Hospitality is a significant sector for the UK, employing 3.2 million people in 2017* and contributing £72 billion of Gross Value Added (GVA)* to the UK economy in the same year. And as the cream of the country’s hospitality leadership gathered at The Gleneagles Hotel recently, the sector’s responsibilities for security in an era of evolving digital threat came under the spotlight.
Stephen Jardine, one of Scotland’s best known journalists, hosted the Hospitality Industry Trust Scotland’s’ (HIT Scotland) inaugural leadership event and Alan Greig, Managing Director of Net-Defence, had the privilege of addressing the experienced audience to educate delegates on real world security, risks and the underlying myth that security is an IT issue. Alan’s message of the day was: “It’s not IT security, it’s just security.”
Joining a line-up of heavyweight key note speakers including: Dr. Andrea Luoma, a neuroscience-based executive coach; Crista Cullen MBE, Gold Medalist; Thomas Maunier, Lawyer turned Entrepreneur; and John Barclay, Scotland’s Rugby Captain, HIT Scotland delivered an impactful and highly engaging day of leadership education for the sector.
Security doesn’t stop at the front door in the hospitality sector.
It was no surprise to those attending this event to be told that it’s second nature for high-end hotels and event venues to operate with the utmost discretion, guarding their guests’ privacy and security. That’s a given. And their guests value that, whether they are focusing on business or relaxing away from the hustle and bustle.
For many observers that manifests itself as: professional commissionaires monitoring the front door; discreet receptionists; modern locks on hotel rooms; and a secure safe in every room.
But nowadays it goes way beyond that into the realms of cyber security, data security, or as Net-Defence’s founder says, “it’s just security”. If ever there was a sector that must reassure its customers that their data and privacy is secure, then it is the hospitality sector. People create risk if not regularly educated and tested on process and compliance, no matter how secure the IT or software.
From guest Wi-Fi to telephone systems to IT systems, coupled with robust people education and testing – hotels and venues must be able to demonstrate that their customers’ data is safe with them.
The message of the day was: “It’s not IT security, it’s just security.”
Picture this: directors from two companies meet to discuss a possible merger. They need to be able to do so safe in the knowledge that their plans won’t be splashed over tomorrow’s front pages.
Or this: a VIP wants to spend a weekend away with his or her family. They need to know that their emails aren’t being hacked by the person sitting in the corner of the lobby.
So our invitation to speak to HIT Scotland’s leadership team was a sure sign that the industry, on the one hand, is taking this issue seriously and on the other, recognises that there’s still work to do.
Let’s be clear, reputations are at stake and luxury hotels and venues trade heavily on these. Furthermore, like most other businesses, the directors of these establishments have legal responsibilities in this area to ensure that they take relevant precautions to prevent data breaches.
Recently a cyber-security research team reported that a major hotel group, managing some well-known hotel brands, underwent a data leak exposing vulnerabilities that could potentially be used by criminals. Last year as many as 383 million guests of one major hotel chain had personal information exposed by hackers, costing it upwards of $72 million so far.
So if you’re the General Manager, how can you ensure you can sleep at night knowing that your guests’ data is safe and that your directors aren’t exposed to the risk of prosecution?
Like most businesses, it’s about taking the right precautions and staying one step ahead of those who would seek to steal their, or your guests’, data.
The directors of these establishments have legal responsibilities in this area to ensure that they take relevant precautions to prevent data breaches.
Top tips for real world security in the Hospitality Sector
- Specialist advice – Ask a specialist, real world security team like Net-Defence’s to carry out a health check on your information security. It needn’t cost a fortune and if you have all the right processes and protections in place it will give you (and your directors) risk management knowledge and reassurance.
- Health Check – Make sure you carry out structured security health checks regularly across IT, data compliance and people. Criminals work at a fast pace in this arena and you need to keep up. Should you face a breach, your evidence of precautions will be considered by the regulator – the Information Commissioner’s Office (ICO).
- Educate & Test People – Your own people need to know the very important role they play in keeping your establishment safe from criminals – whether that’s making sure the front desk tells guests the right Wi-Fi to use or ensuring that the staff entrance is secure. Learning how to recognise and challenge a suspicious guest takes tact, time and testing to know your team is effectively educated.
- Supplier chain management – Ask the question of your third party suppliers – from your online booking system provider to your payroll people – what processes and procedures they have in place to protect the data of your establishment, your guests and your staff. Do you know if their integration with your own systems puts your business at risk?
- Become accredited – If you are not sure where to start, consider the Government’s digital resilience accreditation – Cyber Essentials Plus. Net-Defence can take you through your accreditation and, for Scottish based businesses, there is currently a grant scheme which may cover the majority of the cost for your organisation.
Looking after guests is an onerous responsibility. Looking after their – and your data – is a legal responsibility.
You can read more about Directors’ legal accountabilities and risk here.
If you would like a risk assessment for your hotel or venue for IT, data and people, contact us to arrange an obligation free meeting.
* Economic Contribution of the UK Hospitality Industry Report, October 2018