Data security in hospitality


Security Buyer takes a look at how Covid-19 has impacted the need for more secure data security in the hospitality industry when doors begin to re-open 

Dubai eased COVID-19 restrictions, allowing hotels in the regional tourism hub to operate at full capacity and permitting concerts and sports events where all attendees and participants have been vaccinated. The United Arab Emirates ranks highly globally for COVID-19 testing and vaccination rates. 

Social distancing and compulsory face masks will continue, Dubai’s Supreme Committee of Crisis and Disaster Management said. Dubai has pushed to keep its economy, which relies on international trade and business, open through the pandemic after an initial lockdown.  

With hotels reopening, data security is proving to be more crucial than ever with information regarding travel vaccinations and negative test results added to the personal information of guests. In addition cybercrime over lockdown has risen and strict cybersecurity precautions are recommended. So, what can the hospitality industry do to protect data post Covid? 

The frequency of cyberattacks against business databases can be attributed to the fact that the hospitality industry largely depends on credit cards as a medium of payment. This may increase the chances of a hacker receiving access to sensitive information. Investing in proper data security in hospitality can work to protect not only the consumer but also the business from losing large sums of profit. 

The hospitality industry is one of the largest industries that cater specifically to humans. Hotels, restaurants, and resorts house large databases that contain data regarding business operations as well as consumer information that visit the restaurant or resort. The personal information collected can range from generic data like names and phone numbers to sensitive data like bank account details. 

In addition to this, databases in the hospitality industry also happen to be the most vulnerable to data breaches. It has been seen that the most number of breaches in security has resulted in identity theft and leaks of credit card information. 


The volume of credit cards as a medium of payment increases the chances of a hacker receiving access to sensitive information. Larger businesses contain multiple databases protected by thinly veiled encryption. The vulnerabilities in the data security in hospitality are also witnessed in the following aspect: 

  • Sovereignty over data: The data collected and the people who can access it differ from country to country. In communist countries like China and Russia, governments have access to every industry’s database. However, democratic governments, as seen in the European and North American countries, offer more data privacy in the hospitality industry. 
  • Financial restrictions: This is mostly seen in smaller businesses that are just starting or businesses that have seen a dip in visitors. The low funds will not allow an owner to invest in a capable cybersecurity provider. 
  • Divided ownership: High-profile businesses in this industry can have several owners or franchisors. Each of these individuals will have access to the databases on multiple devices. Therefore, a hacker can easily force their way into the mainframe. 
  • Electronic payment methods: The aforementioned reliance on payment cards can greatly increase the chances of information leaking. However, other virtual methods of payment like online payment and more can create the potential for cyber attacks. 
  • Disposal methods: Most businesses lack the ability to dispose of information that is no longer required properly. This leads to the accumulation of information like credit card data of past consumers and more. 
  • Lack of training: Staff training is restricted to the service aspect of the business. However, training employees to carry out processes in maintaining data security in hospitality like data collection and storage in the right manner is overlooked. 
  • Coercion: There is a chance that the hackers directly approach the employees of the business to release information and thus infiltrate the data security in hospitality. They can manipulate them to give up their loyalty towards the business. 
  • Adherence to law: Given the rise in data breaches, the security measures put in place by lawmakers are especially strict during this time. Therefore, failure to adhere to these laws leads to one paying large fines for putting consumer data at risk. 
  • Insider attacks: A scorned employee can be a potential offender towards the systems that possess data collected as they have a motive to sell sensitive information to competitors or hackers. However, the chance of this occurring is slim. 

Best practices 

As per the multiple threats that have been uncovered above, it is essential to understand how to ensure hotel data security. Therefore, the businesses in the hospitality industry employ the use of the following measures. 

  • Encrypting payment card data: This process can involve the addition of two-factor authentication that will protect the data from being accessible to non-employees. This encryption can prevent identity theft. 
  • Training and educating: Employees will require thorough vetting regarding the importance of proper data storage. This training can also work towards reducing the chances of insider attacks as only a few employees will have access to the databases. 
  • Cyber-security measures: This includes the addition of firewalls, traffic filters, and network monitors to guard against malware present online. 
  • Testing computer systems: The testing process applies to the cyber-security provider. That is to say, businesses are required to carry out several tests to determine if the provider can detect the threat or malware. 
  • Track data: Databases that are stored on various systems require a tracker. Through this tracker, one is capable of determining where the data is present or moving towards. 

According to the AARP, around 1.4 million cases of Identity theft were reported in 2020. Therefore, it has become one of the most common methods of fraud. 

To mitigate this, governments across the world have implemented the privacy act. This privacy act hopes to decrease the number of identity theft cases by regulating the information that is collected by businesses. Therefore, investing in proper data security in hospitality can work to protect not only the consumer but also the business from losing large sums of profit. 

The coronavirus pandemic has resulted in a rise in this type of criminal activity. With millions out of work, new culprits with different skill sets are taking to the business of cyber-crime as a means of survival. And despite a huge drop in business during this time, security systems in the hospitality industry are at their most vulnerable. 

Data sovereignty 

Data sovereignty addresses the rights to storage of company and customer data based on geography. Laws associated with it are in place to secure data and guarantee privacy for populations from foreign threats. Businesses need to consider the specific laws of the country from which their cybersecurity software system originates from when deciding on the best practice measures.  

Financial diligence 

Researching the financial viability of a cyber security provider is another important consideration. Businesses strapped for liquid funds or just starting out may not be able to offer the same level of cyber security and innovation as more established providers. They will often resort to offering more affordable service, but you must consider the old adage, “you get what you pay for.” 

Complex ownership 

Businesses in the hospitality industry usually have complex ownership structures in which franchisors, individual owners or groups of owners work with a management company as their ‘eyes-and-ears’ on the ground. They are a team that works together and takes on separate responsibilities to ensure smooth business operation. As a result, they all use varied computer systems to store data, which inevitably moves frequently across their many systems on a daily basis. 

Electronic Payment Methods 

The hospitality industry is very dependent on credit cards and other forms of paperless electronic payment methods due to the nature of their business. Hotels often require credit card information in order to make a reservation, with final payments mostly being made with the same card that’s already on file. It’s a matter of convenience for both customers and staff. 

This forgone conclusion is music to the ears of cybercriminals, who’s bread-and-butter is infiltrating ‘point-of-sale’ (POS) systems to steal debit and credit card information. And once a single POS within a system has been successfully hacked, there is huge potential for the entire collection of interconnected systems to be compromised. Even worse, these types of attacks can go unnoticed in larger systems for months at a time. 

Disposal processes 

Almost 20% of hospitality companies don’t have any policy in place for storage or disposing of confidential paper documents and nearly a third of them don’t have a regulated protocol for storage and disposal of their customer’s electronic information. 

Staff turnover rates 

Training your staff with proper protocols for gathering and storing personal data safely is a paramount concern for hospitality businesses. Additional training is required to ensure the workforce knows how to identify social engineering attempts and is familiar with a company’s compliance guidelines. The fact that many hospitality industry employees are only seasonal workers or have varying degrees of necessary education is of great concern. Frequent employee transfers are also common in hospitality businesses. Especially at large, corporate chain hotels, where they advertise that option to their staff as a job incentive. 

Maintaining a well-trained staff becomes increasingly difficult when you consider the high turnover rate and frequent staff transfers in hospitality. It only takes one staff member who isn’t familiar with necessary data security protocol to be taken advantage of by a cybercriminal waiting to hack into a company’s system and access sensitive information. 


Data security risk in the hospitality business is far greater than just the negative ramifications to a company’s reputation should a data breach occur. The industry and political regulators have grown more strict in recent years regarding how organisations process and store personal information. The responsibility to protect people’s privacy and financial means of function has grown by leaps and bounds within the last decade. Failure to comply with more stringent regulations comes with grave ramifications capable of putting companies out of business and severely damaging their ability to continue pursuing future hospitality endeavors. There are also hefty fines levied upon those failing to protect their customers, which alone are enough to put many smaller companies out of business. 

Understanding the risks of data security and implementing safety measures for mitigating these risks are necessary steps for all organisations operating in the hospitality industry. But neither guarantees your protection or that of your customers from cyber attacks and data breaches. 

For any hospitality business preparing to implement a cyber security system, there are important factors to consider. Chief among them are geographic screening, financial diligence and IT architecture. 

The top priority for any hotel or hospitality business when it comes to limiting cyber risk is to be meticulous in your selection of a cyber security provider. No matter how comprehensive a cyber security software may be, or what guarantees they offer, the responsibility of protecting customer data in the hospitality industry ultimately ends up at the feet of the hospitality business itself. That’s why choosing the right security software is vital. 

Commentary : Jason Burrows, Regional Sales Director, IDIS 

We should not be surprised if crowd control, managing lines of people and customer service are more sensitive issues than usual.There will be lingering concerns about infection risks, particularly among older and more vulnerable customers, and tourists who are used to lower prices and excellent service abroad are likely to have high expectations. 

As temperatures rise, so does the potential for conflict, and this summer may be particularly stressful. Security systems providers are well-positioned to help with affordable, easily deployed solutions that improve protection, allow more efficient customer service and take pressure off busy front-line staff. 

And these umbrella systems linking video with access control, PA, visitor management, fire, safety, and other core functions are no longer expensive, thanks to simple, off-the-shelf integration. They are easy to install, maintain and extend, and are well within reach for most hospitality businesses. 

Linking video with access control, for example, means that each time a room is entered – whether it be a guest room or a staff-only area – it can be saved as a video event. Integration also allows the use of wireless, touchless locks that not only solve the problem of lost keys, but eases hygiene concerns, as well. And, linking everything seamlessly with back-of-house hotel management software allows for a smoother check-in experience, and faster guest access to services from concierge to cleaning. 

Crucially, in the event of a serious incident, integration makes it easier to remotely lock down rooms or floors within a building. 

Commentary: Magnus Lundegård, Global Product Manager, Axis Communications 

Securing hotels whilst respecting customer privacy is essential to hotel security systems.  

Hotel surveillance can discreetly protect guests and staff, and strike a balance between giving guests peace of mind and observing their privacy. An integrated solution can combine cameras selected and optimised for specific locations (front desks, corridors, lobbies, private areas, self-checkouts etc..) with network door stations and loudspeakers.  

With support from analytics you can automatically deliver smart functions, like baggage tracking and poolside security, without compromising guests’ privacy. Analytics can even support in improving service levels throughout your hotel, by queue management and staff allocation letting you take action to avoid the kinds of security incidents that can damage your reputation. You can also monitor waiting times, tidiness and service standards, letting you make informed changes that support your brand and keep customers coming back. 

Most hotels have to also maintain restaurant or bar areas. Optimising your surveillance network for restaurant environments also helps to keep your guests feeling safe. You can choose cameras that deliver high-quality footage in low light – perfect for softly-lit restaurants – to spot theft and fraud at points of sale, and to support hygiene and cooking processes in kitchens. Add network loudspeakers to enable communication with staff and guests, and access control solutions to prevent unauthorised entry and to simplify goods deliveries. Intelligent analytics can enhance security – it provides real-time dynamic masking, for video surveillance that respects your guests’ privacy. 


To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio

Tel: +44 (0) 1622 823 922

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on print



Big interview – Grant Lecky

Grant Lecky, Co-Founder, Security Partners’ Forum, discusses advancing diversity, inclusivity and convergence in the security industry Security Buyer catches up exclusively with Grant Lecky, Co-Founder


Product Spotlight – EVVA

Maximum flexibility with a mechanical locking system – EVVA makes this possible with the new Akura 44 mechanical access system Development and planning was completed


Who’s Who – Zenitel

With nearly 120 years of experience, Zenitel identifies why their broadcast systems, with the ability to integrate with other devices, are market-leading solutions  Zenitel is a major global player


Who’s Who – LILIN

LILIN explores how their company ethos of creativity, progress and excellence helps establish themselves as innovators in the CCTV and video analytics market  Established in


Who’s Who – Johnson Controls

Johnson Controls explores how the integration of access control and video solutions with products and systems offerings places them at the forefront of the market 


Who’s Who – Identiv

Identiv discusses how securing the physical world with digital innovations is the next solution for innovative, seamless authentication in the security market  It is no


Who’s Who – Hanwha Techwin Europe

Hanwha Techwin Europe, subsidiary of Hanwha Corporation, describes how its investment in AI technology and cyber security places them front and centre in the industry


Who’s Who – Astrophysics

Astrophysics explores how their innovative x-ray technology and machinery is the ideal solution for protecting infrastructure, transportation, people and assets  Astrophysics is more than an