How to work on hotel cyber security

Cyber security has turn into a major concern for the hotel industry. This sector is constantly exposed to hacking, due to the large amount of data it deals with.

Also, hacking takes place in the booking offices, from which hackers extract data such as telephone numbers, addresses, names, ID card numbers, passports and email addresses, among others.

Cyber security; one of the hotel owners’ major concerns

Hotels handle a vast amount of confidential data, which is a magnet for cyber criminals. Hotel communication equipment is easy to hack, especially because Wi-Fi networks are not updated.

Some of the personal data dealt with are private in nature, such as the guests’ credit card or bank account numbers.

Online booking sites, as well as reservations by email are very vulnerable focal points. Even the hotel staff’s personal data are at risk.

A cyber attack in a hotel could have catastrophic consequences for the company, such as:

• The reputation of the hotel would suffer and so do the number of reservations, which could decrease considerably due to the resulting loss of confidence.
• Loss of confidence could lead to financial damage, which could eventually result in bankruptcy.
• The period of inactivity after a cyber attack could last from some hours to even weeks, depending on the degree of severity of the attack and the need to recuperate after it takes place.
• Data leakage. It can lead to the total loss of data, with the implied risks for the hotel.
• Financial penalties due to a breach of current regulations, which could generate severe financial losses.

It is for all these reasons that cyber security has become a primary concern for hotel owners, who are currently starting to pay more attention to it; the attention it truly deserves.

The reasons behind a cyber attack can be varied; it is not only motivated by illicit profit.

In many occasions, the objective is to have a negative impact on the hotel. Sometimes it is a case of industrial or commercial espionage. In some cases the aim is to seek for some kind of personal fulfilment and hacking becomes a challenge for an individual or a group of people.

At a much larger scale, it could be motivated by political espionage, aiming at influencing national and international economy or politics. It could be launched by terrorist groups who want to put pressure in order to achieve their demands.

Whatever the motives, financial and personal losses are guaranteed and the urge to overcome the weaknesses of the hotels’ booking and management system is growing at the same pace of cyber attacks.

How to boast a secure infrastructure?

In order to boast a secure digital infrastructure, we must take several factors into consideration.

Identify risks and shortcomings

In other words, to audit the hotel in order to assess potential risks. Classify the threats and the systems used in the premises.

Among the systems used to be assessed are the following:

• Online booking systems, with a general approach and access to a POS, where cyber criminals can obtain the clients’ credit card numbers.
• Data management. Carried out by means of digital systems, such as the Cloud, which can be vulnerable if they are not protected.
• Leisure and social media. Open access to the internet produces lots of traffic, from which cyber criminals benefit, since it is not usually connected to security systems.
• Access control. Such as alarms, monitoring systems, electronic keys, etc.
• Computer and technological hotel equipment. It is risky to access the internet from them.

Once the risk assessment has been carried out, appropriate decisions must be made in order to protect the digital infrastructure of the hotel, such as:

• Installing appropriate malware detection software.
• Monitoring and limiting the network ports.
• Protecting web browsers and email management systems.
• Setting up network systems such as firewalls, switches and routers.
• Wi-Fi networks access control system, including public ones.
• Monitoring and protection of physical security systems.
• Providing with a backup, for data recovery in the event of an attack.
• Protection against any possible communication system.
• Training the hotel staff regarding critical points.

These are some of the measures to be taken in order to avoid the negative impact of a cyber attack.

Hotel cyber security, a cost-effective investment

So far, we have analysed the reasons behind cyber attacks, its disastrous consequences and the way to secure the hotel cyber space.

Correcting all the shortcomings in hotel cyber security is a need that, sooner or later, all hotels or hotel chains have to take care of.

Protecting hotels from hackers implies important changes in the infrastructure of the premises and a real challenge both for the owners and the employees.

These changes involve an investment that will prove to be cost-effective from the start, when cyber security protocols are activated and security is monitored.

The customer’s experience will be rewarding, since the business demands have been met and the reputation of the hotel is protected, let alone the financial aspect, avoiding losses caused by the attacks.

Also, the European Regulation on Data Protection requires companies to adopt certain security measures in order to protect guests’ privacy.

The failure to comply with this Regulation will result in fines between 20 million Euros and 4 % of the company’s yearly income, applying the greater amount, depending on the severity, duration and nature of the breach.

Therefore, hotel cyber security is not a question of options, but of the obligations derived from the regulations of the European Union. And above all, it is a question that interests the hotel on the grounds of security, finances and reputation.

If you are a hotel owner, shareholder or you are in charge of a hotel or hotel chain, it would be advisable for you to contact professionals who can improve cyber security in your business in order to anticipate cyber criminals. Contact us and improve your hotel´s cyber security.