Skip to main content

Why Hotels Need to Invest More in Hotel Data Security

How can hoteliers reduce their risk of a data breach from occurring at their property?

I’m currently planning a few upcoming trips, and one of the first things I do once I settle on a destination is to choose my accommodations. Normally when I’m choosing where I want to stay, it ultimately comes to price, location, and cleanliness. Today’s savvy travelers have many different options for accommodations, and with competitors disrupting the hotel industry, it makes choosing a place much harder.

What can hoteliers do to stay ahead of their competitors and these emerging alternative accommodations? One area they can enhance is their hotel’s data security.

Hotels are in a unique position where they need to prioritize cybersecurity, payment security, and PCI-compliance. They collect large quantities of personal information that makes them a prime target for cybercriminals. Criminals are becoming more adept at breaching systems, so it’s up to hotel teams to stay ahead of them. According to a study conducted by Hospitality Technology’s 2019 Lodging Technology Study, their results indicate that 53% of their respondents believe that their technology spending will increase this year, and 17% of hoteliers expect to increase their technology budgets by 10% or more.

Since many technology investments require buy-in from executive teams, it’s important to demonstrate why your hotel needs to invest more money in hotel data security and PCI-compliance. It’s not enough to want to do it. There needs to be action driving any initiatives that you propose.

1) Convenience must be kept in mind.

Convenience needs to be factored in when investing in hotel IT resources. Technology investments shouldn’t be done for the sole purpose of “instant gratification.” It needs to be presented to your decision-makers as a practical and logical investment that improves existing processes and protects your guests’ data. Your guests are more digitally connected than ever before, so the convenience of new technology should also extend to them.

While convenience should be kept in mind, security should also be a determining factor. From the research that Hospitality Technology conducted, hoteliers view enhancing payment security as a high priority technology initiative for 2019. New technology investments should include security and privacy functions. Don’t be afraid to ask your solution providers how they’re maintaining PCI compliance and what safeguards they have in place to keep data safe when it’s passing through their systems.

Your technology investments should also be scalable. As your hotel continues to grow, your solution should evolve with your needs and continue to remove any operational inefficiencies. The solution should automate, streamline, and help your business flourish.

Additionally, if cross-functional teams can also benefit from new IT solutions, then it makes the investment even more worthwhile. No matter what department you’re in at a hotel, protecting your guests’ data is top priority.

2) Instill loyalty with your guests through credibility and trust.       

With hotels continuing to face increased competition, brand loyalty is becoming harder to maintain. It’s up to hotels to determine how best to deliver a more personalized experience to their customer. Maintaining relevance is also important to instilling loyalty. One way to stay relevant is to become a more technology-driven hotel. Being a technology-driven hotel doesn’t necessarily mean including fancy devices in the room or lobby, although that is one way to appeal to your tech-driven guest. Technology should be incorporated naturally into areas of your hotel where there are manual processes or operational inefficiencies. If there’s a way to create a more seamless experience, then maybe that’s where you should concentrate your investment and resources.

Another way to build loyalty is by protecting your guests’ data. Set your hotel apart from your competitors by continuing to take actionable steps to keep your guests’ data safe and maintain PCI-compliance. Your guests will appreciate that.

In that same vein of protecting data, you should also examine your hotel’s GDPR policy. This is an area where hotels should focus more of their attention. A surprisingly high percentage still aren’t compliant. Although it went into effect back in May 2018, it appears that only 47% of hotels have a process or policy in place. However, 30% are unsure if they should implement a plan, and 15% have no plans to establish a process. If you’re unsure about GDPR, take the time to read up on it and advocate for policies at your own property. And make sure you explicitly state that you’re being compliant so that your customers are aware that you’ve taken steps to protect their privacy.

Guest experiences aren’t one-dimensional and don’t need to be obvious. You need to evaluate the different touch points in your guests’ experience at your hotel and then determine where it makes the most sense to invest in technology that makes their lives easier and secure.

3) Outdated technology or lack thereof impacts all aspects of your business.

While some technology can be perceived as a “shiny new toy,” that’s not the case for all of them. When you present a new solution during your hotel’s budget season, make sure it will enable multiple hotel teams to conduct business more efficiently. Technology should be utilized in a natural way, so that it automates processes and workflows and delivers a more positive guest experience.

Every hotel has operational efficiencies that can hinder a team’s productivity and, in turn, affect your guests’ experience with your business. Depending on what those inefficiencies are, they could also be vulnerabilities in your systems making you a potential target for cybercriminals. When investing in new technology, look for solutions that have features and functions to safeguard against breaches and reduce your PCI scope and liability.

Hotels have been more proactive in implementing payment security procedures and practices. Compared to 2017, hotels are actively implementing payment security policies and procedures. Some of these include:

  • Conducting self-assessments for PCI compliance
  • Utilizing tokenization functionality instead of storing card numbers
  • Implementing systems to accept EMV/chip cards at terminals
  • Using P2P encryption for securing cardholder data being processed

Security policies and solutions such as the ones mentioned above help your hotel maintain the highest measures of security and compliance so guests can trust that you’re protecting their data. This also streamlines processes giving you extra time to focus on your guests’ needs.

4) Cybercriminals will take the path of least resistance.

Hotels are lucrative targets for hackers because they store a lot of valuable Personable Identifiable Information (PII) that hackers could sell on the dark web. While the number of hotels implementing breach protection solutions has doubled since 2017, that doesn’t mean that hotel teams should be complacent. Cybercriminals already know that stealing information is a risky and difficult job, so they’ll look for ways to get the job done quickly and easily without detection. Take the time to analyze where there might be holes in your systems and processes that could expose sensitive guest information. Once you identify them, come up with a realistic plan to address those inefficiencies before the cybercriminals find a way to exploit them. Once they find one hole, they’ll be tempted to find others. Hotel guest information is a hot commodity for cybercriminals, and that’s not likely to change anytime soon.

5) A data breach could give your hotel a tarnished reputation.

With data breaches becoming the “new normal,” it’s up to hotels to continue to budget IT resources towards data and payment security and PCI compliance. Hoteliers need to keep guest security at the forefront of their minds and take steps to implement measures from the first time a guest interacts with your hotel – generally online – to the time they set foot at your property, and even after they leave. Even if a “minor” hotel data breach were to occur, your business could still be at risk for a potential lawsuit. Additionally, your hotel’s reputation will have a stain on it, and that’s a hard thing to erase from people’s minds. And unfortunately, when a cyber breach occurs, the news will spread quickly before you even have a chance to address it properly and tactfully. While some breaches are small and may only be a blip that flies under the radar, other breaches are more severe depending on what information is stolen. Bottom line though, it’s a PR nightmare for any hotel to tackle. It’s better to have the mindset that it could happen at your hotel rather than believing that it will never happen.

What steps can your hotel take to reduce the likelihood of a data breach?

We’ve partnered with our friends at VENZA to bring you an actionable guide that outlines what areas cybercriminals are infiltrating at your hotel and what steps you can take to reduce a threat. Download the guide to “PCI Compliance and Beyond – How Hotels Can Take a Security-First Approach” today.