In 2017, Verizon identified that 96% of all data breaches and hacks targeted at hotels are conducted from external sources. Since 2017 hotels have fallen victim to a multitude of cyber threats including POS hacks, data breaches, and click-bait phishing attacks. The Marriot data breach of late 2018 is probably the most discusses event that cost the Marriot Group over $150 million in lawsuits.
As demand for guest technology grows in hospitality, owners & hotel management are taking resounding precautions to secure guest data, devices, and processes. Due to several high profile payment card data thefts across US hotels certifications like PCI Compliance and technology security management has become even more important for modern tech savvy hotels.
“Having robust security in place means a better, safer, guest experience,” … “When department managers and other employees think more about safety and security, you can prevent a lot of theft and minimize dangers.”
Chad Callaghan, Principal of Premises Liability Experts, and American Hotel & Lodging Association (AHLA) security consultant.
Payment Card Data Security
POS or Point-of-Sale data hacks are usually targeted on the POS merchant rather than the hotel itself. Hackers tend to infiltrate POS machines with either malicious code, or, physically by having their card swiped through infected POS machines.
For this very purpose, the ladies & gentlemen at PCI Security Standards Council routinely update their guidelines to ensure hotels, in particular, can continually secure their point of sale systems. The PCI certification ensures POS security by deploying a rigorous point to point encryption and security protocols when processing transactions.
“In order to protect themselves, hotels should fully review their operation to ensure that there are ample security measures in place and that they are compliant with the [payment card industry data security standard],” … “The fact that POS systems are the largest attack vector makes it the obvious starting point for businesses to lock down. At a minimum, all of the POS software should be [payment application data security standard] validated and implemented according to the recommendations found within the vendor’s implementation guide.”
Elizabeth Chidiac, POS product manager at Springer-Miller Systems
Card data is also ‘tokenized’, so to ensure that there is nothing stored on hotel storage that can be identified. Payment card merchants including Europay, MasterCard, and VISA also offer certified solutions that minimize the risk of card data theft.
Threat Detection & Protection Software
Threat detection and protection tools are the first line of defense for hotel internet security. This software is usually standardized by every hotel brand. For instance, a large number of hotels carry the LabTech intrusion detections and protection system, while many others choose the renowned Kaspersky Security Suite.
Irrespective of brand name, every corporate cyber-security solution comes with the basic anti-virus, firewall, internet security, anti-virus database, and instant updating capability. One of the beneficial features of a hotel’s threat management software is to identify and eliminate any existing vulnerabilities already on your network.
The primary focus of a threat detection & protection system is to help hotels monitor and identify threats 24/7/365. By combining a proprietary analysis engine and cutting edge threat intelligence databases, threat management software deliver proactive detection.
Threat management software is also exclusively designed to integrate several technology security features for both small & large hotels. These cutting edge tools provide basic validation services, full network security management, connectivity apps, and quarantine features to ensure management can conveniently focus on business operations.
Cloud Storage for Hotel Data Security
Hotels usually gather huge amounts of guest data from personal information, to preferences, tour plans, and other personally identifiable information. While most data was previously stored over local hotel data servers, most modern hotels are now shifting to highly secured cloud-based storage.
Today, almost all hotel management tools, including PMS, employ cloud-based service delivery to ensure faster, less risky, highly affordable solutions. One of the most significant advantages of cloud-based solutions is that they don’t require the mass capital overlays for hardware, software, infrastructure, and human resources. Cloud storage can be purchased as per hotel needs and can be scaled in accordance with seasonal requirements.
In his 2012 research, The Adaptation of Cloud Computing by the Hotel Industry, Anthony Schneider concludes that cloud computing potentially offers hotels more simplified technology structure and information security frameworks.
Cloud-based systems deliver better cost-effectiveness, efficiency, scalability, and environmental benefits according to Anthony Schneider’s research. At the end Schneider did warn about the security and access vulnerabilities that existed in the cloud at that time.
Today, cloud storage deploys multiple security measures including two-step access verification and military grade 256bit encryption. Cloud servers are also routinely backed up in their encrypted form, so in case of data breaches and loss all hotel data can then be recovered with the click of a button.
Managed Technology Partner
Just like it is ideal to have a head chef in control of the hotel kitchen, it is also ideal to have technology experts handle hotel technology management. Today hotels need a data protection strategy and cybersecurity policy to govern the various aspects of hotel technology security. As technology submerges almost every guest touchpoint with some sort of automation, there is a great need for hotels to either carry an in-house I.T. team or a hotel technology company to manage cyber threats.
While implementing cybersecurity tools on hotel properties is easier, the continual management of hotel these tools should preferably be delegated to hotel technology experts. Since hotel data security now holds great significance for both the hotel and its guests, having a hotel technology company’s assistance can radically reduce the potency of cyber threats. A hotel technology partner constantly monitors the hotel network & technology infrastructure to identify vulnerabilities and underlying threats.
Security usually begins when designing the technology infrastructure and network map of any hotel. From the placement of WIFI hotspots, servers, etc. to access authorizations every aspect of local cybersecurity must be addressed by an I.T. professional or CIO (chief information officer).
A managed partner by far is the most effective technology vulnerabilities solution. Not only are these providers cost-effective compared to in-house technology teams, but can also offer multiple services. Usually, an efficient hotel technology company offers:
- Tech support (on-site & off-site) to ensure there are no issues with hotel technology,
- Continual tech management to keep equipment compliant & software flawless,
- Network redesign to ensure a simplified and more accessible tech infrastructure,
- Ready knowledge of hotel brand standards & requisites to convert hotel properties,
- PCI Compliance training for hotel staff and management,
- Vendor management services for more attractive technology quotes & seamless workflows,
- Hotel front & back offices management for more efficient service delivery,
- New hotel build project management for a more tech-enhanced property,
- Technology GAP management to identify areas of improvement instantly.
The applications of technology in hotels are simply endless, with automated concierges to lates night room service through mobility. As the integration of new technology becomes standard across US hospitality businesses, the requirement for high integrity hotel vulnerability solutions will remain popular.
Stay tuned to our blog for more interesting hotel technology articles, news updates, and hotel tech breakthroughs. Share this article if you liked it, and do remember to leave your feedback in the comments section below.