• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

Hospitality

GUEST BLOG: Top tips for hotel security

960 640 Stuart O'Brien

By 2020 CCTV

There are, of course, lots of important factors to consider to ensure a successful hotel business – but security and the safety of guests and staff is always front of mind.

Depending on which market a hotel is tapping into, there will be different ways to make the establishment stand out from the crowd. This will likely require extensive research into nearby properties and businesses to see exactly what is working and what isn’t.

However, one aspect which should be a consistent consideration for any and every hotel is safety. Here’s a brief overview of techniques and technologies that can help…

CCTV

CCTV installation is a good way to ensure guests feel safer.  However, just having a surveillance system in place isn’t enough. Be sure to constantly monitor your set-up, even if this means hiring a third-party company to do so. Certain systems also come with a voice command option, which means that if you spot any wrong-doing, you can quickly warn those involved to stop their actions. You could even use cloud CCTV storage so that you can view your property from a control room, smartphone or a tablet 24/7.

Think electric

When it comes to your electricity supply – it’s crucial to have a regular Electrical Installation Condition Report (EICR) conducted.  This is because, since your business is constantly in operation, your systems can be subject to wear, tear, corrosion and overloading. This report, which must be carried out by a qualified electrician, will ensure that the electrical appliances in each room are fit for purpose.

Electrical checks should be carried out periodically (diarise them).  Doing this will ensure you are limiting the risk of electrical shocks, fires and accidents, therefore reducing accidents in the workplace – something which is a legal requirement since the introduction of the Electricity at Work Regulations 1989.

Your gas supply

Your gas supply is another potential safety issue, and gas safety should be a consideration. Similar to your electricity supply, your gas mains and appliances should be periodically checked. The Gas Safety Regulations 1998 states that you must arrange annual gas safety checks for any appliances that are serving guest accommodation, even if it’s sited away from the guests’ rooms.

Staff should not be left out of your gas safety policy.  Make sure staff have full training in the operation of any gas appliances – and this should include spotting any obvious faults, by using visual checks.  This could include any damaged pipework or connections. While any new installations must be carried out by someone who is Gas Safe-registered, anyone can change a LPG gas cylinder or hose once they are competent to do so.

It’s also extremely important to make use of carbon monoxide and dioxide alarms.  These can signify any fault and help you avoid any catastrophes. They should give an audible alarm when levels are dangerous and should be able to automatically shut off your gas system.

Emergency response plan

Do your staff know what to do in the case of an emergency?  Hopefully it will never happen, but if there is an emergency then your staff should be fully up-to-date about what they need to do in the scenario. Regular meetings with law enforcement and emergency services should be scheduled so you have a good communication plan in place and can update it as and when required. In doing so, you can prepare your staff so that everyone is calm and knowledgeable in a worst-case scenario.

The staff uniform

An obvious one (though surprisingly not always!), adopting a staff uniform policy is important.  Not only does it help your business look professional and smart, but it also gives your guests a clear view of who they can approach about a query, and who indeed is allowed in certain areas of the business. In guest areas, knowing who members of staff are is essential. This is because it shows that your company have guests’ safety at the forefront due to staff always patrolling the areas.

Securing online data

Although physical safety is obviously important, it shouldn’t be your only safety consideration. Hotels have become a prime target for cyber attacks. According to a report by PwC, the hospitality industry has the second-highest number of cybersecurity breaches, with most of the prominent hotels in the industry having fallen victim to breaches.

Regularly update your IT systems.  Doing this will help to ensure the safety of files and information, and thereby reduce online data security risks.  You should also be making sure that backing up your data becomes a habit, so you can eliminate the risk of losing it or having it irretrievably damaged. A recommended strategy is to use a cloud service daily, have weekly server backups, and follow these up with quarterly server backups and then yearly backups.

Be vigilant with your passwords.  Remember, password security is important, just as it would be for your personal devices. Be sure to change it often and make sure you change it any time a staff member leaves to avoid any breaches.

A hotelier business is – hopefully – a busy one.  There are lots of things to consider but safety should obviously be a key consideration. It’s crucial to keep on top of the methods you are using. Following the above steps should help provide your business with insight on how to keep your guests safe.

Sources

https://smallbusiness.co.uk/four-things-to-know-before-starting-a-small-hotel-2459257/

https://www.cintas.com/ready/healthy-safety/9-ways-to-help-boost-hotel-security-for-guests-and-employees/

https://www.mr-electric.co.uk/birmingham-north/5-reasons-all-guest-houses-and-hotels-require-an-electrical-installation-condition-report-eicr/

http://www.hse.gov.uk/gas/landlords/safetycheckswho.htm

https://www.tourismtattler.com/articles/hospitality/hotels-prime-target-cyber-threats/70691

https://www.siteminder.com/r/technology/hotel-data-security/quick-tips-stay-secure-online-hotel-systems-safe/

Guest Blog – Dr. Alex Vovk, Ph.D: 3 ways to improve hospitality data security…

800 450 Jack Wynn

The hospitality industry is a magnet for cyber criminals. Hotel chains have global networks, large workforces, as well as complex and often decentralised IT infrastructures. On top of all this, they regularly store and process high volumes of personal and financial data. This data can include customer credit card details, names, driving license numbers, addresses, passport numbers, phone numbers and other personally identifiable information (PII).

When these documents end up in the wrong hands, the regulatory, financial and legal consequences can be crippling; not to mention the reputational damage that you simply cannot afford in such a competitive industry.

This is why securing the integrity of customer and other business-critical data is a top priority in the hospitality trade.

Although the hospitality industry is similar to retail in many ways, it has been slower to adopt advanced security solutions.

Many large hotel chains — Trump, Hilton, Hyatt, Starwood, Mandarin Oriental and others — have recently disclosed problems with cyber-attacks. In many cases, the exact number of records breached has not been made public, nevertheless the overall impact has to be significant.

Despite the breaches, many hospitality businesses keep making the same basic security mistakes. Here are the main steps they can take to reduce the risk:

1: Data security applies across the board

Many smaller hotels operate as franchises or small independent businesses. Often data security is not as high on the agenda as it should be. In some cases, they do not comply with recommended industry security standards, or have IT security teams or even use basic data protection tools.

Actions

  • The reputation of the hospitality trade can only be improved if establishments take responsibility to protect customer PII seriously right across the board. This includes educating employees and adopting the right technology.
  • Compliance with the PCI DSS standard is the bare minimum required. Other essentials are a firewall, regular system updates and patches, encryption, a strong password policy, PCI-compliant applications and POS systems, restricted access to POS computers, and anti-virus, anti-spyware and anti-malware software.
  • IT systems also need to be regularly tested and assessed for vulnerabilities. When vulnerabilities are discovered, they need to be fixed immediately.

2: Insiders can be the biggest cyber security risk

Insider misuse is all too common in the hospitality sector. Contributing factors include high staff turnover rates, lack of appropriate security training, easy access to customer payment data, and lack of adequate controls and user behaviour monitoring.

According to Netwrix’s own 2016 Visibility Report, 65 per cent of organisations across various industries lack visibility into user activities in their corporate networks.

Insider wrongdoing does not always result in a massive data breach. It can take the form of a few individual thefts or many small thefts over long periods of time.

The overall outcome is the same as for external attacks: lasting damage to customer perception and lost trade.
Actions:

  • No matter how much you trust your workforce, make sure access to sensitive data is restricted to individuals who need it to perform their daily duties.
  • Monitor user activity — including privileged users – to see if they have tried to access critical files.
  • Follow up any suspicious activity, such as multiple failed access attempts, because they could be a sign of insider misuse or hacking of user accounts by attackers.
  • Implement a strong password policy.

3: Do not outsource everything

The hospitality industry is a highly competitive one that is always on the lookout for ways to cut costs.

It is hugely tempting to outsource parts of IT to external cloud services, and benefit from reduced hardware/software development costs and eliminating the need to retain a 24/7 in-house IT department.

But organisations who transition their business-critical data to a third party often forget to put strong security controls in place. For example, the 2016 Visibility Report found that as many as 75 per cent of organisations from various industries have no visibility into what is happening to their data in the cloud.

Actions

  • Before outsourcing any sensitive data to the cloud make sure that data will be remain secure in its new environment.
  • Carefully vet the cloud provider, holding them to the same standard as your internal security policies.
  • Also implement user behaviour monitoring, strong multi-factor authentication, remote session monitoring and advanced encryption.
  • Unless you have these security measures, you are not ready to move your critical data to the cloud.

In summary, hospitality businesses are responsible for all of the customer data they collect. Inevitably, this is a challenge, but there is no need to reinvent the wheel; numerous standards, solutions and best practices are available to help.

A lot of security mistakes happen because changes and anomalies in the network have gone unnoticed.

Use tools that help you stay aware of any abnormal or malicious activity in your IT network and in the cloud. Only by having clear insight into what is happening can you detect threats, minimise the risk of data exfiltration and secure your most valuable assets.

 

Dr. Alex Vovk, Ph.D has gained an impressive 15-years’ experience in software expertise, leadership and operational management. Prior to Netwrix, he worked at Aelita Software, where he served as the architect for the company’s key technologies. Dr. Vovk holds a master’s degree and a Ph.D in information security.