Not Just Heads In Beds - Cybersecurity for Hotel Owners

By Robert E. Braun Partner, Jeffer Mangels Butler & Mitchell, LLP | November 29, 2015

The basics of the hotel business have traditionally been simple: good location, fair prices, appropriate amenities and good service were the keys to success. While those factors are important today, hotels are no longer simply a "heads in beds" business; hotels are increasingly brand-oriented. Brands focus not only on the services and products they sell, but on developing the perception and recognition of the brand associated with those goods and services. That means that hotels, like all brands, need to focus more and more on understanding their customers and how to reach them, whether through loyalty programs, advertising, social media or otherwise.

The upshot of the focus on branding in the hospitality business is that hotels gather lots of information about their guests, ranging from credit card data to addresses, phone numbers, travel plans and preferences, birthdays, and more – all of which are valuable not just to the hotel brands and operators, but to cyberthieves. While hotel companies have understood this for years, they are, along with other customer-intensive industries, learning that collecting that information comes with responsibilities and, possibly, liability.

Cybercrime is big business. In 2014, there were 42.8 million detected security incidents (and, most likely, many more that were never discovered). Estimates of annual cost of cybercrime to the global economy ranges from $375 billion to as much as $575 billion as companies face increased vulnerability, ranging from greater technology available to cybercriminals and new types of cybercrime, like crypto-ransom. Cybercriminals began targeting hotels years ago. In a 2010, a Forbes magazine article quoted Nicholas Percoco, who said that "The hospitality industry was the flavor of the year for cybercrime. These companies have a lot of data, there are easy ways in and the intrusions can take a very long time to detect." The lesson for hotel owners is that they cannot stand idly by – hotel owners must be proactive by instituting best practices in their own operations, requiring the same from managers, and obtaining insurance coverage to fund the inevitable costs of a breach.

The Wyndham Case.

The threat to the hospitality industry became particularly evident in the recent federal court case brought by the Federal Trade Commission (the FTC) against Wyndham Hotels. On August 24, 2015, the Third Circuit United States Court of Appeals issued its ruling in the case FTC v. Wyndham Worldwide Corporation. The case was highly anticipated by the data security community generally for its expected ruling on the authority of the Federal Trade Commission to regulate data security standards, but nowhere was the anticipation more keen than in the hospitality industry. After all, this decision didn't deal with retailers, banks or dating sites – it addressed a major hotel player and, by implication, all operators, brands and owners in the industry.
The decision should be a wake-up call to hotel owners because, as described below, hotel owners may ultimately bear the cost of data breaches involving their hotels. Owners should look at the Wyndham decision as an opportunity to consider whether their brands and managers have taken the steps necessary to protect guests and, ultimately, the hotel owner.

The case arose out of a suit brought by the FTC against Wyndham, a global hotel company, for failing to adequately safeguard its computer network, allowing hackers to access customer information, resulting in the compromise of more than 600,000 credit card records and financial losses in excess of $10 million. Wyndham argued that, among other things, the FTC lacks authority to regulate data security standards of commercial entities. The lower court ruled in the FTC's favor, and Wyndham appealed to the U.S. Court of Appeals for the Third Circuit. On August 24, 2015, the Third Circuit affirmed the district court, upholding the FTC's data protection authority. The result is that for the first time, the United States has what amounts to a data security regulator.

Choose a Social Network!

The social network you are looking for is not available.

Close

Hotel Newswire Headlines Feed  

Linda Pierce
William A. Brewer
Johan Terve
John R. Hunt
Breffni Noone
Tammy S. Miller
Calvin Anderson
Tim Trefzer
Alexandra Glickman
Coming up in January 2019...

Mobile Technology: The Future is Now

Mobile Technology continues to advance at a relentless pace and the hotel industry continues to adapt. Hotel guests have shown a strong preference for mobile self-service - from checking-in/out at a hotel kiosk, to ordering room service, making dinner reservations, booking spa treatments, and managing laundry/dry cleaning services. And they also enjoy the convenience of paying for these services with smart phone mobile payments. In addition, some hotels have adopted a “concierge in your pocket” concept. Through a proprietary hotel app, guests can access useful information such as local entertainment venues, tourist attractions, event calendars, and medical facilities and services. In-room entertainment continues to be a key factor, as guests insist on the capacity to plug in their own mobile devices to customize their entertainment choices. Mobile technology also allows for greater marketing opportunities. For example, many hotels have adopted the use of “push notifications” - sending promotions, discounts and special event messages to guests based on their property location, purchase history, profiles, etc. Near field communication (NFC) technology is also being utilized to support applications such as opening room doors, earning loyalty points, renting a bike, accessing a rental car, and more. Finally, some hotels have adopted more futuristic technology. Robots are in use that have the ability to move between floors to deliver room service requests for all kinds of items - food, beverages, towels, toothbrushes, chargers and snacks. And infrared scanners are being used by housekeeping staff that can detect body heat within a room, alerting staff that the room is occupied and they should come back at a later time. The January Hotel Business Review will report on what some hotels are doing to maximize their opportunities in this exciting mobile technology space.