Our Webpage                           Search

Hospitality Blog

Blurring the Lines Between Physical and Digital Hotel Security

By Cris Davidson 26. May 2022

Blurring the Lines Between Physical and Digital Hotel Security

The hospitality industry is certainly no stranger to security risks. Statistics in fact indicate that more than 53,000 crimes take place within hotel guestrooms. At the same time, however, hoteliers are also having to remain vigilant against the growing threat of cybercrime. An issue that has resulted in at least 16 billion records containing sensitive data being lost to theft since 2019, cyber-attacks can cause untold damage to a hotel’s reputation and can lead to a significant increase in liability and legal costs.

Yet while physical security risks and cyber-attacks may appear to be separate issues, the increasing interconnectivity of hotel systems, services and environments has meant that cybercrime can frequently translate into a threat to the physical safety of guests and staff. One notable example is of a hotel infected with ransomware where employees were unable to unlock rooms throughout the property. While the goal of hackers was to freeze the property’s systems until a ransom was paid, the inability to unlock hotel areas could have had far-reaching consequences if a physical threat to guest or staff safety simultaneously took place. The possibility of such a risk occurring means that hoteliers must ensure that they are supported by a well-designed access management platform able to provide backup options should the system become locked as a result of a cyberattack.  

In today’s digitalized world, hospitality professionals must therefore begin to take a more holistic and forward-thinking approach to virtually every aspect of their hotel’s security. To prevent cyber-attacks from impacting guest and employee safety in the real world, new and improved technologies that take both risks into account should now be the focus of any future investment.

Take a Closer Look at Access Management Security

Staying with the above example of the hotel ransomware lockout, hackers were able to exploit the property’s access management system by leveraging vulnerabilities that allowed them to take complete control. Often, hoteliers using legacy systems make a hacker’s job easier by having outdated data encryption protocols that have long since been known to suffer from possible exploitation. Even when such system vulnerabilities are identified, the only option traditionally available to hoteliers has been a complete and costly overall of their security access operations. Worse still, this cost prohibitive ‘solution’ is only set to continue repeating itself as hackers inevitably identify new methods to sidestep a recent security upgrade.

Ultimately, today’s hoteliers need a security access system that isn’t limited by its original capabilities when designed at the time of the solution’s launch, but that instead can continue to evolve and keep pace with newly discovered vulnerabilities as they arise. Leading this critical industry need are advances in cloud-based access management technology that are cutting the cord to the previous requirement of having a dedicated onsite server. A key advantage of this feature is that such systems are entirely software-based and exist online. This in turn allows cloud-based access management systems to receive regular and automatic updates and patches whenever a security improvement needs to be made. Unlike older platforms, there’s no need to replace onsite hardware, no added expense and importantly, no need for extensive system downtime that in of itself can present a security risk.

Prevent Hackers From Gaining a Foothold by Using Secure Communications

Hoteliers may be forgiven for believing that perhaps the best approach is to have business critical systems such as access management remain offline in order to shut would-be cyber attackers off. The problem with this, however, is that hackers are known to be able to find ways into a hotel’s internal operations by first identifying a vulnerability within a system or amenity that has an online connection. For instance, hackers were able to gain access to a casino hotel’s systems by first taking control of an aquarium thermostat that was connected to the property’s servers and as a result, the internet.  

This example, while certainly a creative cyber-attack, does demonstrate that hackers can and do find means of connecting to otherwise closed-off property systems. Taking it a step further, hackers could also potentially use one system’s vulnerability to gain control of a range of amenities that place guest and staff safety in jeopardy. With more and more properties adopting IoT-based solutions, enhanced network communications security must be taken into account as this could include deactivating fire alarms, sensors or even taking control of a hotel’s security camera network.

Cloud-based technologies allow hoteliers the ability to incorporate an affordable solution to effectively prevent hackers from leap-frogging from one property system to another, thus limiting any possible exposure. Using access management again as an example, all communications between external or internal networks and devices are always fully protected using the latest in data encryption technology. For those attempting to extract any useful information, all they would see is seemingly incoherent data that can only be decrypted and utilized by the end-source. Crucially, cloud-based access management solutions can stay continuously updated with the industry’s highest encryption standards using just a software update.

A key feature of Cloud-based systems is the added layer of protection in the form of 24/7 monitoring. Hoteliers can therefore share the responsibility of maintaining system security and integrity with their solution provider. In the past, a hotel employee was typically the first and last line of defense in identifying a suddenly arising cyber-attack which could lead to worse consequences if not recognized in time. Now with cloud-based technologies, hoteliers gain the advantage of having a dedicated team of experienced professionals who are always on the lookout for any anomalies that could indicate an attack. If one does indeed take place, a provider’s technicians can immediately notify a property and instantly work with them to frustrate hacker efforts, preventing what could otherwise have been a costly and reputation-tarnishing lapse in hotel and guest safety.

The Future of Hotel Safety is Undoubtedly within the Cloud

Recognizing the ongoing ingenuity of hackers, the delineation between what counts as a physical versus a cyber threat to hotel security is increasingly becoming less apparent. This is only primed to become more of a recurring issue for hoteliers as more systems and amenities become interconnected and as a result, provide cyber-attackers with more avenues to exploit. To offset this unsettling potential trend, hotel businesses must begin to act now to implement an operational infrastructure proven to be effective against both real-world and online safety risks. With the abilities of cloud-based technologies, hoteliers not only gain the ability to simultaneously overcome both threats, but can continue to do so even when hackers inevitably evolve their tactics.


Opening the Door to Leaner, Safer & More Efficient Hotel Operations  Download our free eBook now ›

Cris Davidson's photo

By: Cris Davidson

Cris is VP of Global Key Accounts for ASSA ABLOY Global Solutions, responsible for leading hotel brands based in the Americas. He is recognized for his leadership techniques adaptable to changing markets and unique business environments. Previously, he served as Sr. Director of the Americas for FCS in Malaysia and is also credited with working on several successful entrepreneurial efforts.

Submit you comment

We look forward to your comments/feedback.

New call-to-action