Safeguarding Guest Privacy is part of your business
There are some who believe the hotel trade is simple. After all it’s all about building rooms, putting beds into those rooms and finding heads to lie on all those beds. Ah... if only it was that simple! Those who operate hotels from economy to luxury will tell you that finding the heads to put in the beds is a complex process. There is no denying that pitching and successfully selling hotel rooms is a daunting task – and now with COVID-19 an impossible task.
To sustain the business and achieve long-term growth, hoteliers must first of all develop a deep understanding of the type of customers they want to attract. To do that requires hotels to unearth a great deal of information about their guests – enabling them to attune to the preferences of current and potential guests. Gathering guest information not only provides opportunities for hotel operators but also binds them to the condition of being morally and legally bound to ensure that such personal information is absolutely safe.
In a ‘touchless’ world of hospitality, whilst racing towards responding to guest demands for increased connectivity including minimum face-to-face contact, hotels are increasing the likelihood of a breach. When a hotel empowers its guests to use their mobile devices to select a room, check-in, receive texts when their room is ready, unlock the door to their room, order room service and even check out, without ever having to go to the front desk – it creates new access points, heightening the vulnerability of a breach. Furthermore, with such programmes collecting a wealth of data, a hotel breach becomes more tempting than before.
Hotels collect large amounts of data from their guests, both directly and through third parties such as credit card companies, OTAs, websites, Wi-Fi networks and other systems. On the flip side of the coin hotels also rely on other third parties for reservation services, payroll, human resources, asset management, maintenance and improvements - who thus have access to hotel systems. The system as a whole is only as strong as its weakest link, and a single vulnerability may expose the entire system. It then becomes a disaster-in-waiting.
Almost every breach involving hotels that have been reported over the past several years occurred from companies engaged by hotels to provide services to the hotel. Frequently, data security breaches in the hospitality world are at the point-of-sale, which is almost always a third-party system. Because so many data systems are interconnected, this means that all of the systems become a target, not just the point-of-sale technology.
InterContinental, Marriott, Hyatt, Four Seasons… to name but a few, have reported at least one breach in the past two years. Starwood Hotels & Resorts, a subsidiary of hospitality giant Marriott, recently suffered a data breach exposing personal information of more than 500 million people.
Our industry is still, in the grand scheme of things, fairly inexperienced in dealing with security breaches and although the steps to securing data systems may seem overwhelming, doing nothing is far more costly. It’s no longer a case of whether a breach will happen, but when and how often. Hotels must ensure that they are partnering with vendors that take security seriously to minimize the chances of a breach and to control the breach (i.e., how much data is compromised).
Shafeek Wahab - Editor, Hospitality Sri Lanka, Consultant, Trainer, Ex-Hotelier |
|
|
|
