Cybersecurity in Tourism & Hospitality: the urge of protecting customer data
Organizations in tourism and hospitality have massive databases of personal data nowadays as they ask their consumers to leave their data for better and optimized services. This could be in hotels for example, provide data for loyalty programmes such as preferences of pillows, favourite breakfast and date of birth. However, important information such as e-mail addresses, passport numbers and even creditcard details are being given in order to complete the reservation. Next to that, new technologies also enable guests to check in more efficiently, for example with a mobile application which holds a lot of personal data in order to be able to have a fast check-in. However, according to HotelNewsNow (2018), hackers are often attacking the hospitality industry on the search for secured data. Therefore, managers in tourism and hospitality, but also all other employees in the different departments in the sub-sectors should be aware of the high risks those hacks bring along.
This blog, written by key partner CEHAT, focuses on the importance of cyber security and what skills should be taught to all workers in tourism and hospitality in order to ensure the protection of all the valuable personal data of their guests. In this line, CEHAT collaborates with ITH as the technological arm for the dissemination of this information through international events such as Fiturtech Y, technical conferences throughout Spain and communication through ITH’s newsletter.
What is cybersecurity and how does it differ from general security?
Cybersecurity is defined as the area related to computing and telematics that focuses on protecting the computer infrastructure and avoiding all types of threats, which put at risk the information that is processed, transported and stored in any device.
A distinction must be made between general security and cyber security:
Security is the general concept that encompasses all measures and processes designed to protect information and data of value to your organization. This is done through risk reduction and threat control. It encompasses both physical and digital information. On the other hand, cyber security is limited to the protection of digital information that is in an organization’s systems, including attack practices and securing cloud storage. What makes cybersecurity so valuable is its ability to attack and combat threats to information that is processed, transported and stored on interconnected .
Professionals in the hotel sector may not be aware of the real importance of cyber security, which can range from manipulating video surveillance cameras, to opening doors without consent, through the theft of sensitive information for the company itself. The news article of HotelNewsNow (2018) shows a data breach timeline, highlighting the latest data attacks on hotels such as Marriott International, Radisson Hotel Group and InterContinental Hotel Group, where personal data of millions of guests was hacked. Cyber security can become a criterion for the client’s choice of hotel, in addition to the fact that tourism is the third most hacked sector after administration and banking, as within this sector there is a lot of valuable data to be found in those organizations such as creditcard and passport details (Clark, 2019).
Cyber security is essential when it comes to generating in the client a feeling of tranquillity and trust towards the establishment in which he or she is staying. Cyber security is also important to encourage the guest to choose an establishment again for a repeat visit. Hotels handle an enormous amount of data: identity documents, credit cards, personal addresses, etc., which the hotels are forced to protect and manage to ensure the identity of the clients.
Due to the increase of data breaches, companies are being forced to work on their cybersecurity skills and how these should be managed. The accommodation industry is beginning to be aware of the relevance of this topic: if hotels do not manage this issue properly, they lose the opportunity to give the clients the reliability and security they need. Trade associations are working on the dissemination of European legislation in order to be sure that all hoteliers accomplish with the law. The NTG project is assessing the digital skills necessary to provide professionals so they can assume this responsibility for cyber security.
Pitfalls of cybersecurity
In many cases, it is the employees themselves who fall into errors that expose the security of the hotel and the privacy of their clients through a lack of cyber security. Incorrectly shared passwords, professional accounts that link to personal devices or the dissemination of internal company information are some of the mistakes employees make. In order to correct these errors and ensure that they do not happen again, training and awareness-raising are the keys. Next to that, Clark (2019) also states that many hotel owners prefer to spend their budgets on tangible products such as new carpets, things that customers can actually see. This is due to the thin margins in hotels, which may result into a messy technological ecosystem where the protection of for example the guest’s WiFi is lacking.
Importance of cybersecurity training in organizations
Employees must be informed at all times about the correct practices to be followed, thus avoiding making mistakes that in most cases have terrible consequences, both for the hotel and for the customers themselves. For example, there have been cases where clients’ data has been hacked through the hotel’s Wi-Fi network and the cyber criminals have been able to steal all the personal data of hotel clients including their ID, billing information (HotelNewsNow, 2018). It is not only professional malpractice that is the problem. In some cases, how hotels do not invest enough in the configuration of good cyber security that allows them to avoid cyberattacks (Clark, 2019).
Some advice that can be given to companies in the sector to navigate safely are:
- Use an antivirus and update it.
- Use a secure password. Change it “sometime”.
- Do not open files or links from unknown sources in emails.
- Do not download files from dubious sites.
- Restrict the information we share on social networks. It is advisable to remove the public profile.
- Ensure that public WiFi is secure.
- Delete browser cookies frequently.
- Do not give bank/card details over the Internet: Never by email. Only on pages known HTTPS://
Optimal security assessment to ensure digital safety for guests
The hotel must be aware of the importance of protecting devices as well as protecting personal data and privacy to avoid cyberattacks. To do this, ensuring the privacy of customers through training and awareness by hotels is essential.
For the peace of mind of the guests, the hotels should complete constant intrusion tests to evaluate the state of the systems, auditing their security from the point of view of possible external attacks. In order to make an optimal security assessment, it is best to carry out controlled attacks on the systems.
In conclusion, every company should invest in cybersecurity. No matter what type of company or size, anyone could be faced with a potential cyber attack and lose information, be unable to meet their commitments in time, be unable to offer customers the services they have contracted for, or simply be unable to access their own workers.
Clark, P. (July 4, 2019). Hotels Face Increasing Risk of Security Breach by Cyber Hackers). Retrieved from: https://skift.com/2019/07/04/hotels-face-increasing-risk-of-security-breach-by-cyber-hackers/
HotelNewsNow. (November 30, 2018). Timeline: The growing number of hotel data breaches. Retrieved from: http://www.hotelnewsnow.com/Articles/50937/Timeline-The-growing-number-of-hotel-data-breaches
Sanger, E., Perlroth, N., Thrush, G., Rappeport, A. (n.d.). Marriott Cyber Attack : Hotel Data Breach That Hit 500 Million Guests Linked to Chinese Spy Agency. Retrieved from: https://www.independent.co.uk/life-style/gadgets-and-tech/marriott-cyber-attack-starwood-hotel-data-breach-china-spy-agency-guests-a8679006.html