The electronic key card is here to stay, it is not only the guest’s passport to all services, but convenient as security can audit rooms remotely and in an emergency, all room doors can be opened at the push of a button. Understandably hotels are increasingly going digital with smart locks, but how secure are they? How prepared are hotels for digital threats? Donald Gasper talks to lock suppliers and hoteliers.
The proliferation of smart locks in hotels is increasing at tremendous speed. Andre de Jong, vice-president of operations for Southeast Asia and the Pacific at Carlson Rezidor Hotel Group, says, “In employing these technologies, it is important that hotels bolster themselves with the necessary safeguards and security functions.
“These include increasing the level of security encryption as part of their security features. Consistent updates to the level of encryption, up-dates of firmware and anti-virus software must also be well-managed.”
The integration of smart locks to other features and functionalities of hotel operations provide for greater efficiencies with such network solutions. Hotels would need to focus on ensuring that the wireless solution is on a proprietary and secured network where access is limited only to the IT security personnel.
Held to ransom
In one of several such instances, a hotel in Austria was recently the target of hackers. The attack prevented guests from accessing their rooms and prevented the issuance of new key cards, highlighting the potential problems in such systems. The hackers demanded – and got – a ransom.
“With no knowledge other than it was not a Salto locking solution installed, I cannot comment specifically on the Austrian hotel story,” notes David Rees, senior vice-president for Asia and the Pacific at Salto Systems, a provider of security systems to the hospitality industry.
“What I can say is that ‘locking out’ guests and staff from accessing doors is not possible with our systems.” Salto’s wire-free offline solution uses Data on Card, a patented ‘read and write’, “distributed intelligence” system to determine – at the door – whether the access being requested is permitted, explains Rees.
Whether a traditional card, a key fob or a mobile device is being used, no amount of interference at the server level can or will stop access being granted or denied, based on the user’s defined access rights. The same is true of the Salto wireless and wired online access points (locks and readers).
‘Shutting down’ the IP (LAN) network will not have any effect on whether access to a door will be granted or denied to a key holder, as that decision is still made at the door.
Contemporary hotel guest locking solutions, especially those with high-level integrations and promoted as part of a ‘whole property solution’, would have to provide the hotel operators a level of security and reliability that ensures the safety and security of guests and staff at all times, while having a positive impact on the overall guest experience.
Seeking to improve the guest experience is driving hotel operators to look for innovative and creative ways for their staff to better and more effectively interact with guests and taking advantage of technology is an integral part of this equation.
However, being certain the system chosen can deliver tangible benefits and has built-in safeguards to protect against the sort of thing that happened in Austria is equally important in the selection process.
“While many hotels around the world are implementing more new technologies, hacks and security breaches are still happening, especially to those thatmaintain older or out dated products and systems,” says Tommy Leung, managing director of Assa Abloy Hospitality.
He says that to be prepared for digital threats that exist in today’s cyber security world, his firm suggests the following to its partners and customers:
- Maximise security IT – properties should use latest versions of their operating and network systems, as well as maintain adequate firewall protections and up-to-date antivirus software.
- Isolate your systems – system connections should be limited to whatever is required for operation. Hoteliers using a dedicated server for all security systems are at a greater advantage and better prepared for threats.
- Update locking systems – many hacking incidents have happened at hotels with older systems and technologies. Hotels with the most updated software can better maximise operations and leverage the most current security features.
- Upgrade to advanced locking and access technology – hoteliers should consider replacing out dated locks (such as magstripe) and using contactless RFID locks as these are not subject to demagnetisation or common cloning/hacking techniques.
Adds de Jong, “The baseline remains for hotel staff to be vigilant and constantly trained on the proper use of systems, safety and security measures.”
“Timely and consistent reviews of such systems should be made and firmware also well-managed as part of the overall security initiative, Policies and procedures detailing data security, cyber security, emergency planning and response should be reinforced and reviewed regularly as well.”