Having received a £14.8M fine from the ICO in 2020, Marriott International have confirmed another data breach.
In this latest breach, hackers used social engineering to trick an employee into allowing access to their computer terminal.
Our data protection expert Becky White commented with this advice for businesses:
This is a high profile example of an everyday risk for businesses, this being that staff could be unwittingly exploited as a weak link in an organisation’s data security.
Regular security and data protection awareness training will help staff better understand the role they play in protecting the personal information that the business collects and processes, and will serve to demonstrate accountability (a key principle of UK GDPR) as well as reduce the likelihood of a personal data breach, which can be very costly both in terms of a potential enforcement action but also in terms of reputational damage.
For smaller businesses, understanding data laws and providing suitable training can be a strain on resources. Our data protection package provides a quick and easy solution with access to essential staff training materials along with an audit and action plan to address any compliance needs.