Why Hospitality Leaders Should Reevaluate Their Information Security Policies to Regain Consumer Trust

It’s critical that hotels and hospitality businesses reevaluate their information security protocols in order to keep up consumer loyalty and trust, and ultimately stand out in a crowded industry.
By Ann Nickolas, SVP Stericycle, provider of Shred-it services

The number of data breaches in the hospitality industry has grown immensely over the last few years, yet according to a new report, more than a third (36%) of hospitality business owners believe data breaches are no big deal and are blown out of proportion.

This statistic is surprising, particularly given nearly a third (31%) of hospitality businesses also believe their customers will stop doing business with them if their organization were to suffer a data breach. Furthermore, 86% of consumers disagree with hospitality businesses around the importance of data breaches, believing that they are, in fact a big deal.

This disconnect between hospitality companies and consumers should serve as a wake-up call, demonstrating a need for greater information security policies, and a new attitude toward information security, particularly data breaches. Hotel guests may walk in with everything from passports to confidential work documents in hand and hotels house an array of personal information such as credit card numbers, phone numbers, email addresses and more.

With critical information security to protect on the premises, it’s critical that hotels and hospitality businesses reevaluate their information security protocols in order to keep up consumer loyalty and trust, and ultimately stand out in a crowded industry. Here are three things hospitality organizations can do:

Update Current Information Security Policies

 Nearly one in three (31%) hospitality companies said they do not have a policy in place for storing and disposing of confidential information on end-of-life electronic devices, and 19% don’t have a policy for storing or disposing of confidential paper documents. It’s an alarming number given the sensitive information that passes through hotels every day. If this information is not guarded with policies, those documents and devices could sit in unlocked cabinets or storage units for years, increasing the chances that they fall into the wrong hands.

With nearly a quarter (23%) of consumers reporting they would take their business elsewhere following a data breach, hotels and hospitality companies must consider the larger ramifications to their bottom line if a data breach were to occur at their organization, and work to update their information security policies to better protect guests.

Aside from a loss of trust from consumers, hotels and hospitality companies must also acknowledge the legal responsibility they bear when collecting guests’ financial data such as credit card numbers. Hotels and hospitality companies must stay compliant with laws such as GDPR (the General Data Protection Regulation) implemented by the EU, but applicable to any company who serves clientele from a European country, and the Gramm-Leach-Bliley Act. Consistently updating policies to reflect changing laws is a must for hospitality companies.

Create Revamped Employee Training Plans

More than two in five (41%) hospitality businesses say they believe it’s likely their organization will experience a data breach in the next five years, and 44% believe the source of that breach will be human error or accidental loss by an employee or insider. That in mind, there’s no question employee training is essential for preventing data breaches.

However, nearly a fifth (18%) of hospitality companies only train their employees once during their employment on how to identify common cyber-attack tactics such as phishing, ransomware or other malware (malicious software), and 25% say they provide no training at all. This is particularly concerning as phishing attacks are considered a top cause of data breaches.

By implementing streamlined information security training processes for all employees, from maintenance staff to management, and continually providing updated education and reminders around information security policies, hotels and hospitality companies can make their employees their first line of defense against a data breach, rather than a potential cause of one.

Regain Consumer Trust

More than half of Americans (60%) believe that their personal data and information is less safe and secure than it was 10 years ago, which may be why nearly all (93%) hotel owners feel like they need to do more to show employees and consumers how they are protecting personal information. While we’ve discussed internal policy and training process changes hotels and hospitality companies, there should also be policies put into place that create external-facing change to promote consumer trust.

For example, ensuring every room has lockable cabinets or a working safe where guests can set their own password and store sensitive information is important in creating a renewed feeling of security as soon as guests enter their room. Additionally, creating an organized front desk area by implementing a clean desk policy, requiring all employees to consistently have a desk clear of paperwork and sensitive items, shows guests the hotel is organized and prepared, providing a heightened sense of trust from the moment a guest checks in.

Through the combination of updating internal information security policies, creating streamlined training processes for all employees and implementing information security efforts that are noticeable to guests, hotels and hospitality companies can take back consumer trust and thrive in a competitive market.

Ann Nickolas is SVP at Stericycle, the provider of Shred-it information security solutions, where she oversees new business development and account management for customers in the commercial, health care and government verticals. Nickolas helps businesses secure their confidential information with products, services, policies and training that help protect them from the risks, fines, penalties and loss of revenue that come with an information breach.


Are you an industry thought leader with a point of view on hotel technology that you would like to share with our readers? If so, we invite you to review our editorial guidelines and submit your article for publishing consideration.