One month ago the hospitality industry was thrust into the spotlight—and rightfully so—as a decision was reached in the Erin Andrews case.
By now I am sure you have all heard the details of the case, but to quickly recap: in 2008, Michael David Barrett recorded Andrews while she was nude by reversing the peephole of her hotel guestroom at the Nashville Marriott at Vanderbilt University. Barrett used the hotel’s phone system to learn Andrews’ room number and request the room adjacent to it.
As hoteliers, we are with our guests at their most intimate moments. They trust us to protect their privacy and safety during their stay. The lessons learned from this case need to remain prevalent in our minds and be communicated effectively to our guests so we can retain their trust.
Basic hotel security procedures extend outside of what was called into question in the Andrews case, so I have put together eight tips that can help you ensure your guests have the best and most secure experience possible.
1. Peephole covers
Peepholes on guestroom doors are meant to make our guests feel safer during their stay but could now be a source of concern.
A quick and extremely inexpensive fix to put our guests at ease is to install peephole covers. This way, our guests don’t have to second guess whether someone has reversed the peephole because it remains covered when not in use.
2. House phones
When a guest needs to make a call within your hotel, your team should be taught to instruct the guest to a house phone from where they will be connected.
Ensure that these house phones do not have LCD screens that contain confidential information. In a taped deposition, Barrett admitted he obtained Andrews’ room information from an internal house phone that had one of these LCD screens.
3. Be aware of who is looking over your shoulder
While it is standard practice to have house phones without LCD screens, our teams must be taught to be wary of who is watching when they are using an internal phone. Having a phone system that displays guest information allows us to operate more effectively through the creation of a better guest experience by customizing phone greetings and truly tailoring guest interactions to create a unique stay. Our internal phones should never be visible to guests.
4. It’s OK to ask questions
Once Barrett gained knowledge of Andrews’ room number, he used the information to request the room right next door to hers. Specific guest requests are an everyday occurrence in our industry and honoring them helps us maintain loyalty and build relationships with our guests.
When a guest is requesting a specific room, for example, our teams should know that they can ask gentle questions to help gain a better understanding as to why the guest likes that room. Is the room close to an elevator or does it have a great view? These kinds of questions can be asked without coming off as abrasive, because our team is trying to ensure they properly understand the guest’s needs and can react accordingly.
Cyber threats, data protection and PCI compliance
Now that we’ve covered some basic review items pursuant to the Andrews case, here are some more general thoughts on security for our hotels.
5. Mobile apps
Keeping up with technology changes should remain a priority in our industry. Mobile apps used to book rooms, store loyalty information and replace room keys have been making waves over the past few years, but are the proper security parameters being put into place?
These apps request information from security-critical areas and can potentially create vulnerabilities. If you are using a third-party developer to create your hotel’s app, the developer may ask for you to open your firewall so the app can gain access to the hotel’s otherwise secure server. In this case, the app isn’t necessarily the problem, it is the chink in your defense you created by opening your firewall. Most of us do not have computer science backgrounds and this kind of security testing can get expensive, but it is necessary to help us catch up with the evolving technology of the world.
6. Internal data security
While most of the securities set up on our internal servers are top-notch, we have to remember where else information is stored. Does your team work off laptops or tablets that can remotely connect to your server or just contain important information?
General security procedures such as updating passwords on these devices quarterly may seem basic but can help mitigate potential security threats. If your team has cell phones that are connected to their company email accounts, are you requiring that these devices have the proper security protocols in place as well? We sometimes forget how much information is shared via email and that our mobile devices are the perfect target for a cyber threat looking to gain access to that data.
7. Updating cyber security
Keep up to date with the payment card industry data security standard. Performing a routine PCI compliance audit can help you identify any potential weaknesses in the way you store credit card information. Whether that means never leaving a sales folder with guest information on your desk or completely redoing the way you handle credit card authorization forms, these are the standards that you and your teams should be following at all times. Best practices are some of the best ways to ensure the security of information and reduce liabilities.
8. Treat user info carefully
Personally identifiable information encompasses much of the data we keep on our guests. Even user names and passwords can help hackers as it has been proven that guests often use the same passwords for other uses, including bank accounts.
This information is often un-encrypted and hence vulnerable. And PCI compliance alone might not protect us completely. According to Marion Roger, VP of privacy and data protection practice at Hospitality eResources, we need to consider hiring a PCI forensic investigator. I would prefer to avoid these people who don’t work for us since they are looking to find fault with our operations, not advise us on how to avoid problems. However, cyber security is becoming a college course as well as a much-needed deterrent in our security arsenal.
Conclusion
While the Erin Andrews case brought hotel security to the forefront of the public’s eye, it is really a subject that we need to constantly revisit within our industry. As we push to keep up with the evolving technology world and compete for our share of the market, we also need to ensure we are doing it the right way by properly testing security features. Some of our industry best practices may need to be revisited to ensure that the safety of our guests remains intact as the threats around us become more sophisticated. While some of these solutions will require an unforeseen expense, it’s better to spend on prevention than on cleanup after a data or security breach.
One of the best pieces of advice I can offer in regards to security is to not paint a target on yourself. We are currently designing a new hotel and are right in the midst of picking our security camera locations for the hotel as well as the camera quality. We have found that closed-circuit television, also known as video surveillance, is very helpful both as a deterrent and as evidence to assist law enforcement in the recovery of stolen goods and apprehension of thieves. These basic securities are enough to keep the average threat away as they are in your personal lives. You don’t leave your home without locking the door and our hotels are much more vulnerable than our homes.
Robert A. Rauch is CEO of the hotel management and consulting firm RAR Hospitality. Rauch is an internationally acclaimed hotelier with more than 40 years of industry experience. RAR Hospitality has four independent hotels in its portfolio with an additional property under development.
The opinions expressed in this column do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Columnists published on this site are given the freedom to express views that may be controversial, but our goal is to provoke thought and constructive discussion within our reader community. Please feel free to comment or contact an editor with any questions or concerns.