Protecting hotels has never been an easy task. As somebody who has spent many years securing 4 and 5-star hotel venues I can testify to the difficulties involved in balancing service and security. With the recent increased threat levels faced by crowded spaces and the rise in cyber and information crime issues hotels the risk profile of upmarket hotels has certainly risen in recent times. In this article I want to take a look at these risks and discuss how we balance target hardening a hotel whilst maintaining the service with a smile concept.
The role of hotel security is not as straightforward as it seems at first glance. The role has changed dramatically over the past 20 years. Hotels over the years have predominantly employed an in-house security service or at least an in-house security manager with a contract security team. Modern hotels seek to operate at the most cost effective profit margin and the following recession this changed dramatically to a mainly contracted security service with the role of the Security Manager merged with Operations or Facilities management. While this certainly had merit at the time from a cost saving point of view it also had a down side in the restricted duties that an external security provider can provide. Third party providers while cheaper, have a defined set of duties that usually extend to dealing with issues such as door supervision and dealing with conflict. Unfortunately this leaves a large gap in the current risk profile for a hotel in areas such as internal theft and fraud, cyber security, data protection and major event security. While these tasks or part of them may now fall into the remit of the operations, facilities, event or revenue teams they lack the specialist skill set of a security operative
With hotel operations getting busier it is only a matter of time before large hotel chains begin looking at the issue of security and risk management again. As I see it there are three possible routes that hotels may take in order to harden their security profile.
- Return to the old model of directly employed security managers or teams where the risk level dictates that this is required. The model may be old but the profile of the person tasked with carrying out the role must be up to date and meet all of the needs of a modern hotel operation.
- The use of security partnership with a trusted security supplier. In this scenario, the hotel would perform a due diligence process and select a security provider capable of supplying the level of service that is required. The hotel then supply the provider with a role specification that meets all the behavioural and technical competencies that they require for the role including the IT and system specific knowledge required. The security provider then trains and equips a team to meet the hotels specification within the hours provided for in the contract.
- The use of external consultants and third party providers. This approach involves the engagement of specialist security and risk consultants to manage the more technical aspects of the security management role on an ad hoc basis and liaise with security providers for the more basic tasks and major events. A security consultant can provide audits, staff training, risk management plans, role descriptions and event security management as the hotel requires and manage the third-party provider for the hotel.
These options have pros and cons to them but they have potential to harden certain aspects of the soft hotel target that meet the evolving needs of the hospitality sector.
The service issue
Most hotels who employ a security service typically employ them at night and for busy events during the day. The security company who receives the request for staffing will see that it’s a night time role and that there is a bar involved and will send a door supervisor to fulfil the role. In theory that is the correct approach but the role of a hotel security operative differs greatly from a door supervisor in a bar or a club. I was training a person recently who was door supervisor in a hotel and he made a comment to me which illustrates this point. We were talking about customer service and he told me that while we worked in a hotel it was only a 3 star so he didn’t have to be very nice to the customers. This is a mistake that I think goes throughout the security industry. Security operatives base their level of customer service on how prestigious they feel the client and their customers are. Regardless of whether it’s a 2,3 or 4-star venue every hotel wants to generate a 5-star customer service ethos for its guests. This should be reflected in all parts of the security service right from the uniform (a full suit should always be worn in a hotel), the equipment and the attitude. In fact, I think that all security staff in a hotel should undergo the hotels own customer service programme regardless of whether they are in house or a contracted service.
The security operative in a hotel can be an asset in guest relations if the role is performed correctly. They provide a secure environment for guests, an additional touch point for service and a face for the hotel when a guest has a security or safety concern.
The internal issue
While the employees in hotels are the greatest asset of the hotel they are also the greatest risk to the business. New and emerging risks in booking fraud, credit card fraud and cyber security as well as the age-old threat from internal fraud are major risks to the hotel industry. In the digital age the protection of not only financial information but also gusts personal information is vital. A single breach or lapse in security measures can cause major reputational damage to a hotel. In these cases, a third-party security provider is limited in what they can do to protect the hotel. I say this not just from a skillset point of view but also from an access point of view. Not many hotels are willing to give third party contractors the access to systems required to fully protect them. An in-house security operative or consultant however can provide training monitoring and processes to mitigate these risks.
All this talk of information security and fraud may bring up images of some guy in a basement hacking the system but it’s often much simpler than that. A printed copy of a guest list left on a coffee table, a Wi-Fi password given out over the phone or a e computer left unlocked and unstaffed all have the potential to cause loss of guest or hotel information. A security operative with the operational skillset and access to system such as CCTV and the hotel Property Management System (PMS) can identify these risks and put processes in place to control them.
In addition to all the high-tech stuff there is also the more traditional security control measures such as employee searching, stock controls and cash management which will always pose a risk if left unattended.
Large events are an integral part of a hotels profit making strategy and part of what makes a brand stick out from its competitors. They can also be a logistical and risk management nightmare. Most conferences, exhibitions etc. will not require a large security presence but if a security operative is on site they should have the knowledge and ability to deal with issues such as fire safety concerns caused by participants or equipment, crowd safety issues, access control and traffic management.
For other events, such as parties, corporate gatherings, gala balls and concerts will require a larger security presence to control access. Even with the presence of an in-house security manager or team a security provider will probably be required to support. If a hotel goes totally with a third-party contractor there can be issues. The contractor will send an event team and probably a supervisor who has experience in working large events such as concerts. The skillset and attitude required to organise security at a concert arena is different to the customer focussed approach required in any hotel and the soft skills are often lacking throughout the team. This is no criticism of event security teams it is simply a statement of fact. The team and the supervisor will have the security providers best interest in mind and this may not be in harmony with the hotels value at times. This is where an in-house security manager or consultant representing the hotel can be an asset. Somebody who understand both the security stance of the event and the hotels values and priorities. They can ensure that the security function fits as seamlessly as possible into the hotels overall service delivery for the event and not appear as an add on or external function. They can also present both pre-event and post event analysis from a risk management point of view.
So, what looks like a relatively simple gig strolling around a hotel lobby on a Saturday night may not be so simple after all. Having worked in hotels for many years I know that hotel staff and management have some of the best work ethic and work some of the longest hours of any sector yet their attention to detail and presentation always must be first class. These values must transfer to the security operative representing the hotel as well. The security stance of the hotel as well as budgeting concerns and organisational structure will dictate whether they employ an in house, contract or joint security operation but the values and skillset required must be the same regardless. This part of the industry will develop in the coming years as hotels continue to meet new challenges in the risk management area. So, for those of you out there interested in the sector start planning now for securing the hotels of the future.
Tony is a respected specialist in the field of security, safety and the management of conflict and risk in organisations. As a top industry consultant, on a daily basis, he is helping organisations develop solutions to their risk management and conflict management processes through designing training, policy and risk assessments to meet real world challenges. He is also qualified as an expert witness, in the use of force, and most security related fields. Also a QQI subject matter expert for the security and safety sectors
Winner of the 2016 IITD Rising Star Award