Not Just Heads In Beds - Cybersecurity for Hotel Owners

By Robert E. Braun Partner, Jeffer Mangels Butler & Mitchell, LLP | November 29, 2015

The basics of the hotel business have traditionally been simple: good location, fair prices, appropriate amenities and good service were the keys to success. While those factors are important today, hotels are no longer simply a "heads in beds" business; hotels are increasingly brand-oriented. Brands focus not only on the services and products they sell, but on developing the perception and recognition of the brand associated with those goods and services. That means that hotels, like all brands, need to focus more and more on understanding their customers and how to reach them, whether through loyalty programs, advertising, social media or otherwise.

The upshot of the focus on branding in the hospitality business is that hotels gather lots of information about their guests, ranging from credit card data to addresses, phone numbers, travel plans and preferences, birthdays, and more – all of which are valuable not just to the hotel brands and operators, but to cyberthieves. While hotel companies have understood this for years, they are, along with other customer-intensive industries, learning that collecting that information comes with responsibilities and, possibly, liability.

Cybercrime is big business. In 2014, there were 42.8 million detected security incidents (and, most likely, many more that were never discovered). Estimates of annual cost of cybercrime to the global economy ranges from $375 billion to as much as $575 billion as companies face increased vulnerability, ranging from greater technology available to cybercriminals and new types of cybercrime, like crypto-ransom. Cybercriminals began targeting hotels years ago. In a 2010, a Forbes magazine article quoted Nicholas Percoco, who said that "The hospitality industry was the flavor of the year for cybercrime. These companies have a lot of data, there are easy ways in and the intrusions can take a very long time to detect." The lesson for hotel owners is that they cannot stand idly by – hotel owners must be proactive by instituting best practices in their own operations, requiring the same from managers, and obtaining insurance coverage to fund the inevitable costs of a breach.

The Wyndham Case.

The threat to the hospitality industry became particularly evident in the recent federal court case brought by the Federal Trade Commission (the FTC) against Wyndham Hotels. On August 24, 2015, the Third Circuit United States Court of Appeals issued its ruling in the case FTC v. Wyndham Worldwide Corporation. The case was highly anticipated by the data security community generally for its expected ruling on the authority of the Federal Trade Commission to regulate data security standards, but nowhere was the anticipation more keen than in the hospitality industry. After all, this decision didn't deal with retailers, banks or dating sites – it addressed a major hotel player and, by implication, all operators, brands and owners in the industry.
The decision should be a wake-up call to hotel owners because, as described below, hotel owners may ultimately bear the cost of data breaches involving their hotels. Owners should look at the Wyndham decision as an opportunity to consider whether their brands and managers have taken the steps necessary to protect guests and, ultimately, the hotel owner.

The case arose out of a suit brought by the FTC against Wyndham, a global hotel company, for failing to adequately safeguard its computer network, allowing hackers to access customer information, resulting in the compromise of more than 600,000 credit card records and financial losses in excess of $10 million. Wyndham argued that, among other things, the FTC lacks authority to regulate data security standards of commercial entities. The lower court ruled in the FTC's favor, and Wyndham appealed to the U.S. Court of Appeals for the Third Circuit. On August 24, 2015, the Third Circuit affirmed the district court, upholding the FTC's data protection authority. The result is that for the first time, the United States has what amounts to a data security regulator.

Choose a Social Network!

The social network you are looking for is not available.

Close

Hotel Newswire Headlines Feed  

Megan (Sterritt) Taylor
Scott Watson
Brandon Billings
Gaurav Varma
Tim Peter
Bruce Seigel
Terence Ronson
Sridhar Laveti
Coming up in March 2019...

Human Resources: An Era of Transition

Traditionally, the human resource department administers five key areas within a hotel operation - compliance, compensation and benefits, organizational dynamics, selection and retention, and training and development. However, HR professionals are also presently involved in culture-building activities, as well as implementing new employee on-boarding practices and engagement initiatives. As a result, HR professionals have been elevated to senior leadership status, creating value and profit within their organization. Still, they continue to face some intractable issues, including a shrinking talent pool and the need to recruit top-notch employees who are empowered to provide outstanding customer service. In order to attract top-tier talent, one option is to take advantage of recruitment opportunities offered through colleges and universities, especially if they have a hospitality major. This pool of prospective employees is likely to be better educated and more enthusiastic than walk-in hires. Also, once hired, there could be additional training and development opportunities that stem from an association with a college or university. Continuing education courses, business conferences, seminars and online instruction - all can be a valuable source of employee development opportunities. In addition to meeting recruitment demands in the present, HR professionals must also be forward-thinking, anticipating the skills that will be needed in the future to meet guest expectations. One such skill that is becoming increasingly valued is “resilience”, the ability to “go with the flow” and not become overwhelmed by the disruptive influences  of change and reinvention. In an era of transition—new technologies, expanding markets, consolidation of brands and businesses, and modifications in people's values and lifestyles - the capacity to remain flexible, nimble and resilient is a valuable skill to possess. The March Hotel Business Review will examine some of the strategies that HR professionals are employing to ensure that their hotel operations continue to thrive.