Hotel room door being opened


Are hotels opening the door to cyber criminals?

Hotels without cyber security are putting their guests at risk

Hotel managers have always had more than their fair share of risks to contend with. Not only do they have a duty to protect the building and everything contained within, but they must ensure the safety of their staff and guests, all while providing an attractive place to stay.

This juggling of tasks takes place in an environment which can include features that present their own safety challenges such as heavy duty electrical appliances, heating and ventilation equipment, and lifts. The list of risks in such a bustling, busy industry can seem endless - from fires and flooding, to thefts and food poisoning, to trip hazards and violent customers.

But while these risks remain, the world continues to evolve and threats such as cyber crime emerge. The worrying thing is the industry as a whole doesn’t seem to have placed the risk of hacking, data theft and credit card fraud among its highest priorities.

According to the UK Government’s Cyber Security Breaches Survey 2017, compared with other industries, those in the hospitality sector are less engaged with cyber security and are less likely to see it as a priority.

The report found:

  • Those within hospitality/food industry made the lowest average annual investment in cyber security
  • The industry was one of the least likely to offer cyber security training for staff
  • Firms tend to lag behind even in terms of the more basic rules and controls, such as updating software and having malware protection

Should this lack of concern be a worry?

The simple fact is cyber attacks are on the rise and the hospitality industry is a major target due primarily to the level of valuable personal data it holds.

We should note that these attacks are aimed at anyone who holds personal data not just those companies who do business on the internet.

Cyber risks facing hotels

Point of sale thefts – incidents have occurred where cyber criminals have harvested customers’ names, credit card numbers and CVV codes after installing malware on card payment systems.

DarkHotel hacking of corporate guests – a campaign which has seen business guests targeted after connecting to the internet via hotel Wi-Fi.

Phishing scam targeting customers and hotels – guests have been tricked into handing over their details on fake websites posing as a legitimate booking site while hoteliers were also lured into sending their monthly fees to fake branded webpages.

DDoS attacks close hotel websites – a typical technique employed by hackers is a denial of service attack which can shut down an entire hotel chain’s website by overwhelming it with traffic sources.

A hotel should have in place a robust set of tools and practices to reduce the risk of attack. Theft of credit card data or skimming continues to be on the rise and there are security standards which must be followed. There are also other considerations such as including background checks during any recruitment process and ensuring IT security policies are in place which delete access when an employee leaves the business.

If, despite rigorous risk management, an event does occur, a hotel should have in place a business continuity plan that has preferably been tested and that is updated on a regular basis. A large number of businesses fail despite a payment from their insurers because they either did not have a plan in place or it was not effective.

As ever, prevention is always better than cure which is why cyber security must be at the top of hotel managers' priority lists.

Sector Specialist

profile image example

Darren Seward

Sector Specialist

Darren has over 30 years’ experience, with expertise in both hospitality and food and drink manufacturing. He particularly enjoys the link between the two – from quality produce to the dining table. When not working, he can often be found under the bonnet of his classic Range Rovers.

Expand text