Chris Hickingbottom | VP of Engineering, OpenKey
People are traveling more than ever before – and there is no sign the trend will be slowing down. With convenient air travel, an abundance of highways, and a robust hospitality and tourism industry, it’s no surprise travel is on the rise! And, with greater travel comes significant revenue opportunities for businesses worldwide.
Technology innovations aimed at improving guest experiences have come a substantial way. Unfortunately, with these advancements have come new cybersecurity risks and dangers to hospitality organizations and hotels. In this post, we take a closer look at these new technologies, their accompanied threats, and the security countermeasures that are being implemented to mitigate them.
New technologies and their impact
Technology is changing the way individual guests enjoy their hotels, with some of the greatest innovation happening inside the hotel room itself.
One example is the introduction of virtual assistants like Alexa in hotel rooms. These “virtual concierges” not only answer guest questions and play music and movies (just like the Alexa you have at home) but can also act on hotel-specific requests —like a human concierge or front desk representative.
Looking for a new set of towels, a toothbrush, or a cup of coffee? Ask your in-room virtual assistant, and they’ll be delivered to you a few minutes later — by a human of course.
Another hotel innovation is the use of biometrics for guest access into their rooms instead of the standard room keys. First, you register your fingerprint at the front desk, and after that, your finger print lets you enter your room.
You may not be totally comfortable giving your fingerprint to your hotel (understandable!), but how about a new technology that doesn’t require your most personal biometric data or a physical key? The technology is here with mobile keys, like those offered by OpenKey. Mobile keys enable guests to easily register their room and unlock their door through their smart phone. As a guest, you can check in with your phone, use the same phone as your key, and skip the long lines common during peak check-in times. Plus, you can control when you check in and receive earlier access to hotel rooms.
The ability to go straight to your room is often a welcome relief for tired guests after a long travel day. The time saved can be used for rest or, better yet, exploring and enjoying the hotel’s amenities or your greater destination’s local attractions. In addition, this technology lightens the load of hotel staff who feel the pressure when a horde of guests arrive at the same time. With less stress comes better service to each guest that walks up to the reception area.
While the convenience of new technologies like digital assistants and mobile keys is undeniable, the security risks associated with these changes to the guest’s interactions with their hotel needs to be closely considered.
Security and new threats
From a security perspective, what’s most worrisome is the amount of information collected and stored by Internet of Things (IoT) devices, like these virtual assistants and the mobile keys solution. After all, personal data has always been a prized target of cybercriminals. The 2018 Trustwave Global Security Report listed the hospitality industry as one of the top five industries subjected to network breaches each year. The more technology added to help guests also means the industry needs to think harder about how they store and protect their guests’ data. If a hacker compromises the technology or infrastructure environment where guest data resides, guests could have their personal data compromised.
For developers like OpenKey, striking the balance between usability and security for their apps and software is critical. That means using an approach that guests are familiar with, such as two-step verification on the front-end, while implementing security best practices behind the scenes to protect its cloud-hosted environment.
When OpenKey chose Armor as its cybersecurity vendor, it was essential to have a cybersecurity service provider that could provide the monitoring and protection needed at a reasonable growth cost projection. Backed by high-performance infrastructure, built-in security controls, and a 24/7/365 security operations center, Armor provides the mobile key developer top-level protection for its most sensitive data – protecting its hotelier clientele and guests alike.
Future of technology and how to secure them
When we look at these new technology solutions, we can’t help but ask: Where should security responsibilities lie? Should it be on the developer? The guest? The hotel?
Consumers, who are most likely to be victims, have their share of responsibilities. Posting on social media about how fun a vacation is could notify attackers that your valuables are sitting at home unprotected. And sharing photos of tickets on social media provides a great danger, not just from the personal information printed on them, but also from the barcodes and QR codes which often contain significantly more personal information than is printed in text on the ticket. Crooks can easily create fake replicas, affix the codes to make them ‘authentic’, and then impersonate the owner.
Hotels face a much greater responsibility though. While consumers are the ultimate victims, it’s the hotel’s IT infrastructure that’s usually the target. Unfortunately, most hotels do not have a dedicated on-site cybersecurity staff (or even IT staff for that matter). Nevertheless, it’s their responsibility to secure whatever technologies they provide to their guests – ensuring servers are hardened, applications are patched, devices are updated, strong password policies are enforced, and so on.
What about developers? It is their responsibility to strive to rid their products of vulnerabilities. This responsibility starts from day one. For example, OpenKey strategically partnered with Armor to develop a security-first mindset and integrate secure processes into every part of their development lifecycle. This helps minimize the risk of their software having exploitable vulnerabilities.
But with developers, their responsibility continues long after the application is deployed. They should provide patches for known vulnerabilities as well as add more functionality that strengthens the security of their products, like updating their application to include features like Touch ID.
For the hospitality industry to succeed in securing these new apps and devices, all stakeholders – technology developers, hoteliers, and guests – must do their part. With the right, knowledgeable cybersecurity provider, developers and hospitality organizations can rest assured their data is safe and guests will be at ease.
To learn more about how Armor works with OpenKey to secure their software, download the case study.