Posted inOperations

Data security of the hospitality industry

In conversation with Ravi Ranjan, IT Manager, Crowne Plaza Ahmedabad City Centre

by Ravi Ranjan, IT Manager, Crowne Plaza Ahmedabad City Centre
Ravi Ranjan, IT Manager, Crowne Plaza Ahmedabad City Centre.
  • Why has it become imperative for the hospitality industry to pay closer attention to cybersecurity in contemporary times?

Crowne Plaza Ahmedabad City Centre is a business Hotel and more than 80% of our guests are business travellers who travel for work purpose. When they are in hotel they spend quite an amount of time working on their laptops or phones. In majority of cases they use Hotel Wi-Fi. It a major hotel responsibility to take care of the safety of their personal and professional data base and thus it becomes imperative for us to ensure their data is safe and there is no cyberattack .

Apart from guest Wi-Fi, our internal software like PMS have guest’s database and protecting this information is hotel’s responsibility. We are always on our toes when it comes to protection of our guest’s database. And hence we have quite a vigilant cyber security in the hotel.

  • What kind of long-lasting damage can cyberattacks cause to a hotel company?

Crowne Plaza being one of the brands of IHG group, holds lot of responsibility to stand up to the brand’s reputation. The brand has stringent policies to ensure there are no cyber attacks as the guest’s personal information, hotel’s financial information and other major sensitive information are stored with us. If any of these information is leaked can cause a major damage to the hotel’s reputation. Especially in this techno-savvy age where each one of us have a voice on the internet, the spread of any mishaps would be irreversible for the brand.

  • Many hotels, especially standalone properties, still rely on traditional antivirus tools. Can these provide effective threat protection to prevent advanced cyberattacks including ransomware, file-less attacks and remote access trojans (RATs)?

Day by day attackers are developing new technology to breach the security and hence we have to always keep ourselves one step ahead. The standalone hotels need to primarily have to keep their antivirus-software up to date. Apart from this it is also important for employees to understand about such phishing emails or attacks and hence a basic training on cyber attack should be given to all the employees on their on-boarding.

  • With the rise in digital payments, POS systems have emerged as the weak security point for most networks. Do you agree? And how and why should hoteliers ensure they are regularly patched or updated?

Yes I second that with rise in digital payments, POS systems have some loopholes which cannot be ignored. We have also learnt few case studies of other hotels where the EDC machine is tempered and thus resulted into financial loses. To prevent such accidents we regularly monitor the entire network and ensure every system is updated to the latest version. Every 15 days we check the encryption of all the devises. And if the systems are patched or updated regularly the chances of any cyberattack reduces.

  • What are some steps and technologies that you have undertaken in your hotel to mitigate risk of cyberattacks and prevent the possibility of brand-damaging data breaches?

Cyber security is a primary focus for us and hence we leave no stone unturned to ensure we have taken adequate precautions. Firstly, we train all employees during their Joining to educate about cyberattacks and how to ensure Cyber Security, Data  Privacy and PCI/DSS, Online training and examination for cyber safety is also mandatory for all employees. Also, awareness posters are placed on notice boards.

In terms of Technology we have centralised Anti-Virus and Strong Firewall which has IHG standard rules configured with port numbers means there is no open points in network. We have Vulnerability Manager Installed in network where we can identify any system which is vulnerable.

  • Given the high turnover rate in the hospitality industry, how can hoteliers invest not just in cybersecurity technologies but also in their employees? How can the IT and HR team collaborate to create training programs to educate staffers on the ways bad actors can enter into the organization—be it phishing scams, adware, malware or social engineering?

Regular trainings by HR and IT manager to all hotel staff at any level is given in the form of class room training, interactives gaming sessions and various training programmes are developed for the team members. Each employee has to pass the cyber security training before he or she starts their role. Various audits and inspections are done by the HR and IT manager to ensure protection of the hotel’s system from any kind of cyberattack.