From Los Angeles to New York City and Around the Globe, Hotels are Vulnerable
Earlier this year Romantik Seehotel Jaegerwirt, a 4-star hotel in the Austrian Alps, was the victim of a cyberattack resulting in the complete shutdown of the hotel’s computers. This attack was the third time the 111-year-old hotel had been targeted. The hackers breached the keycard system, making it impossible for guests to enter their rooms and preventing the front desk from reprogramming cards. Over the last two years, every major hotel company has been breached via their point of sale systems with the goal of obtaining personal information. The Romantik Seehotel Jaegerwirt attack is the first of its kind where hackers threatened the safety of guests.
SEE ALSO: How Do You Protect Your Smart Network?
Hoteliers, front and back of the house staff, and hotel guests rely on wired and wireless broadband networks every day. The smart technology within guests’ rooms and throughout the properties’ common areas, like lobbies, meeting spaces, and ballrooms, also rely on these same networks. Inherent vulnerabilities in these networks put everyone at risk. In 2015, due to a series of high-profile breaches, cyber and data security rose to the forefront as a huge risk for hotels. Beyond a data breach involving confidential information such as guests’ credit card information or employees’ files, hotels are vulnerable in other ways. In fact, hotels, more than most private industries, must take into account the physical harm that might be committed by hackers. In addition to guest information systems, HVAC, elevators, and electricity may also be targeted. While financial theft could impact a hotel and its reputation, a breach of its physical infrastructure could put the hotel out of business.
What Can Hotels Do to Combat Cyberattacks
Here are some key steps hoteliers should consider in order to improve the security of their data and physical systems.
- Analyze Risk: Each hotel will have unique security requirements based on its specific systems and operating environments. By conducting a risk assessment, hoteliers can identify how, why, and where their data and infrastructure is vulnerable and what safeguards should be implemented. Decoupling systems is one option to explore. Preventing access to the key card system through the hotel’s website is one example, or preparing for other workarounds might be necessary. In the case of the Romantik Seehotel Jaegerwirt, the decision was made to include physical keys, allowing a manual override of the system if necessary. Consider hiring specialized consultants who can offer valuable tools to help build necessary firewalls, data encryption, and other safeguards to protect the hospitality technology.
- Train Personnel: Nearly every breach is the result of a human act, whether an error or malicious. Training staff to identify risks and avoid them is one of the most effective steps to reduce cyber threats. Clearly define roles, responsibilities, and oversight. Data and infrastructure security should fall to a Chief Information Officer or a Chief Security Officer. Additionally, consider board oversight. Do board members possess the technical expertise to adequately review cybersecurity issues?
- Plan for the Breach: Design the response playbook before a breach occurs and be sure to create effective and realistic policies and procedures. Hotels, like other businesses, have to design, implement, and test response plans and update them regularly. The crisis response plan should include the necessary steps to ensure business continuity, notification of guests, suppliers, employees, law enforcement and regulatory bodies, and communicate effectively with the media. A hotel’s public relations department is, therefore, a crucial player as information communicated during a breach is fundamental to the company’s reputation.
Cyberattacks are constantly evolving, and the potential damage to a hotel’s bottom line and its reputation cannot be ignored. Want to learn more about safeguarding your hotel? Contact us online.