The time has finally come! You are looking forward to a few relaxing days in the hotel. It is not the first time you have been there, but this time everything is different.

When you check in, you notice a lot of hustle and bustle at reception. The key cards can no longer be programmed and no one knows how to get you into your hotel room. The receptionist can't access your booking details either and asks for permission to copy your ID cards, even though you gave the necessary booking details when you booked online. You are asked to order a drink at the bar (on the house).

What happened? Your hotel has probably just been hacked. Or rather, the actual hacking happened quite a while ago, but now a cybercriminal has launched a so-called "ransomware" attack: all the hotel data has been encrypted, the entire booking system has been brought to a standstill, and the hotel has been completely blocked. Unfortunately, this has happened much more often than you think! Swiss hotels are popular targets for hackers, on the one hand because they know that booking and guest data is often poorly protected, and on the other hand because the typical Swiss hotel guest is also a financially attractive target. But which hotel wants to be responsible for its guests having mysterious charges on their credit cards?

Cyber attacks are an everyday risk for hotels today. But many still struggle with the issue of IT security. The topic is complex, laborious and not a hotelier's core area. And how does a cyber attack actually work? What many people don't know is that an attack often begins with a simple, often confidential-looking email to a hotel employee. The email contains a link or attachment and is packaged in such a way that the recipient clicks on it. And that's where the disaster begins, the cyber criminals can penetrate the hotel network step by step and encrypt data - until nothing works anymore.

What do hotels need to consider to protect themselves against hackers?

Training of employees

Hotel employees are the first line of defense. Most cyber attacks start with a phishing email or by clicking on a link in one of these emails. All reception employees should know when to be cautious. Regular training helps to recognize cyber attacks and respond to them correctly.

Regular software updates and a good firewall

The software should always be up to date in order to close at least the most important security gaps and the IT network should be protected from unwanted access and attacks with an up-to-date firewall.

Data protection

Hotels are required by data protection law to ensure that all personal guest data is stored securely and protected from unauthorized access. The best way to do this is with two-factor authentication in a secure cloud. It is also advisable to ensure that hotel employees have role-based access to only the data they really need.

Secure communication channels

Communication with guests and data exchange should be professional and take place via secure channels. The WiFi in the building should also be well secured and only authorized persons should have access.

Backup

A good backup is extremely important so that a hotel can access the most current backup data possible in an emergency.

Competent IT partner

An IT partner who can demonstrate why they have IT security under control must be the first choice. A study of SMEs by gfs-Zürich recently reported that there is a certain suspicion that IT service providers are perceived by definition as competent in the area of cyber security, without this competence being verified. My personal experience is that many IT partners unfortunately have too little control over the topic.

Emergency plan

Every hotel needs an emergency plan. Does the staff know what to do in an emergency and who to contact? IT security is a complex issue that should not be taken lightly. But with the right measures, hotels can effectively protect themselves and their guests from cyber attacks. It is time for the hotel industry to take their IT security seriously and take the necessary steps to create a safe environment for their guests. So that their guests will continue to enjoy booking a stay with them.

Are you a hotelier and want to ensure that your IT is set up in such a way that cyber criminals don't have an easy time of it? Book your free and non-binding consultation: