Yeah - another major firm had multiple system intrusions.
Two object lessons:
Don’t gratuitously give any information that you don’t have to. Doctors regularly ask for your Social Security Number. Simply don’t give it. Web sites ask for your home, office and mobile phone numbers - give one if you absolutely have to.
Use a different complex password for each account.
Don’t let sites retain your credit card number.
Don’t stay permanently logged in to Facebook, Google, Microsoft etc. Remember, while there are absolutely convenience factors to the “free” services provided by guys like these, there is no free lunch and you are constantly feeding information to them - and at some point one of them will be hacked and your information spread across the universe. Until companies are made financially responsible for consequential damages of their negligence, they will not arbitrarily spend “excessive” money on security they “don’t need”.
Commercial (or sophisticated personal):
With ransomware and other malware so prevalent, embrace the ‘3–2–1 rule’: have at least three copies of data, on at least two different media, with at least one copy offsite (offline). Data should be backed up regularly and automatically where possible to ensure quick recovery and restoration.
Keep all disk drives (except those secured off-site), encrypted. I keep my off-site copies in a bank safe deposit box.
In the case of a hotel, systems are very complex and often include external suppliers, for example, for heating systems, booking systems, CCTV, access control and so on. Our home networks are quickly heading in the same direction with the general adoption of the Internet of Things with smart doorbells, surveillance cameras, smart lighting, A/V systems, and so on. The manufactures of these devices are more interested in building them quickly and cheaply - rather than spending a lot of time or money on providing a constantly upgraded level of internet security. As our phones and PC’s are generally a part of these networks, they become vulnerable to attacks which are sophisticated enough to circumvent the security of a $10 light bulb.
Convenience is great, but you only get the chance to make a mistake once.