By Mike Ianiri, Equinox
When you consider how much personal data is provided by guests and held by the hotel it is no surprise that the industry attracts cyber criminals – as was discovered in November 2018 when it was reported that “500 million customers of the hotel group Marriott International have been compromised by an unauthorised party.”
Hotel hold information before a guest arrives. When they have checked in they have to submit more personal information when they connect to the hotel WiFi.
With GDPR in force now, the hospitality sector must be sure to have this at the forefront of their minds. A boutique hotel potentially would not survive a fine should a breach occur.
So, what can hotels, big and small, do to protect their guests and themselves from the unpleasant attentions of hackers and cybercriminals?
- Ensure admin passwords are regularly changed on all IT appliances. This can be easily applied using network settings and tools such as Dashlane or LastPass. Regularly changing passwords dramatically reduces the opportunity for the network to be hacked, particularly when you add rules that make the passwords more complex than many people naturally want to make them.
- Ensure a policy is in place when clients do connect to the Hotel WiFi ensuring the client has to give consent to their personal data being collected – this is called the ‘Opt in’. GDPR is very clear on this. You have to give them the option to opt in, rather than the option to opt out.
- Separate your public and corporate WiFi. You don’t want a member of the public able to access data on your corporate network.
- Quarterly Firewall Penetration Tests, carried out by an independent cyber security specialist, will flag up any holes in your network and keep cyber criminals well and truly out.
- Look out for Sniffers. Not cute little puppies, these are hacking tools used to gain access and capture information that you send from your laptop/tablet/mobile. Most recently, they are also setting up WiFi networks that reach into the hotel. Guests think it is legitimate and connect to the ‘fake WiFi’.
- Social Engineering is becoming rife across all industries, including the hotel sector. Emails containing malware can easily infect networks. Some will pretend to be a senior director and ask for money to be sent elsewhere. Tools such as Mimecast will protect your network from such phishing emails. And Social Engineering training / Phishing Assessment and training is well worth considering. Users are often thought of as the weakest link. Onsite employee classroom training, online courses and phishing simulations raise awareness, vastly improving how your users protect themselves online.
The responsibilities for hotels have increased significantly with the introduction of GDPR. Now in additional to an ethical and social responsibility for you to protect data, there are also legal requirements. If this is all handled properly, there are significant marketing benefits for the hotel. When guests are aware of the care that is being taken and the safeguards that have been put in place to look after their data – it will boost their confidence. Hotel which provide a secure network experience with robust WiFi access, will find guests coming to stay with them repeatedly.
Mike Ianiri is Director of independent telecoms brokerage Equinox.
Mike works with companies, charities and other organisations to help them choose the right telecoms packages for their needs and thereby reduce their costs. He is particularly knowledgeable on the integration of IT and telecoms in business.