The last several years have revealed that hospitality businesses are vulnerable to cyber attacks, with many major hospitality players being victims of cybercrime that was in some cases undetected for years.
While hackers are becoming increasingly innovative in ways they gain access to secure hospitality systems, the hospitality sector is lagging behind in security measures. Businesses often don’t treat cybersecurity as a priority but prefer to focus on customer experience only, which can have far-reaching consequences in case of a breach.
The most common factors that contribute to data breaches include the following:
#1 The Number of People Involved
It is the nature of the hospitality industry that makes hospitality businesses such targets – there are so many customers and staff involved that hackers easily benefit from those numbers. Sooner or later, somebody will make a mistake and click on a malicious link delivered into their inbox from a spoofed email address, and that one click is often enough to get access to everything.
Once inside, hackers will easily find employee credentials to get access to sensitive information, such as customer names, emails, addresses, current residence, credit card information, loyalty programs and points, and more, and use all that information for monetary gain or to sell it on the dark web.
Another big issue that contributes to the high vulnerability of the hospitality sector is the current hospitality retention rates, which are quite low when compared to averages or other industries. In the UK, the annual staff retention level is just over 70%, which is concerning given the average retention is usually around 85%. Not only are staff usually less interested in the long-term protection of the business, but frequent changes of users and passwords often leads to bad practices like sharing or logging in for each other.
#2 Unsecured Networks
One of the easiest ways hackers get access to guest and employee data is through poorly secured and unsecured Wi-Fi networks. While it’s hard to make sure a Wi-Fi network is 100% secure against attacks, hospitality businesses can do a lot to minimise the risk.
First of all, a network should never be unsecured. While it might seem like a great perk – use your network easily without having to ask for a passcode – this also means that anyone can access it, hackers included. The passcode should always be complex to avoid hackers simply guessing it. Businesses should avoid setting up “12345” or the business name as the passcode.
In addition to the right encryption settings for all the networks, it’s important to separate them too. Guests should always have a separate network for all their devices. Sharing the same network for business devices and guest devices is a recipe for disaster, as one of your guests may not be as innocent as they appear and may be accessing your internal systems and data whilst also enjoying your coffee.
#3 Lack of Understanding
Another fault of many businesses in the hospitality industry is their lack of understanding of cybersecurity. Hotels are now interconnected digital systems that compete for customers by introducing new digital experiences. As such complex systems, they have a large number of endpoints – like the above-mentioned Wi-Fi networks, but also HVAC systems, Points of Sale (PoS), electronic door locks, smart devices – through which customer data is accessed and stored.
And while they do adopt new technology and software to streamline their operations, their security measures are often outdated and don’t cover new security threats. You see, each of the endpoints used can also be an entry point for hackers to steal data. Sometimes, it’s enough to delay updating your PoS system for hackers to get a successful entry.
Because hospitality businesses deal with such a large amount of sensitive data daily, it’s of utmost importance that they also understand the risks that come with the benefits of new software and tech solutions.
#4 Cybersecurity Isn’t Their Focus
Most hospitality businesses will agree that customer satisfaction and the overall experience with their brand is what matters most. The competition is fierce, and it’s very easy to lose customers. In their battle to retain customers, they will often prioritise to spend their money on user experience and streamlining all their internal operations towards this goal.
To provide a seamless experience in every single one of their locations, all hotels from the same chain are interconnected to be able to easily share their data on customers between locations. This way, the customer’s preferences when it comes to rooms and suites and other data that help make them feel welcome is accessible at any time, no matter which of their hotels the customer walks into. Such data sharing happens within the hotel chain national network, which all hotels have access to.
This interconnectedness can have far-reaching consequences – just one breach into a single hotel from the whole chain is enough for hackers to quickly gain access to their whole system and steal information from central data points.
#5 Lack of Education
With a lack of understanding of why security systems are crucial for all the digital systems in the hospitality industry, cybersecurity it is often put into the back seat. This, in turn, results in a severe lack of education for staff members and partners.
If employees working in hospitality do not know how to spot risks, the chances of being hacked skyrocket. Not all employees are tech-savvy or IT professionals nor will know how to spot a phishing attempt, but with the right training, you can greatly reduce the chances of being hacked.
The best approach here would be to have cybersecurity staff that will take proactive measures to keep all systems secure, so it would not be a bad idea to appoint a Chief Information Security Officer (CISO) who would oversee all security-related operations, and set up a plan in case a breach happens.
The Right Measures Help Detect a Breach Quickly
The hospitality industry will remain a high-risk target for cyber attacks, and there will always be a risk. Taking the right countermeasures will minimise it, however, and ensure that if a breach does happen, there are rules in place that will help detect it quickly and take the right course of action.