Communication Piece – Internal Security Change Message
In today’s world, security is one of the primary concerns for large organizations, and Marriott Hotels are no exception. At Marriott, we believe that our most critical goal is to ensure that customers can experience the high quality of service in our properties without needing to worry about anything else. Thus, Marriott is committed to earning our customers’ trust back by implementing a comprehensive organizational change targeting information security in our hotels and properties.
The data breach that occurred in November 2018 in Starwood reservations showed us that the previous information security system applied in our properties was outdated and had significant gaps, which impacted its ability to prevent cyber attacks. As a result of the attack, the perpetrators received access to the personal details of many customers who stayed at the affected properties. The investigation results showed that the effects of the breach have been fully contained by now and that all affected persons have been notified about the risk.
The investigators also identified the technical errors that allowed the leak to happen. While fixing these errors allowed restoring our security system and ensuring the safety of all current customers, Marriott is willing to go beyond that to implement a change to promote security at all levels of the organization.
The first step towards enhancing Marriott’s information security is to review the current IT systems for gaps and address them in full. To achieve this goal, we have created a team of IT security experts who will perform an internal audit of our current system and implement changes to make sure that Marriott has state-of-the-art security in all of its properties. The panel of experts will also assist Marriott in designing a plan for implementing a culture change, which will be the second step in the change process.
From our experience, a culture of security is a critical component of the plan for protecting customer data, as it promotes compliance and establishes security as the top priority of the organization. The HR Director will communicate the need for cultural change and the plan for achieving it to all our properties to prevent gaps and noncompliance. Training in information security will be the third step of the change process, with every Marriott employee using our information system receiving skills and knowledge necessary to maintain security and prevent data leaks. While the vast majority of our employees have completed training in information security, this is still necessary to ensure compliance with the updated information security plan.
We expect that the steps above will make Marriott properties more safe and secure for our customers than ever before, and we are committed to ensuring that the change process is fully transparent. If you would like to know more about the upcoming changes, use the e-mail address below to send your inquiry. You can also use these contact details to share your concerns about the change or to find out more about the recent security breach. We assure you that information security is among the top priorities of Marriott and that your stay in our properties will be safe and comfortable.
Analysis of a Media Piece
Establishing transparent communication with customers following a security breach is critical to regaining their trust and containing the impact of the incident. After first announcing a security breach in November 2018, Marriott provided an update on the investigation and the change process that followed the event in January 2019. The present section of the paper will analyze this communication piece to determine whether or not it fulfills the goal.
The primary audience of the news release is Marriott’s guests, who may or may not have been affected by the security breach announced in November. The media piece was published in the news center on the company’s official website, and thus all external stakeholders have access to it. The primary goal of the communication was to show that the investigation process is fully transparent, the effects of the incident were contained, and that all those affected or at risk will receive full support from the company. To achieve this goal, the report provides information about the changes that took place in Marriott with regards to information security following the breach.
First of all, the news provides an update on the number of people involved in the breach and gives further details of the incident. Marriott International (2019) states that “approximately 383 million records as the upper limit for the total number of guest records that were involved in the incident” and that the information leaked included passport numbers and payment cards (para. 5). By providing information about the incident, Marriott shows its commitment to gaining back customers’ trust and addressing the mistakes that led to the breach. Transparency is an essential component of communication following a damaging incident, as it improves the company’s image and prevents panic among customers (Jennings, 2018). Therefore, the first part of Marriott’s message serves the purpose well.
Besides providing an update on the investigation process, Marriott also identified some of the changes in information security that have already been implemented. For example, Marriott International (2019) reports that the Starwood database that was the source of the breach was discontinued, which means that all properties now use Marriott’s system. This piece of information serves two separate purposes: to reassure customers that staying with Marriott is safe not and to identify that the breach was not caused by gaps in the company’s information security system. Hence, this section of the message helps to restore Marriott’s image that has been damaged as a result of the incident.
The last part of Marriott’s news release serves to explain the guest support services offered as part of the change efforts following the breach. Marriott International (2019) provides information about a dedicated website and call center for guests who are concerned about the security of their personal information, as well as details about the free web monitoring service to identify identity theft. By establishing these changes and notifying the public about them, the company fulfills its corporate social responsibility (CSR).
Hovav and Gray (2014) explain that maintaining the customers’ privacy is part of companies’ CSR, and so is providing remedying services to stakeholders who are at risk due to data breaches and leaks. Thus, the final portion of the news release shows that Marriott is determined to fulfill its CSR and shows the company’s interest in helping those who might have been affected by the incident.
Overall, the communication piece analyzed in this section fulfills Marriott’s goals about change communication. It creates a sense of transparency by providing full information about the incident and shows that the plans for containing the effects of the breach have been implemented successfully. Furthermore, the piece supports Marriott in fulfilling its corporate social responsibility by detailing the services available to customers at risk. Based on the analysis, the change communication provided by Marriott is effective and assists in remedying the company’s reputation.
Annotated Bibliography
Hovav, A., & Gray, P. (2014). The ripple effect of an information security breach event: A stakeholder analysis. CAIS, 34(50), 893-912.
This scholarly article considers information breach events from the perspective of various stakeholders involved, focusing on passive stakeholders. Hovav and Gray (2014) explain how this type of incident is perceived by various stakeholders, including vendors, customers, hackers, and the wider community. The authors stress the importance of corporate social responsibility in the context of information security, stating that it helps companies to prevent and address such events. The article also provides some recommendations on communicating with stakeholders after a security breach, emphasizing the importance of transparency.
Jennings, H. (2018). Communications Lessons from Marriott’s data breach announcement. PR News. Web.
In this Article, the author examines Marriott’s security breach and the events connected to it from the perspective of crisis communication. The text offers a brief summary of the incident and the reports provided by Marriott following the breach. Jennings (2018) explains that in its communication with the press and customers, Marriott shows commitment to transparency. However, the author criticizes the company’s decision to withhold the information about the breach for almost two months, stating that it might affect Marriott’s reputation.
Marriott International. (2019). Marriott provides update on Starwood database security incident. Web.
This source is a news release by Marriott International providing an update on the security breach that occurred in November 2018. The company offers information about the number of persons affected and the types of records accessed by the perpetrators. The piece also explains the company’s efforts to remedy the issue by providing support services to those at risk and strengthening the information security system.
References
Hovav, A., & Gray, P. (2014). The ripple effect of an information security breach event: A stakeholder analysis. CAIS, 34(50), 893-912.
Jennings, H. (2018). Communications lessons from Marriott’s data breach announcement. PR News. Web.
Marriott International. (2019). Marriott provides update on Starwood database security incident. Web.