5 minute read
CYBER SKILLS?
THE CYBER SKILLS GAP IN THE HOTEL SECTOR
by CLAIRE GILLESPIE, DIGITAL SKILLS MANAGER FOR SKILLS DEVELOPEMENT SCOTLAND AND CYBER SCOTLAND PARTNERSHIPS
Advertisement
According to ISC2, the global cyber security workforce skills gap has now exceeded three million, yet a recent survey by DCMS found that almost half (48%) of businesses in the UK are missing some basic technical skills and around 30% missing advanced skills – the hotel industry included.
Fear around cyber security is generally easing as it becomes a topic that people are more comfortable discussing and they understand the wider impact. But when it comes to the workplace, not enough people consider cyber their responsibility. They feel ill equipped from a skills perspective. This lack of basic skills needs to be addressed, particularly for businesses that have added more digital functionality such as reservation systems, EPOS ordering systems, and contactless payments.
At a time when the tourism and hospitality sector is cautiously reopening and survival is top of mind, no one wants to be blindsided by a cyber security-related incident. Yet it is when industries are at their most vulnerable that criminals like to attack. This makes now the perfect time for hotels to review processes – cyber included – to increase business resilience.
Create awareness internally
Being cyber savvy doesn’t necessarily require a formal education or certificate; we all have the potential to protect the businesses we work for from a cyber attack.
It is the role of the senior management to define what that looks like – for example, those in reservations will require different access to computers than those in the kitchen. But everyone has a role to play, and it starts with awareness.
As hotels reopen and new staff come on board, it makes sense to review (and potentially update) induction programmes and staff handbooks to detail what staff should do to prevent or respond to a cyber incident. This is important for everyone, but particularly those with access to the hotel’s IT systems. Guidance should also be updated to consider what staff should do
to protect the reputation of the venue. Being clear on these processes from the outset of employment will lay the groundwork for the future.
Common sense processes
The next consideration is to ensure the processes from the induction are followed. Some of these may seem basic, but highlight how small efforts can protect an organisation.
For example, everyone should ensure a computer or digital device is locked when not in use. Remote working has meant that we often skipped this when stepping away from our laptops as no one could have gained access to systems. However, as traffic and footfall increase, this small step is imperative to protecting sensitive hotel data.
Particularly sensitive data and files should also be subject to password protection. Not only will this mitigate any access management issues, but it will also ensure that the data that is most precious to the business remains in the right hands.
Equip the business
While processes are important, they must be backed by a strong cyber security strategy. But for independent hoteliers, knowing what this should include and how this should look may be difficult. This is where external organisations can help.
As well as your IT team or provider, organisations like Skills Development Scotland, the CyberScotland Partnership and the Scottish Business Resilience Centre can guide and advise, at no cost, on aspects that need to be built into the business. They can provide insight for businesses to shape cyber strategy, offer training workshops, and are a valuable resource should the business fall victim to a breach. Opening attendance of these sessions to a team broader than just IT will help employees with responsibilities understand their role in the cyber resilience of the business .
But it’s not enough just to develop a strategy and attend some training. It’s important to regularly test its effectiveness by conducting regular assessments of risks and vulnerabilities and work to address these once identified. This is something that should involve all areas of the business, so that staff are not only aware of the process, but they take ownership of it – and understand the consequences of a breach.
Hotels are hotbeds for data that cyber criminals want their hands on – from customer names and addresses to their payment information. As well as financial information, it’s very handy for criminals to know who’s away from home.
Given that data from Symantec found that two out of three hotel websites inadvertently leak guest information to third parties, giving unauthorised personnel the power to view, change or cancel bookings, steps must be taken to avoid this. With the rise in online bookings and hotel comparison sites, hotels are responsible for ensuring that the security of their guests’ data is upheld – irrespective of how or where they made their booking.
Be(come) digitally savvy
Another way to close the skills gap is to identify someone in the business who may benefit from upskilling or retraining to take responsibility for cyber.
Programmes like Digital World’s Digital Start Fund exist to upskill individuals from non-technical backgrounds to take on technical roles, such as security. With the belief that there is no right path to a technical career, the fund provides opportunities for people – irrespective of age – to access training to pursue a career in software development and cyber security. Equally, apprenticeships can upskill team members to focus on new areas within the business.
Ultimately, hoteliers needn’t be frightened by cyber security. While there have been plenty of disturbing effects from incidents in recent months, it’s important that businesses and their leaders face the topic head-on. By making small changes, refreshing strategies and increasing training, it will be possible to start to fill the cyber skills gap in the hotel industry.
