Not Just Heads In Beds - Cybersecurity for Hotel Owners

By Robert E. Braun Partner, Jeffer Mangels Butler & Mitchell, LLP | November 29, 2015

The basics of the hotel business have traditionally been simple: good location, fair prices, appropriate amenities and good service were the keys to success. While those factors are important today, hotels are no longer simply a "heads in beds" business; hotels are increasingly brand-oriented. Brands focus not only on the services and products they sell, but on developing the perception and recognition of the brand associated with those goods and services. That means that hotels, like all brands, need to focus more and more on understanding their customers and how to reach them, whether through loyalty programs, advertising, social media or otherwise.

The upshot of the focus on branding in the hospitality business is that hotels gather lots of information about their guests, ranging from credit card data to addresses, phone numbers, travel plans and preferences, birthdays, and more – all of which are valuable not just to the hotel brands and operators, but to cyberthieves. While hotel companies have understood this for years, they are, along with other customer-intensive industries, learning that collecting that information comes with responsibilities and, possibly, liability.

Cybercrime is big business. In 2014, there were 42.8 million detected security incidents (and, most likely, many more that were never discovered). Estimates of annual cost of cybercrime to the global economy ranges from $375 billion to as much as $575 billion as companies face increased vulnerability, ranging from greater technology available to cybercriminals and new types of cybercrime, like crypto-ransom. Cybercriminals began targeting hotels years ago. In a 2010, a Forbes magazine article quoted Nicholas Percoco, who said that "The hospitality industry was the flavor of the year for cybercrime. These companies have a lot of data, there are easy ways in and the intrusions can take a very long time to detect." The lesson for hotel owners is that they cannot stand idly by – hotel owners must be proactive by instituting best practices in their own operations, requiring the same from managers, and obtaining insurance coverage to fund the inevitable costs of a breach.

The Wyndham Case.

The threat to the hospitality industry became particularly evident in the recent federal court case brought by the Federal Trade Commission (the FTC) against Wyndham Hotels. On August 24, 2015, the Third Circuit United States Court of Appeals issued its ruling in the case FTC v. Wyndham Worldwide Corporation. The case was highly anticipated by the data security community generally for its expected ruling on the authority of the Federal Trade Commission to regulate data security standards, but nowhere was the anticipation more keen than in the hospitality industry. After all, this decision didn't deal with retailers, banks or dating sites – it addressed a major hotel player and, by implication, all operators, brands and owners in the industry.
The decision should be a wake-up call to hotel owners because, as described below, hotel owners may ultimately bear the cost of data breaches involving their hotels. Owners should look at the Wyndham decision as an opportunity to consider whether their brands and managers have taken the steps necessary to protect guests and, ultimately, the hotel owner.

The case arose out of a suit brought by the FTC against Wyndham, a global hotel company, for failing to adequately safeguard its computer network, allowing hackers to access customer information, resulting in the compromise of more than 600,000 credit card records and financial losses in excess of $10 million. Wyndham argued that, among other things, the FTC lacks authority to regulate data security standards of commercial entities. The lower court ruled in the FTC's favor, and Wyndham appealed to the U.S. Court of Appeals for the Third Circuit. On August 24, 2015, the Third Circuit affirmed the district court, upholding the FTC's data protection authority. The result is that for the first time, the United States has what amounts to a data security regulator.

Choose a Social Network!

The social network you are looking for is not available.

Close

Hotel Newswire Headlines Feed  

Ed Blair
Dianna Vaughan
Nicholas Pardon
Gio Palatucci
Suzanne Owens
Terence Ronson
Gaynor Reid
Bruce Seigel
Coming up in June 2019...

Sales & Marketing: Selling Experiences

There are innumerable strategies that Hotel Sales and Marketing Directors employ to find, engage and entice guests to their property, and those strategies are constantly evolving. A breakthrough technology, pioneering platform, or even a simple algorithm update can cause new trends to emerge and upend the best laid plans. Sales and marketing departments must remain agile so they can adapt to the ever changing digital landscape. As an example, the popularity of virtual reality is on the rise, as 360 interactive technologies become more mainstream. Chatbots and artificial intelligence are also poised to become the next big things, as they take guest personalization to a whole new level. But one sales and marketing trend that is currently resulting in major benefits for hotels is experiential marketing - the effort to deliver an experience to potential guests. Mainly this is accomplished through the creative use of video and images, and by utilizing what has become known as User Generated Content. By sharing actual personal content (videos and pictures) from satisfied guests who have experienced the delights of a property, prospective guests can more easily imagine themselves having the same experience. Similarly, Hotel Generated Content is equally important. Hotels are more than beds and effective video presentations can tell a compelling story - a story about what makes the hotel appealing and unique. A video walk-through of rooms is essential, as are video tours in different areas of a hotel. The goal is to highlight what makes the property exceptional, but also to show real people having real fun - an experience that prospective guests can have too. The June Hotel Business Review will report on some of these issues and strategies, and examine how some sales and marketing professionals are integrating them into their operations.