Latest News

Cyber security in the hospitality industry

Bridget Holmstrom - Saturday, January 31, 2015

Securing guest data in the hospitality industry

A recent article in The Caterer magazine written by Ian France, chief underwriting officer at the XL Group, stressed the importance of protecting the personal information of guests.  The importance of looking after customer data and the risks that there are out there can be seen from the recent security lapses at Booking.com where customer data was stolen.  Check the details here.

https://www.thecaterer.com/articles/354596/personal-data-stolen-from-booking-com-customers


As hotels allow people to make their hotel reservations online through desktops, laptops and increasingly tablets and mobile phones, the more data the hotels can collect about their customers.  This data includes personal and credit card information.  The consequence of obtaining and holding this mass of information is the need for hotel owners and managers to be vigilant and alert to the changing and increasing threats to online security.  As the writer points out the route to this data can be through any device that is on the same network as the data.  This can include laptops and even fax machines.  All of these should be secure.

It is recommended that hotel managers take a cyclical approach to address the risk of cyber attack.  This means that the risks are regularly checked, how the legalities are changing, what changes and improvements there are in data protection methods and, of course, what new attacks are occurring. 

The threat to reputation through the loss of customer data should be a major concern to hotel owners.  It is likely that customers become increasingly sensitive to the online threat and hotels that abuse their trust will be punished.

Some of the ways given by Ian France to fight cyber crime are sensible and logical.

  • Make sure staff are aware of the risks of cyber attack and of the plans and procedures in place to protect the customer data
  • Make sure that cyber attacks are including in business continuity and planning
  • Regularly review and update the current policies and procedures to make sure they remain current and equal to the changing digital environment
  • Make sure that all areas of risk management are aligned and address IT risk management and physical risk management.
  • Properly assess the risk by testing the security in place and carrying out IT security audits.