Even when hotels have strong security policies and procedures in place, they are still vulnerable to cyber attacks, break-ins, theft, fraud, and other crimes. That’s why it’s vital to take precautionary measures and continually evaluate security programs. “Having robust security in place means a better, safer, guest experience,” says Chad Callaghan, principal of Premises Liability Experts and American Hotel & Lodging Association (AHLA) security consultant. “When department managers and other employees think more about safety and security, you can prevent a lot of theft and minimize dangers.”
Inadequate security has repercussions beyond guests losing belongings to theft. Hotels can be held liable for the criminal acts of third parties. Civil litigation against property owners and managers has become commonplace ever since Garzilli v. Howard Johnson. In this 1976 court case, the jury ruled in favor of singer Connie Francis, who had sued a Howard Johnson in New York for negligent security after being assaulted by an unknown man who entered her room through a sliding glass door. And hotels are still targets of lawsuits because of theft and injury.
Before becoming AHLA’s security consultant, Callaghan spent 35 years with Marriott International. As the vice president of global safety and security for the Americas, Callaghan was responsible for Marriott properties throughout the United States, Latin America, and the Caribbean. During his more than three-decade career, Callaghan has managed everything from the integration of new technologies such as electronic locks and computer surveillance systems to implementing anti-terrorism procedures. Here, Callaghan shares expert tips on guest safety, internal theft, and cybersecurity that can help owners and operators avoid downtime, reputation loss, liability, and lawsuits. To ensure your property is secure and able to face the latest threats, here’s what you need to know:
Guest Safety: Ensuring Return Stays and a Good Reputation
When guests check in, they’re likely more concerned about making a meeting or going sightseeing. Security shouldn’t be on their minds during, or after, their visit. In the summer of 2012, security researcher and software developer Cody Brocious exposed a security flaw in certain Onity door locks and revealed a lock-hacking technique that received widespread exposure in the news. Since then, dozens of guestroom burglaries at hotels in Texas and Arizona have been linked to the hacking technique. Although Onity announced a fix for the security flaw, hotels that have not taken the appropriate steps to mitigate risks posed by this threat are still vulnerable.
With social media and review sites spreading negative sentiment like wildfire, it’s more important than ever to amp up guest security—your reputation and bottom line depends on it. Here’s how:
Locks that can track who goes in and out of rooms can serve as a deterrent to theft. “When employees realize there’s an audit process on door security, it makes rooms less prone to theft,” Callaghan says. Other upgrades include automatic deadbolts, which can better prevent external threats from thieves, or systems that eliminate the need for master keys.
2Make time for safety meetings.
Perhaps as part of a regular meeting, schedule time to talk about guest safety. Part of this time could also be spent watching training videos, such as those produced by Safety Source Productions. These videos, accompanied by handouts, are a low-cost way to share information about guest safety and can train employees about how to spot suspicious behavior.
3Monitor activity with software.
Having closed-circuit television to monitor the property doesn’t matter too much if no one is looking at the monitors. Recent innovations in software have solved that problem. Coupled with software, video cameras can now recognize activity in an area and provide an alert. One example: the system can alert when there is activity in a valet parking area. Other options include using a third party to monitor the exterior of the hotel. Some of these systems have voice command capability, where operators can see and warn off people captured on surveillance.
4Evaluate and improve—quickly.
Darrell Clifton, director of security for the 1,572-room Circus Circus Reno Hotel and Casino in Nevada, conducts weekly reviews of the property and even has checklists for staff to ensure areas, such as stairwells, are clean, safe, and well lit. “We concentrate on our liability,” Clifton says. “If we know of something that’s happened, if someone was robbed or there was an accident, that area is quickly addressed. We can’t ignore it. We do something immediately to protect from another event happening.”
5Meet and greet.
One of the simplest, but most effective, ways of securing a property is to provide excellent customer service. “Engage customers you encounter,” Clifton says. “Ask them about their stay and if there’s anything you can do to help. You don’t have to throw more labor at security. Just make employees a little smarter.” By talking with people on your property, staff can determine if there’s a non-guest who may intend to commit a crime. Employees should also look out for people who don’t fit the profile of the hotel’s typical guest.
Theft and Fraud: Monitoring Employee Activities
It’s a disappointing reality that hoteliers have to contend with employee theft and fraud. But theft and fraud can have a major impact on a property’s bottom line and guest satisfaction. This past year, a number of employee theft stories have made the headlines. In October, an employee at the Renaissance Hotel in Baton Rouge, La., allegedly stole more than $34,000 from hotel safe deposits and altered financial records to cover his tracks. In July, a former employee of a Tallahassee hotel faced charges she stole more than $42,000 from the business by diverting money onto personal credit cards. To prevent such losses, follow these tips:
6Provide a sense of ownership.
When employees have a sense of ownership in a property, security throughout the property will be much tighter. One method to promote such ownership is instituting some form of profit sharing. So, when employees see waste or theft, they’re more likely to stop or report it. “The employees are the eyes and ears of the hotel,” Callaghan says. “At hotels where they’ve had profit sharing, I’ve heard employees say things such as, ‘Hey, don’t do that, that’s my profit sharing.’ ”
7Boost employee empowerment.
Related to ownership, when employees have a sense of empowerment, they’ll be able to solve safety and security problems quickly and often more efficiently. Have an anonymous tip line, where employees can report theft or threats to guest or staff safety. And when an employee sees anything unsafe or unsecure on the property, have a work order system in place that treats these reports with priority.
During the hiring process, conduct drug screening and criminal background checks. Then, once the person is hired, explain that there are controls in place. Employees who know there are monitoring systems will be less likely to commit crimes of opportunity. And while it may be tempting to consolidate duties, reduce headcount, and save payroll, it may cost property managers in the long run. For important processes, such as handling a cash bag, have at least two people sign off. Also, to avoid adding staff, property managers can also turn to external, off-site auditors.
9Add active monitoring to video surveillance.
Most properties have some sort of video surveillance of employee activities around sensitive areas, such as the front desk and cash drawer. But new technology enables another level of monitoring. Software enables hotel owners to match transactions with video surveillance, eliminating the need to watch hours and hours of video to find potential criminal activity. For example, the software can detect when a cash draw is left open and will show that whatever is being passed over a scanner is actually read. “It’s pretty inexpensive and won’t cost an owner much to have those analytics,” Clifton says, adding that such systems could be installed for less than $10,000, depending on the type and number of cameras installed. “Often, when you buy a new video system, the software will be added. Be sure to ask for it, though.”
Cybersecurity: Protecting Electronic Borders
As technology has advanced, so has criminals’ ability to exploit those new technologies. The hotel industry has seen several such examples lately. Russian hackers breached Wyndham Worldwide’s data center in Phoenix three times between 2008 and 2010, accessing more than 600,000 payment card accounts and leading to more than $10.6 million in fraud loss. As a result, in June 2012, the Federal Trade Commission filed a lawsuit alleging that Wyndham failed to implement reasonable data security measures to protect the payment card information of their customers. (Wyndham has filed a motion to dismiss the lawsuit.)
Property owners and managers should reassess cybersecurity about as often as physical security. Here are a few things to look for and consider as you evaluate your cybersecurity:
10Connect IT and security departments.
Don’t keep a wall between the information technology and security departments of your property. “The two departments should work together, because security is [vital to] both their jobs,” Clifton says. “Clearly establish how the two departments work together, and they should know where each other’s responsibilities stop and the other begins.” To foster this relationship, some properties place the two departments under the same manager and same budget. And the two departments should conduct regular security meetings, perhaps as often as once a week.
11Upgrade to VLAN.
A LAN, or local area network, is a network that connects computers. For many businesses that includes a WiFi access point for customers. However, WiFi that’s directly connected to your property’s servers can pose a risk and provide easy access for savvy hackers. One way to add more cybersecurity is to install what’s called a VLAN, or virtual network. Relatively inexpensive, VLANs often don’t require additional hardware. Installing this software can add another layer of security between your servers and potential hackers. Also, a common feature of VLANs is the ability to set up multiple wireless network names, which can have varying levels of security. Computers used for business and staff can have a high level of security, and guest WiFi networks can have a lower, easy-to-access level of security and be separated from the property’s network.
12Beware of social engineering.
Not all cyber threats occur online. Social engineering and physical hacking of hotel computers pose a significant risk. “Employees should have an awareness about the physical security of computers, access control, and passwords,” Clifton says. “Many of the big hacking schemes we hear about start with someone conning a password out of an employee.” Change passwords every three months. Also, employees should monitor the physical access points to a property’s computers and servers. Make regular patrols to look for people who are in staff-only areas of a property.