Guest Wi-Fi is no longer a nice-to-have, but as essential to guest experience as clean sheets and a bathroom. In providing this service, however, many hotels are exposing themselves to cyber attack. In a recent engagement, Net Consulting’s team discovered a misconfiguration in a client’s guest Wi-Fi network that enabled us to access their main network and, consequently, control their access doors. With the hotel industry in the spotlight more than ever before, now’s the time to make sure you’re secure. 

Data collection is of paramount importance in the hotel industry. The race is on to provide a fully personalised experience that keeps customers coming back, time and time again. More than name, credit card information and address, hotels now want to know which coffee shops their guests buy from, where they like to visit when they’re in town and what music they listen to.

Understanding a customer fully is only possible through the analysis of vast quantities of data, which is becoming easier to collect due to digital transformation and the emergence of hospitality-specific tech. Apps and chatbots gather data seamlessly through customer’s devices, quickly building a digital profile that can be used to deliver an improved experience.

According to research by Samsung, 9/10 guests will expect hotel experiences to be personalised by 2020. Guests are driving this change, flocking towards online services that offer personalised recommendations and reviews, such as as AirBnB and Booking.com. Hotels face no choice other than to modernise, exploiting new technology to ensure that their guests get the service they’re accustomed to elsewhere.

Old dog, new tricks

Digitalisation is certain, but the transition poses a unique set of problems. Digital keys, smart room sensors and guest Wi-Fi are all access points through which a cyber-attack could be launched. As the industry transitions towards full digitalisation, more and more of these access points are being added to legacy systems and being managed by under-trained staff that become weak points.

Each of these points of vulnerability could provide access to a global network holding rich information on vast numbers of hotel guests. With the rewards of exploit so high, it’s no surprise that the news has been filled with recent headlines of hotel chains being breached. The Marriott International attack made headlines most recently, with financial costs estimated to be an eye-watering half a billion US dollars, before considering the damage to reputation which may never be recovered.

Wi-Fi-ght it?

Though it maybe be large hotel chains making the news, the risks of digitalisation are shared across the industry. Smaller and independent hotels might not yet have embraced smartphone enabled room access or invested in bespoke apps, but the demand for access to the internet is universal. Wi-Fi access, that underpins and enables digitalisation, is now a basic requirement.

During a recent Net Consulting engagement, we were able to gain control of a client’s electronically controlled access doors through a misconfigured guest Wi-Fi.

If misconfigured or outdated, guest Wi-Fi networks can leave the door open to attackers and the consequences can be severe. During a recent Net Consulting engagement, we were able to gain control of a client’s electronically controlled access doors through a misconfigured guest Wi-Fi. We were able to contain and repair the incident before any damage could be done, but the consequences of a malicious attacker gaining similar access could have been severe.

Digitalisation teething problems are affecting businesses in every field across the world, and increased publicity only makes further attacks more likely. Hotel owners are already in the spotlight, so the time to act is right now. Accept that a breach is likely and take the necessary precautions. Get a pen test. Update your infrastructure. Train your staff.

If you need an independent opinion, get in touch.

Sign up for ‘NCL Insights’

Your trusted source for innovation, technology insights, and market trend analysis.

Why Choose NCL?


For over a decade, we’ve developed a strong reputation amongst our customers and partners for consistently delivering services which help businesses perform optimally and securely. This is why the relationships we’ve developed over the years have become long-standing and deeply trusted.

We’re very proud to have provided continuous IT support to the MoD for over 12 years. This length of service is a testament to the trust the MoD place in our people to deliver results, time and time again. Today, we provide situational awareness of the MoD’s globally-deployed application performance while assisting in troubleshooting issues and collaborating with other delivery partners to solve problems faster.

The lessons we’ve learned in Defence are applied to our engagements with customers in the enterprise sector too, ensuring robust network and cyber management for medium to large scale organisations. We use our long-standing experience in end-to-end performance management as a foundation for all of our services, so we can better define a customer’s complete requirements and deliver a more effective solution, whatever the field of technology. Offering market-leading technology and trusted managed services from ‘Floodlight’ - our own UK sovereign SOC, we work closely with customers in Driving Digital Vigilance across industry sectors.