HospitalityBiz India
Hotels FoodService Operations Ministry Associations Equipment Editorial HR Technology Technology Advisory Board Community
Follow us on Facebook Follow us on Twitter instagram
    Home > Operations > Safety & Security

Information security risk management in the hotel industry: Role of people and technology

Current state of security systems in the hotel industry

Tuesday, July 27, 2010, 14:30 Hrs  [IST]


For majority of hotel chains around the world, the key necessity is to ensure the security of their information network. The solution desired should provide a user-friendly environment for staff and managers to use corporate laptops to access the network from any location.

However, at the same time it is vital that data such as customer information available on central databases remain confidential and corporate applications are protected from unauthorised access. The solution also needs to deliver effective security, not only for the connection but also for the devices used thus protecting the internal network, as laptops could be used both on the inside and on the outside. Finally, with staff based at locations across the country, hotels require a solution that could be easily administered in this type of highly distributed organisation.

A recent study by a consulting firm revealed that 38 per cent of credit card hacking cases in 2009 involved the global hotel industry. The financial services faced 19 per cent of attacks followed by retail at 14.2 per cent.

The security of hotel guests’ communications is of utmost importance. Sometimes, the choice of which hotel to use is made on the basis of level of security and privacy provided to the customer.

Hotels have to invest in properly implemented networks for guest satisfaction and security. Moreover, it could potentially be devastating to a hotel’s reputation if a lawsuit is brought against it for leaking guest data because of a network crisis.

In this era of unprecedented identity, theft paired with increasing state regulations, hotel employees must be trained to protect guests’ virtual security as vigorously as their physical security.

Today, however, personalised service has become the rule rather than an exception. Hotels now use complex relational database systems to store knowledge about their guests, such as the blend of their favourite whiskey and the contact details of their family and friends.

Hotel employees use this information every day in every department of the hotel and they can access the information using multiple applications that store the data in different databases each with different levels of security. Access to information is no longer a matter of remembering guest preferences. Therefore, securing guest information requires much more than simple employee memorisation.

Important measures to secure client data and hotel’s IT infrastructure
  • Protecting guest data in all forms
  • Creating and maintaining strong passwords
  • Recognising the most common types of cyber attacks, especially social engineering attacks
  • Knowing what electronic countermeasures are in place and being able to recognise security alerts
  • Recognising and responding to a crisis incident with a business continuity plan
Security risk consulting firms help client’s in designing, implementing and testing the industry best practices and solution. Many vendors provide devices and appliances catering specifically to the hotel industry.

Confidentiality of data and employee awareness

Before employees can be expected to protect guest data, they must first understand which data should be kept confidential. It is reasonable to assume that most employees understand that they should protect guest credit card information, but they may not worry about keeping guest preferences confidential. It is necessary to reiterate that employees must protect guest data in all its forms, including printed reports and receipts as well as electronically accessible on computers.

Despite many advances in access-control technology, most hotels still use passwords for authentication; employees must remember multiple passwords for all of the different hotel systems. Creating strong passwords that are easy to remember is the most important skill an employee can learn to protect guest data.

Many of the technical technique attackers gain access to a network by tricking users. These techniques are commonly referred to as ‘social engineering.’ Social engineering scams dupe employees into taking some action — such as giving out contact information over the phone or clicking a link in an e-mail - that opens the doors for attackers.

For those attacks that do not involve user interaction, electronic countermeasures, such as anti-virus and anti-spyware, usually will pick them up and issue an alert. However, employees must be trained to recognise and respond to these alerts or they will simply ignore them. Knowing what the alert means and how to report it is critical to stopping attacks.

A countermeasure of particular frustration to many hotel employees is website content filtering software. Content filtering software is a critical part of a hotel’s electronic defence; however, often times an employee will be locked out of a perfectly legitimate website because the site happens to contain too many suspicious attributes. Teaching employees how content filtering software works and why it is important will help ease the aversion associated with using it.

Every hotel should have a policy in place for how to handle security incidents, and every employee should know how to implement it. Although most security incidents are as benign as a virus being caught and quarantined, all incidents should be reported and logged. On that rare occasion when a hotel’s computer network is under attack, an eagle-eyed employee can make out the difference between a close call and a security breach that compromises guest data.

Few precautions that customers should follow during their stay:
  1. Never hand over the credit card to the hotel staff
  2. Be present while swiping the credit card
  3. Avoid financial transaction over the unsecure networks accessible at the hotel
In this way, the customers and hotel management can cooperate to mitigate security breaches and compromise of confidential information through credit card frauds and identity thefts.

The author of this article is Anil Mallya, Associate Consultant-Technical Advisory Services, Mahindra SSG

Print News Email News Back
Bookmark to Add to NewsvineNewsvine Bookmark with Digg ItDigg
Add RSS to Add to Google Add to My Yahoo! Subscribe with Bloglines Subscribe
* Name :    
* Email :    
* Message :  
  H&R Johnson opens sixth Experience Store in India to service Customers, Architects & Designers as a one-stop-shop
  Beverly Wilshire launches Secret Rosé Garden for celebration of its 90th Anniversary
Receive the best of Hospitality content in your mailbox.
Weekly e-Newsletter
Events Calendar
Global Travel Mart for India
September 15-16, 2018, Vigyan Bhawan, New Delhi

FHRAI Annual Convention
September 20-22, 2018, Lucknow

Kerala Travel Mart (KTM)
September 27-30, 2018, Kochi, Kerala
© Copyright 2016 Saffron Synergies Pvt Ltd