When an inspector calls - how secure is your operation?

What do you think of when you hear the word security? Perhaps your mind switches immediately to CCTV, or perhaps your word association is cyber? In fact, ‘security’ impacts an endless number of daily commercial practices and is or should be intrinsically linked to your risk assessment practices. We asked Deborah Heather, Director of Quality in Tourism, for her advice.

If you try to put together a checklist of all the up-to-date security practices a hotel should have a handle on, it quickly becomes evident that this is a much-overlooked arena, despite a need to make it an essential business practice. True, some security is a second-nature part of the day to day, like keeping an eye on the roving CCTV cameras, but what about the ones that have no screen to keep you on track or which don’t have a financial incentive in the way that CCTV provides security for stock or cash? 

Building security, guest security, staff security, data security, cyber security; the list is somewhat endless. It covers the physical space, the operations, the guest experience and the staff welfare, not to mention the more recent and pressing issue of the ‘virtual’ cyber space too. Then of course, safeguarding and security is also impacted by demographic; children and young people need different safeguards to adults, and how for example do you appropriately differentiate policy for individuals with disabilities or the lone female traveller?

So what should you be considering for improvement?

Aside from the obvious like CCTV and security teams, who discourage bad behaviours, good cyber policies and data protection, there are lots of things hotels can do to improve the feeling of safety and security. In the last few years, we’ve had numerous incidences raised with us that make us question the security policies of hotels across the board; for example being able to leave luggage with the concierge or left luggage room, without checking ID or room number, and having a few well-lit ‘safe’ car parking spaces, leaving the rest in semi-darkness. These among others had us concerned and so we wanted to see how prevalent lapses of security are, and to of course quantify the results. 

Cue a mystery shopping project to test security. About 18 months ago, a team of Quality in Tourism assessors ran a mystery shopping project in the centre of London looking at security in Hotels. Initially, we focussed on the big-name outlets, famous around the world, and found, unsurprisingly, that there were very few if any lapses in their front-of-house security, mostly driven by the fact that they are so focussed on customer service. All of the ones investigated initially were high profile brands, and all had excellent security processes with great management buy-in, probably because they a) attract so much media attention and b) attract a discerning clientele with high expectations. The only lapses we found at all came in relation to high-profile events, where we were able to walk into conference and meeting rooms with very few checks, simply thanks to a smile, a confident step and some vague knowledge of the event.

Next, we focussed on 4 star/group type hotels, and visited 20 properties. The brief was to see how much access the assessor could gain without breaking the law, and how often and when they were approached or challenged. They were also primed with details of a fictional event at the hotel to talk about, should they be stopped or questioned. It was, quite frankly, very easy to walk into a property unchallenged; in fact of the 20 properties we visited, at 100% my team went unchallenged when entering the lobby, and they also went unchallenged 40% of the time when entering through the M&E entrance. At best this is a significant customer service lapse – why weren’t they greeted and offered help – and at worst this is a significant security lapse as the teams had no idea who or how many people are in the property at any one time. What’s worse, the trend did not diminish over time, and there was little correlation between time spent in the venue and number of approaches. In one property, an assessor sat in the meetings and events lounge for 50 minutes without being approached, before she decided to move on.

Having delved further into the question of security and reviewed our assessor experiences at the hotel, the internal risks cannot be understated either. Open, non-password WiFi carries risk to the guess and the hotel, leaving the entire network open to ransomware, malware and viruses, while poor quality storage practices for card details leave room for fraud and credit card misuse. Data security was mixed, as were computer practices with even the basics like antivirus and security patches. All pose a major threat to hotels and businesses, and yet there was often a quite laissez-faire attitude to the procedures.

By far the biggest threat could be our people, in these days of difficult recruitment how can we ensure we have honest and engaged staff that can still be enabled and trusted? With access day in day out, to cash, personal belongings, data and credit card information, never mind the potential to steal from the business. An amazing residential sports venue I recently visited has a new “cashless” policy, it makes sense from the point of view of a golfer or swimmer using cards or room keys for all payments, practically, easier to cash up / reconcile, less temptation for team members, and as long as you have robust approaches to cyber-crime, why not? However, we are still as an industry not embracing some of the simplest of obligations and legislation and instructing our teams properly or adapting our processes accordingly. Recently on booking a meeting room, I was asked by the team at the property to complete a form with my credit card details, address and signature on it. When I replied that I wouldn’t and they needed to be PCI compliant, I was told it was “their policy”. They were a franchise of a huge international brand, and when escalating my complaint to their parent company was told exactly the same thing – that it was their policy. That’s not legislatively compliant on a credit card front, so then what hope if there for GDPR of my data?

Adaptations to the individual

Speaking from personal experience, I am that lone female traveller every single week for an average of three nights away from home. In that time, my experience has ranged from hotels with no policy, through to hotels with ill-thought-out and downright patronising policies, through to one or two shining examples hidden away here and there. Aside from whether the safeguards are appropriate and extensive,  there are two major issues that I encounter; the first confuses gender with common sense, incorporating ‘safeguards’ for women travelling alone, which should just be standard practice for all guests; and the second is that the policies work ‘on request’ and not as standard. In my opinion, it is a hotel’s responsibility to instigate their policy at all times, and the art form is in instigating that policy without me, as the guest, being consciously aware.

Gender versus common sense:

Don’t confuse common sense practices with gender-specific needs. Things like not announcing room numbers at reception or in a bar/restaurant should be a given, as should double security locks on doors, and window constraints on ground floor rooms. They’re all just good practice and I don’t want them because I am a woman, I want them because the hotel is committed to keeping all guests, and their belongings, safe. What I then want as a woman travelling alone is some consideration for non-standard practices; like perhaps considering female-only floors, or ensuring rooms have a single point of entry / exit. I often get put into adjoining rooms and although I try the door and the lock, I find it disconcerting to be able to hear another person’s nightly rituals, when it isn’t my husband or children. I find it more disturbing than unsafe and perhaps even male travellers find it the same.

Hopping back to my earlier reference to our investigation and we also asked the assessors to consider what should be good security policy in all hotels. 21% of the hotels didn’t have secondary locks on the bedroom doors, 32% had unrestricted access to the bedroom floors from reception, and 11% had direct access to bedroom floors from carparks and external, unmanned entrances. How is that secure for any guest and their property? Overall although a small survey to understand risk, the visits were at some of the most well-known brands in the country and the issues were fairly universal.

Making it ‘on request’

Why on earth would you make security an option? Whether it is as a female travelling alone, or any other guest, why would you consider and devise safety features and then make them an optional choice? One such policy at Premier Suites Europe offers additional safeguards to women on their own including walking you to your room and not putting single women next to fire exits or at the end of the corridor. Great additions, but only if I ask for them? That’s crazy. Surely it should just be a mainstay of your staff training, and a policy to let the guest choose, rather than getting them to request it in the first place?

In summary

How can you summarise such a massive topic, without creating a checklist. That’s a hard one, but my parting comment is going to be this. Is it time to review your property and practices with fresh eyes and to work at each step to review, challenge and review your practices? Whether it is the physical, like lighting in the car park or secondary locks on the doors, or the virtual like data storage and regulatory compliance, how can you improve and enhance the safety of your property, your guests and their belongings. Plus, one final point; don’t forget your team and your employees too. Have you done an assessment of the risks in their jobs, and identified how and where you can support their safety and training to reduce risk. What happens if they get a violent patron in the bar, or a fight breaks out on the street, what then? Do they know how to react?

Quality in Tourism assess hundreds of accommodation providers globally. To find out more about their assessments, gradings and mystery shopping services, visit www.qualityintourism.com.


previous next