Five Rules to Ensure Secure Communication & Data Privacy in Hotels

Threats to hotel technology are rapidly growing, with cyber criminals exploiting new weaknesses in hotel technology systems. A popular way cybercriminals exploit is through the communications tools employed in hotels. 

The case of the Romantik Seehotel Jaegerwirt is possibly the most ideal to quote here. A simple email caused one of the darkest days for a premium 4 star hotel, causing guests to be locked out of their rooms, plastic key cards not working, and all hotel data encrypted with ransomware. 

The EU’s GDPR and the PCI compliance rules already establish the requirements for secure communications and encryption to ensure proactive data security in organizations. In their 2019 cost of data breaches report, IBM established that the average cost of a data breach usually is $3.92 in the world, while U.S. businesses have the highest liability estimated at $8.19 million per breach.  

The Compulsive Need for Secure Communications in Hotels

There is a compulsory need for secure communications in modern hotels. While reasons are aplenty two primary factors make secured communications essential in hospitality businesses, one is the growing number of cyberattacks & their complexity, and two technology security planning. 

Increase in Data Breach Numbers

As hotel staff get equipped with smart devices and have access to a trove of critical customer data, it has simply become essential to ensure all communications and correspondence is secure. Cybercriminals have innovated the techniques and complexity of attacks, hence even the slightest vulnerability in communication systems can cause a major breach. 

The famous Marriott Starwood Hotels breach was active for well over 3 years until it was identified in 2017. It is the responsibility of hotel staff who have access to personal and critical information to readily secure their devices with the correct encryption and security tools. 

A large number of hotels still use whatsapp as their preferred method of staff communication. 

Sharing information on these apps is simply criminal since these chat apps & vendors own the data, not the user. In addition, messenger apps are poorly secured even though they claim encryption embedded in their core code.  

Technology Strategy & Planning 

The technology strategy is now a central part of the hospitality business with a number of digital touchpoints available to guests in hotels. From POS machines to robotics, every aspect of hospitality needs strategic planning to secure it from being breached. 

An electronic management policy, a maintenance policy, authorization & access restrictions, secure & insecure networks, use of personal devices etc. is all part of the technology strategy. Similarly, communication is also a major part of the hotel technology plan that outlines how various communications & staff devices should be secured. 

5 Rules for Hotels to Ensure Secure Communication

Develop & Enact Communication Policies 

The most important concern at hotels is to develop and maintain the corporate communications policy. Senior management & hotel owners must define through formal policy the acceptable uses of company communication tools. The policy must define if personal usage is allowed, what type of information can be shared, and where the tools should preferably be used. 

The communication security policy must also define which tools must be the standard across the hotel. Using multiple apps for personal & business communication can also be dangerous if the employee is carrying crucial hotel data in their device. 

Monitoring of Staff Communications 

Now with the capabilities available, many organizations across the world monitor the communications of staff when they have access to customer data. Monitoring communications has been the cause of several employee lawsuits, however, it is the responsibility of employers to monitor corporate email addresses for information security.  

Hotels should formulate a policy and inform employees that their corporate communication will be monitored. The ideal way is to brief the staff about the policies and allow them to sign a waiver to acknowledge the enacted rules. 

Deploy Encryption Tools & Encrypted Messengers

It has been recommended time and again, security researchers have encouraged it, and Edward Snowden has approved it in his 2013 revelations. Encryption is unbreakable, even with a supercomputer. 

Even with the most stringent security policies in your hotel, the complexity of cyber breaches can cause a big problem in your technology systems. The existence of unsecured networks, and unsecure communications tools poses an imminent risk for hotels. Emails, messages, and files sent from a bar, cafe, airport, or home network can be easily breached. 

End to end encryption has been here since the last decade. It got so popular that messenger services like IMO, Whatsapp, Viber etc. all began to use it as a marketing slogan. Eventually we have identified that these popular social messengers are poorly secured and managed, hence are dangerous for hotels. 

Having a customized messenger solution for hotel staff can be very useful. There are several communication tools being developed primarily to ensure secure communications at hotels. The ALICE platform is a popular new hotel management & communication suite from hospitality innovator Alexander Shashou

Staff Training & Education 

Training is the most critical part of any hotel’s security strategy, since it involves everyone. IBM reported in 2019 that staff remains the most vulnerable factor in organizations in case of a data breach. 

Training is an ongoing process too, thus hotel managers must ensure that they schedule regular security, PCI Compliance, and best practices training for staff. Carrying only relevant encryption & security tools is not enough, at least not enough when compared to updated security training. 

At AHT Inc. we are advocates of technology education and PCI compliance training. We have been training hotel staff across the USA for well over a decade, ensuring highest level of security compliance in hospitality businesses. 

Our leading training courses cover a plethora of topics including WIFI, VPN, access & authorization, secure messaging & emails etc. We also enhance employee practices by educating them on secure best practices used in data intensive organizations.  

Renovate Legacy Infrastructures

Constant innovation requires hotels to upgrade their technology infrastructures to last close to a decade. In case your technology systems are not designed to facilitate encrypted communication or other aspects of communication, they need to be renovated. 

The primary task of secure technology infrastructures is to ensure there is an armor around the hotel, its staff devices, guest data, and financial information. A large number of hotels today join hands with technology management companies, outsourcing the important technology management functions to experts. 

A technology management company carries the latest knowledge of threats, offers access to leading security tools, and provides proactive support so hotel staff never have to worry about security.   

A hotel technology management provider also has experience with hotel technology benchmarks, allowing them to design a better infrastructure for hotels. Hoteliers can then focus on the business side of operations while the technology management company looks after tech security. 


There are several other steps an organization can take to ensure communication privacy & security. Modern hotels completely outsource their technology to a technology management company, some even hire freelance engineers, while others tend to carry their own I.T. departments to resolve secure communication issues.  

I hope you enjoyed this edition of our blog. For more interesting reads and latest hospitality trends visit us again. See you again soon.