By Jef Sutherland, Vice President, Information Services
We’ve heard the phrase “safety and security” for years at KOA. The phrase is typically used to mean your physical plant, your campground. For example, you make sure that the lights are bright at night near the bathrooms, you have a security guard walk the park, and you pick up the garden hose so it doesn’t run across your sidewalk. You want your KOA camping guest to feel safe and secure. You also want to minimize the risk for liability exposures (i.e.: nasty, vile law suites).
But there is another area besides your physical plant where “safety and security” needs to be considered and that is the information regarding your guests that you obtain. When considering guest information, you need to know what is public and what is private.
Public information consists of a person’s name, address, and telephone number. This information is available in telephone books and many other places. There is little legal harm if this information is disclosed. However, there could be a significant business problem involved if a customer can trace the fact that you caused a person’s name to wind up on a telemarketing list.
Of greater legal concern is the private or non-public information. This involves information that is obtained in the course of conducting business and other services for people. The most critical information from KOA’s perspective is the customer’s credit card number. Also, consider any other non-public information you might happen to obtain from KOA customers while processing a transaction. This could include details regarding handicapped status, travel, family relationships, age, income, employment, and a host of other personal or business information items that might crop up in the course of interacting with your customers.
We do our best to secure the information the camping guest’s entrust to KOA technologies. Whether it is KampSight or on-line transactions at KOA.com, our network, servers and computer room have electronic and physical protection in place to try to guard against hackers and information theft. We have made significant progress in only showing the credit card when necessary.
While we continue to work on “safety and security” within our information services, here are some ideas on how you can help at your KOA:
· Never write down a credit card number on a piece of paper that can’t be safely filed or completely destroyed.
If you still use pink pads for reservations or print out a credit card settlement report, don’t leave those documents lying around and never throw them away without shredding them. Dumpster diving (people going through dumpsters for information) is one of the most common ways for unscrupulous people to obtain information they can abuse.
· Minimize your staff’s ability to get at large lists of credit cards.
We hate to think of our employees as an area of exposure, but they are. The last number I read was that 75% of data theft comes from within a company.
You can’t keep your staff from getting a credit card number. They ask for it on the phone, they see it when charging for a cancelled reservation, etc. But, in KampSight don’t give anybody accounting or manager level security that doesn’t need it. You may want to provide flexibility for your staff by giving them more access to KampSight features than they regularly need, but don’t do it at the expense of your camper’s information.
If you use the eKamp reservation vault, don’t print the list of reservations requests that contain the credit card number.
· Review your computer security and screen access.
If you’ve given out your user name and password because somebody needed to do something in KampSight or eKamp and you weren’t available, make sure you change your password. You can request an eKamp password change from Franchise Services.
Never leave a screen visible to staff or campers that contain credit card numbers or non-public information (see above). This is especially important at the front desk. All it takes is a curious screen-peeker to grab information they shouldn’t have!
o KampSight has a feature to “lock” the keyboard if you are going to be away from the computer. Press the F5=Opts from any KampSight menu and take option 1) Lock Keyboard. To access KampSight after that, you’ll have to type in your KampSight password.
When an employee leaves, remove their KampSight user profile immediately. If you use a generic user profile, such as ABCDESK1, change the profile’s password immediately when an employee leaves.
o Use KampSight’s highest level of encryption if you use MochaSoft
If you use MochaSoft emulation to access KampSight and you aren’t using Rivetek’s satellite, you want to use the highest level of security for data encryption back to KampSight. Do this: Sign off of KampSight. Click on the Close button or File/Disconnect. Next click on the Open button or File/Connect. From the connection window, click on Advanced. Make sure that the Enable SSL option is checked as is the 128 bit option as shown below. You only have to do this once as MochaSoft saves the option.
· Remember, WiFi connections are not secure unless set up to be secure
o By default, most wireless connections are insecure. Check with your provider to make sure your WiFi offering is secure and separates your public traffic from your private network.
· Think about it.
This may be the most important item listed. Spend a few moments answering these questions:
o What information do I have now?
o Where is it?
o Who has access?
o Who should have access?
Updated May 28, 2005