Hotels without cyber security are putting their guests at risk

Hotel managers have always had more than their fair share of risks to contend with. Not only do they have a duty to protect the building and everything contained within, but they must ensure the safety of their staff and guests, all while providing an attractive place to stay.

This juggling of tasks takes place in an environment which can include features that present their own safety challenges such as heavy duty electrical appliances, heating and ventilation equipment, and lifts. The list of risks in such a bustling, busy industry can seem endless - from fires and flooding, to thefts and food poisoning, to trip hazards and violent customers.

But while these risks remain, the world continues to evolve and threats such as cybercrime emerge. The worrying thing is the industry as a whole doesn’t seem to have placed the risk of hacking, data theft and credit card fraud among its highest priorities.

According to the UK Government’s Cyber Security Breaches Survey 2016, compared with other industries, those in the hospitality sector are less engaged with cyber security and are less likely to see it as a priority.

The report found:

  • One in five don’t apply software updates when available
  • A quarter don’t have sufficient firewall protection
  • A third don’t have updated malware protection
  • And 40% of businesses never notify senior managers about cyber security issues

Should this lack of concern be a worry?

The simple fact is cyber attacks are on the rise and the hospitality industry is a major target due primarily to the level of valuable personal data it holds.
We should note that these attacks are aimed at anyone who holds personal data not just those companies who do business on the internet.

Cyber risks facing hotels

  • Point of sale thefts – incidents have occurred where cyber criminals have harvested customers’ names, credit card numbers and CVV codes after installing malware on card payment systems.
  • DarkHotel hacking of corporate guests – a campaign which has seen business guests targeted after connecting to the internet via hotel wi-fi.
  • Phishing scam targeting customers and hotels – guests have been tricked into handing over their details on fake websites posing as a legitimate booking site while hoteliers were also lured into sending their monthly fees to fake branded webpages.
  • DoS attacks close hotel websites – a typical technique employed by hackers is a denial of service attack which can shut down an entire hotel chain’s website by overwhelming it with traffic sources.

A hotel should have in place a robust set of tools and practices to reduce the risk of attack. Theft of credit card data or skimming continues to be on the rise and there are security standards which must be followed. There are also other considerations such as including background checks during any recruitment process and ensuring IT security policies are in place which delete access when an employee leaves the business.

If, despite rigorous risk management, an event does occur, a hotel should have in place a business continuity plan that has preferably been tested and that is updated on a regular basis. A large number of businesses fail despite a payment from their insurers because they either did not have a plan in place or it was not effective.

As ever, prevention is always better than cure which is why cyber security must be at the top of hotel managers' priority lists.