Tips The reason Njama drives us crazy is the reason you should love him.

Sometimes I want to lace up my sturdiest boots, walk up to Njama Braasch, and kick him in the shins.

Yes, Njama is a super nice guy. Yes, he’s our fabulous in-house CISSP and Director of Security and Compliance. Yes, he’s always willing to spin up a presentation or jump on a sales call to talk about what we do to keep data secure. Yes, he’s got a great family and terrible dad jokes.

But, man, the sneaky way he constantly (secretly) tests our security chops?

I start reaching for those boots.

If I were a better person, however, I’d have to admit that this is the exact reason virtually everyone in our industry should love him and everything he does.

Lots of Breaches

In the last year I’ve heard of more data security issues at hotels and resorts than I’d heard about in 5+ years prior. What was once the problem of Fortune 500 companies is now a problem faced by every business of every size.

Luckily, our CEO, Trevor Crist, saw this coming. We’d long been PCI compliant, but he knew we needed to aim higher. So in 2018 we started down the road of ISO 27001 compliance. In February of 2020, we achieved this goal and became one of the first, if not the first, travel tech company to do so.

Here’s Njama (left) and Trevor (right) holding up the official certificate the day it arrived.

You’ve probably heard us talk about this before, but what does that mean for a company like ours? And employees like me within that company?

Well, here’s where that dirty, rotten, no good Njama comes in.

The problem? People.

One of the things I’ve learned recently is that the biggest liabilities to data security at a company like yours and ours isn’t necessarily some fancy software. Instead, it’s the people. People like you and me who, unlike software, can easily be tricked or make mistakes. It’s why so many of the recent data breaches at resorts haven’t come from some hacker discovering a way to access data, they’ve come from resort employees naively doing something as innocuous as clicking links in emails that unknowingly give some hacker access to their data.

It’s also why, on top of monthly security training and annual security tests, every employee at Inntopia gets emails like this multiple times a month.

What’s the big idea? Looks pretty simple, right?

Well, that’s a phishing email.

And one that uses all latest tricks to try to get folks like me and you to click on it. If I click this one, however, I won’t automatically take our system down. Instead, I’ll be automatically enrolled in required training to help ensure I don’t do it again.

Listen, I really don’t want to take our system down, but I really don’t like training.

Who sends these emails? Yep, that dirty, rotten, no good Njama.

Before vs After

Which bring us to why you (and me, if I were a better human) should give him a high five instead of a kick in the shins. Because what’s interesting is that all those sneaky emails are tied to a dashboard that track our progress and show how a company performs before and after they go through training like this.

We Inntopians were good before, but the difference is stark. Our level of collective knowledge, diligence, and awareness of risks and trends is in a place I honestly never thought it could be.

And based on conversations with peers, it’s miles ahead of other companies.

In other words, yeah, sometimes we glare in Njama’s direction when we get another one of his phishing emails, but the reason we know it’s a phishing email, the reason we’re not clicking on it (or real phishing emails), the reason we’re also on the lookout for a dozen other security risks, the reason your data is so secure with Inntopia…is because of Njama Braasch and his tireless efforts.

Walk the Walk

You’re working with a lot of technology vendors. And you’re also hearing about breaches at resorts like yours every few months (if not more).

It’s time to connect the dots.

It’s time to realize that the same reasons me and my fellow Inntopians sometimes shake our fists at Njama Braasch are the exact same reasons you should love him and the data and software he diligently works to protect. It’s time to stop talking about taking security seriously and start working with the companies that actually do and saying no to the companies that don’t.