To keep their guests, employees, and properties secure, hoteliers today must consider both physical and digital environments. The latter has a growing footprint in hotels, which are increasingly adopting internet of things (IoT) and connected devices and must now protect these various endpoints across a vast network to ensure the security of lodging facilities and those staying and working within them. LODGING asked James Martin, global connectivity product manager for Eaton, a power management company, about what hoteliers should know to keep equipment secure against infiltrations.
Martin says that an oft-overlooked vulnerability in hotels is the property’s connected infrastructure. “It’s most common for hotel IT staff to focus on traditional IT equipment such as PCs/laptops, servers, and on-premise storage when planning their cybersecurity strategies. Yet as more types of infrastructure become connected, such as HVAC systems, we’re seeing these systems become targets for cyberattacks.”
2Protect critical systems.
“A potentially overlooked area that has seen considerable advancement in interconnectivity and, therefore, a need for greater cybersecurity measures is backup power equipment—specifically, uninterruptible power systems,” Martin explains. “These products, which back up critical IT systems and provide a bridge to generator power in the event of an outage, are becoming increasingly connected to allow for remote management and monitoring. However, at the same time, this can increase the potential risk for cybersecurity attacks.”
3Validate product security.
Martin says that hoteliers should not take manufacturer’s claims about a product’s security at face value. “When purchasing products, it’s critical to look for third-party certifications that validate these claims,” Martin explains. “Certain UPSs, for example, now carry certifications from industry organizations like UL and IEC that the products have been tested for vulnerabilities and designed with the right cybersecurity protocols in mind.” For instance, Eaton’s Cybersecurity Center of Excellence independently reviews all of its products, and its UPS network cards carry UL 2900-1 and IEC 62443-4-2 cybersecurity certifications, Martin describes.
4Integrate to enhance security.
Martin says that integrating backup power equipment with power management software allows managers to make timely firmware installation and updates to stay ahead of evolving cybersecurity threats. “As new vulnerabilities are identified, they can then work with their technology service providers to embed necessary patches or solutions.” Ultimately, Martin adds, “Hotels should work with their IT solution provider to create a holistic, end-to-end cybersecurity strategy that examines all aspects of their infrastructure—from power management equipment to HVAC—and takes the necessary steps protect against vulnerabilities wherever they exist.”
5Remember physical security.
In addition to cybersecurity, Martin notes that it’s worth reviewing how that infrastructure is physically protected. “New and more sophisticated physical security products are being introduced on the market, such as smart security locks on IT racks, that can help ensure only authorized personnel have access to IT equipment,” he adds.