense when we rarely teach them anything about cybersecurity. We must rethink how we integrate security into the design of our technology so it works with the human rather than against him/her.
On Consumer Privacy
Hospitality companies are still adjusting to GDPR and figuring out how it impacts the ways they conduct their businesses. Do you see the United States enacting those kinds of data protections for its citizens anytime soon? Would those regulations be driven by changing business models, consumer expectations, or other factors?
I’ve long been an advocate for tighter legislation for security and privacy, and am interested in watching how GDPR plays out over the coming months. I wouldn’t be surprised if U.S. states follow suit in the near future with something similar, and I’d imagine that it would be driven mostly by consumer expectations. We’ve had significant data breaches in the last couple of years—for example, Equifax and the Facebook Cambridge Analytica incident—so I can easily see constituents demanding greater protection under the law. The activity in the United States will start in the states and perhaps a federal law will come into play, although passing any federal law has its challenges given other priorities in Congress. I believe that the best strategy is a proactive one and normalizing frameworks at the federal level in the near term will best serve the industry.
On Recruiting Talented & Diverse Teams
Talent acquisition and retention is a big issue for today’s hospitality businesses. What do you typically look for when hiring someone for your team?
I think that’s an issue in any industry. Cybersecurity in D.C. has a negative 10 percent unemployment rate, so I’m always looking for ways to make sure my team stays happy and engaged. The best way to do that is to hire people who will be a good fit at your company. That is not to say that everyone must act alike—far from it. What you want to know is: do they believe in your mission; are they hard workers; and are they innovative thinkers? These are the factors we screen for. When you make the right hire to begin with, it’s much easier to retain your employees.
What will it take to diversify the tech industry?
I think continuing to raise awareness to the issue will help, but we also need to diversify who we look for when hiring. Some of the most talented people in technology don’t have traditional career paths. Recruiters should widen their search parameters and look for more women, people of color, veterans, etc. Stop hiring the same resume and you’ll get a more diverse industry!
On Promoting Education & Representation
You’re probably asked about being the first female White House CIO quite a bit. What are your feelings about that label?
It was nothing short of an honor and a privilege to work in the White House for President George W. Bush. I’m incredibly proud of the work we did as well as President Bush’s commitment to diverse hiring practices, so I will gladly carry that label with me as long as I can! Being CIO of the White House gave me incredible insight into marrying technology with seamless user experience and in turn inspired me to start my own firm, Fortalice Solutions.
We understand that you are involved in an initiative to teach kids about tech. Can you tell us more about that?
I am deeply involved in teaching kids about tech—it’s a passion! Several years ago, some colleagues and I worked with the FBI to start the first InfraGard Cyber Camp. It’s a one-week camp that teaches high school students all about cybersecurity. We’ve been fortunate to be very successful and this is our fifth year running the camp. We have also been encouraged to see other cyber camps start across the country and hope this trend continues!