Hotel_ITSec.pdf - 0 views
-
During the past decade, information technology (IT) has significantly changed the way the hotel industry controls and manages operations. While many technologies have been utilized, some newer technologies have emerged in the literature and in practice, and many of them impact the hotel’s security.
-
Among the results, this study identified a gap between hoteliers’ understanding of IT budget adequacy and the adequacy of installed IT security systems.
-
Advancements in technology are increasing at a remarkable rate. As technology becomes more important, organizations that do not keep up with these advancements could lose business opportunities to other competitors that do
- ...53 more annotations...
-
The four leading technologies which have showed a high adoption rate from the industry and have received attention from academia are: self-service, wireless, green, and security technologies. The advantages of these technologies for hoteliers include enhanced customer services and operational efficiency (Doyle, 2007), decreased guest wait times, more efficient methods to settle bills (Singh & Kasavana, 2005), reduction of energy costs (Meeroff & Scarlatos, 2007), and protection of sensitive customer data and credit card numbers
-
In addition, exploring the influential factors of security system usage will provide greater depth of knowledge with respect to why some hotels have adopted more security systems than others.
-
there is still a lack of understanding of the nature of risk associated with inadequate IT security, especially among operators of hotels that do not have their own IT departments.
-
Self-service technologies are commonly defined as devices or applications which permit users to produce a service independent from the direct involvement of the service provider (Meuter, Ostrom, Roundtree, & Bitner, 2000). The use of self-service technologies in the hotel industry has grown considerably, especially in the areas of self check-in, in-room check-out, and foodservice kiosks
-
IT systems refer to general support systems such as mainframe computer, mid-range computer, and local area network.
-
Some of the most significant wireless technology applications involve the use of mobile handheld devices, such as personal digital assistants (PDA), tablet PCs, and cellular phones, or RFID (radio frequency identification). RFID utilizes computer chips and antennas, allowing the chips to wirelessly communicate with a receiver.
-
While the major usage of RFID in the hotel industry was for inventory control purposes, it also has the potential to be utilized in ways that can provide more conveniences for the guests.
-
Other possible uses include placing RFID tags on items of high value as a means of theft prevention or integrating tags into guest loyalty cards for easy identification
-
IT investment that lowers environmental impact and IT that manages the environmental impact of other systems are commonly referred to as “green technology”
-
Many hoteliers might think becoming more environmentally friendly will cost more for their hotels. However, it has been demonstrated that “going green” is not only the right thing to do for the environment but also provides tangible bottom-line benefits for hotels by reducing consumption of energy and water, as well as other related costs.
-
Some of the risk factors involved include reliability, security, and privacy issues
-
A hotel with more technologies being utilized will install more security systems than those with fewer technologies.
-
Many of these attacks involve attempts by thieves to gain access to customer credit card data, and these attempts constitute a major portion of the risk inherent in IT security
-
if a system is breached and the merchant is not PCI compliant, the merchant then is responsible for all costs associated with improperly used credit card information taken from that system (Kress, 2008). These losses could bankrupt a business if the security breach goes undetected for even a short time.
-
IT security systems are those measures taken to protect the confidentiality and integrity of proprietary data.
-
two main paradigms of adoption are believed to occur: bottom-up adoption and top-down adoption.
-
Thus, it is reasonable to assume that organizational factors (e.g., financial factor, human resource) will influence the implementation stage of security systems at a hotel.
-
A hotel with sufficient IT budget will install more security systems than those with insufficient IT budget.
-
That is, if a hotel does not have its own IT department, it will have a negative influence on successfully installing or maintaining necessary security systems.
-
A hotel with its own IT department will install more security systems than those without.
-
Overall, the state of IT spending on security continues undiminished because managed security services are required for almost every application (Communications News, 2007).
-
risk associated with a breach of IT systems security (e.g., network break-ins) is very high. Consequently, no sector of the business community is exempt from attacks on their IT systems, with an attack being defined as a technique used to exploit a system’s vulnerabilities.
-
Given the importance of security and privacy at a luxury hotel, this study expects luxury properties to have installed more security systems than other segments
-
Most hotel employees use their property management systems for hotel operations and should be able to check their e-mails.
-
To justify the low response rate, previous studies which have compared response rates of mail and e-mail for surveys were reviewed.
-
the large majority of respondent properties do not have their own IT departments. Second, the people making IT decisions generally do not have IT backgrounds or training. Third, the large majority of respondent properties have little more than firewalls or antivirus software to protect their proprietary data, and these systems alone are not adequate to meet PCI standards, as they do not take steps to encrypt and protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test their networks, and maintain an information security policy as required by the Security Standards Council.
-
The respondents were asked to select from a total of fourteen securities related systems
-
The profile of the respondents revealed that they were experienced hoteliers with more than ten years experience in the industry
-
Fifty-three percent of the respondents reported that they were with chain hotels that would be considered mid-range properties with an average of 175 rooms (median of 107). Over 80% of the respondents reported working in operations, while fewer than 4% reported working in either IT or engineering (Table 1).
-
Nearly 70% of the respondents’ properties did not have their own IT department (69.2% did not have, and 30.8% had their own IT departments, n = 234, missing data = 10).
-
Fifty-three percent of them (n = 244) thought the most important goal for hotel technology would be enhancing the customer’s experience.
-
second identified goal was utilizing technology to help generate revenue (41%)
-
differentiate properties from their competition (20%), to lower expenses (16%), and to increase security (6%).
-
Internet kiosks in the lobby represented the most frequently used self-service technology (36.5%, n = 244), followed by kiosks for airline check-in/board pass
-
With respect to security systems currently in use, antivirus security systems represented the most frequently used security system (92.2%), followed by hardware firewalls, software firewalls, physical security, and encrypted login security systems.
-
intrusion detection was the most frequently identified system (15.6%), followed by vulnerability assessment scanning (13.5%), Internet scanning (13.1%), antivirus (11.5%), digital ID server (11.5%), and nonreusable passwords (9.8%; Table 2).
-
Thus, the hypothesis was supported that there was a linear relationship between the three factors and the adequacy of security systems.
-
The positive standardized coefficient (β) of .389 indicates that there was a statistically significant (p < .001) linear relationship between IT usage (the number of wireless, self-service, and green technologies a hotel was using) and the adequacy of security systems
-
The study revealed certain things of interest, the most significant of which is the need for greater emphasis on IT security among hoteliers.
-
only about 30% of all respondents reported having their own IT departments. Since budget hotel properties are extremely unlikely to have an IT department, it is highly likely that the very large majority of IT decisions throughout the industry are being made by hotel operators for whom IT is not their primary area of concern.
-
Furthermore, the focus of hoteliers for future IT implementations is enhancing the guest experience (53%) and generating revenue (41%). Very few respondents (6%) identified increasing security as a 5-year IT goal.
-
While almost all respondents use information systems as part of their jobs, very few are trained in the development, maintenance, and secure use of these systems.
-
no correlation was found between the respondents’ perceived adequacy of their IT budgets and the adequacy of installed security systems, as adequacy of IT budget did not appear as a significant term in the regression analysis.
-
Nearly 10% of respondents do not have so much as anti-virus protection for their systems, and nearly half do not even take simple physical precautions to protect their IT systems.
-
we note that no correlation exists between the respondents’ perceived adequacy of their IT budgets and the number of installed IT security systems, as the number of installed systems was not a significant factor in the regression analysis.
-
The sample obtained in this study represented the targeted sample: over 80% of the respondents were working in hotel operations. Furthermore, the purpose of this study was to explore hotel operators’ insight of technology usage, IT budget, and security measures rather than to confirm existing theories or to generalize the results.
-
it is reasonable to conclude that the respondents did not have an adequate understanding of the nature of the IT security hazards facing them for the average property does not have installed systems adequate to meet PCI standards, yet they reported having adequate budgets.
-
In order to adequately protect proprietary data, one must have an understanding of network security, which is an understanding apart from software functionality.
-
Properties with their own IT departments, however, reported that they had a higher number of installed IS security systems than did those properties without their own IT departments.
-
roperties without their own IT departments, in particular, have a less adequate understanding of their IT security needs than may be necessary.
-
This study found hoteliers’ lack of attention to security provision, training in IT, and PCI compliance can place hoteliers at great risk. For example, the cost of a single incident at a noncompliant property could result in the loss of the entire business.
-
It will be useful to examine the reasons why luxury properties are more likely to employ adequate security measures to determine whether this greater use is attributable to better understanding of security issues or some other factor.
-
The study was limited by the nature of online surveys; the response rate was quite low. Future studies could test the proposed research model via paper-based mail surveys to increase a response rate.
-
This article covers a study performed on various hotels to determine management's level of IT knowledge and security implementations in relation to the hotel's IT security budget. The article discusses four types of technology impacting the hotel industry and how management responses to trending technology can affect a business, particularly in terms of a data breach and overall security. The study finds that an alarming percentage of hotel managers are not adequately informed on the risks and procedures of IT management and security, and many do not have proper IT security measures in place despite having an appropriate budget.
