Losing data can end a business. The functions of booking rooms, storing customers' details, ordering stock and maintaining finances can all depend on computers that, if unprotected, are vulnerable to attack from software viruses and hackers.
The damage inflicted can be financial, but such attacks can also have an effect on your reputation. A hotel whose website is attacked by online vandals, for example, could take years to rebuild its tarnished image.
David Franco, Moat House Hotels' core technologies network and securities manager, says that IT systems are now expected to offer customers the convenience of online booking, while also securing their financial and personal details, as well as company data. In this way, it can have a direct impact on the business's bottom line.
Says Franco: "Individual hotels need to respond to e-mailed bookings within half-an-hour - if the request is lost and not received, there's a good chance that the customer might find another hotel."
Although no system can be 100% secure, the objective is to establish a sufficient deterrent within the resources available, Franco says. "Some hackers will get through any security if they really want to. I'm making it as uninteresting as possible for them, so if they really want to hack they'll go and find somewhere more interesting," he says.
As well as reaching customers online, hotels and some caf‚s are now inviting customers to use their wireless networks to access the internet or corporate networks. But although this has proved popular in some locations, it has inherent security risks, says Graeme Powell, Europe managing director of STSN, a specialist wireless network provider.
Wireless networks were originally designed with file-sharing in mind, either in the home or in the office. But, Powell says: "Such a facility is not welcome in hotels, as the person sitting next to a business traveller could be from a rival company."
Although travellers or their employers may themselves need to take certain measures to ensure the privacy of data, such as securing their virtual private network and laptop settings, hotels providing wireless access may also be tarnished by any security breach, Powell believes. "Although a hotel may be able to avoid any legal liability through disclaimers, a security breach could still damage their reputation, so it's best to advise customers on security when they enquire about the service," he says.
Although a small restaurant in, say, St Ives may not provide a wireless network or be a likely target for hackers, any computer used for e-mail or to surf the web can be the victim of a software virus. The cost to businesses of a single attack can be as much as £66,000, according to research from analyst firm Datamonitor.
Tanya Shirlow, small business marketing manager with software supplier Microsoft, says it's vital for small businesses to take IT security seriously. "The internet is a huge enabler," she says. "It opens up possibilities for small business, because they can look as large and professional as any other business with the right website. But so many vandals and criminals also use the internet that you run the risk of people accessing confidential files."
She goes on: "Lost data can be disastrous. It will depend on the type of business, but the impact can be huge. If it were me, I would only have myself to blame. [Effective security] can be as simple as creating a CD every night and putting it somewhere safe."
Microsoft has put together an introduction to computer security for smaller businesses (see opposite). Shirlow also recommends that small businesses get in touch with a trusted local IT supplier for advice on security. And, she says, the best way to find one is through the local chamber of commerce, or by word of mouth. n
Advice on IT security
A free British Chambers of Commerce Guide to IT Security can be ordered from: www.bcentral.co.uk/security, along with other relevant security content. Commercial software supplier Microsoft has produced a 10-step security guide for small businesses. It includes advice on virus protection and on backing up systems. Many users still fail to use basic security measures such as setting up a password. The word "password" itself is still commonly used, as are people's names - measures which can be easily cracked with hacking software tools.
- Get virus protection. Viruses hit millions of businesses worldwide - don't be one of them.
- Set up a firewall, especially for broadband connections. This can protect your systems against hackers and unwanted attention from internet marketeers.
- Stay up to date. Software developers create "patches" to help protect against the latest hacking techniques.
- Use strong passwords. Hackers use tools to generate thousands of passwords when cracking a system.
- Secure your internet connection. Check the security measures taken by your internet service provider.
- Be defensive with e-mail. Staff should avoid opening e-mails from unknown senders.
- Be defensive with the internet. Staff must be trained to avoid visiting illicit websites which are used to spread malicious computer codes.
- Protect your laptop. Lost laptops are a common security concern for businesses.
- Back up data regularly to a CD or other medium.
Coppid Beech Hotel Covering 204 bedrooms, the wireless network at the Coppid Beech hotel in Bracknell, Berkshire, is one of the largest complete hotel installations of its kind in the UK to date, and allows any of the guests with appropriately enabled equipment to access the internet, e-mail and online services at broadband speeds, without a phone-line connection.
The installation, from wireless specialist Liberty Europe, gives the hotel a competitive advantage over the larger chains - it's located near the European headquarters of several of the world's largest IT companies, and thus caters for many tech-savvy guests.
But the hotel also has to take some responsibility for the security of guests using its service. Alan Blenkinssop, the hotel's general manager, says. "Security is very important as part of the service. We've briefed all duty managers and line managers on the system. Our IT managers can advise and support any guest on their laptop security settings. It's critical we're able to do this - we're used by very hi-tech people from all around the world, communicating with their head offices."
The service was launched in August last year and now attracts about 150 users a month. Guests can get advice on their laptop settings, and connections to their company's virtual private network. When a guest first accesses the service, they see a page about the wireless network, where security advice features very prominently, even before they put in their password and start using the system.
"From time to time, guests ask about the security of the network and we can tell them," Blenkinssop says. "Usage has rocketed. When we started, there was a little concern, but that has vanished and we get a lot of repeat users."
The rise of the internet has been a blessing for hotel companies which want to offer customers a rapid and convenient service. Moat House Hotels now says it can respond to e-mail bookings from its website within 30 minutes. But to honour this, the company's systems must be reliable and secure.
The company's security systems must protect customer data, including personal information and financial information such as credit card numbers. If this were compromised, it could damage the business's reputation as well as hitting individual customers. The company must also protect employee information and financial data critical to the business, says David Franco, Moat House Hotels' core technologies network and securities manager.
When it decided to go along the hi-tech route, the hotel couldn't provide external services to its website customers through its existing internal network so it opted to move on to what is called a virtual private network - a company network that runs over the internet. Such a system can reduce the cost of transferring data between countries by as much as 80%. As well as serving customers, the network also connects staff to the internet and allows purchasing and order processing.
But to make this network secure, it needed to be protected by an effective firewall, part of the software designed to stop the intrusions of hackers and computer viruses. Last year, the company upgraded the system to use a product from software firm StoneGate.
Franco explains that there were certain criteria he used when choosing the product. For example, it needed to be able to switch network traffic between installations, so that if one is out of service for any reason, the network is not down or unprotected - a concept called fail-over. Similarly, there is fail-over between telecoms suppliers. The product also allows remote maintenance of the firewall, so IT staff in Britain can work on the company's German installation.
The hotel chain currently runs the firewall from three locations, or nodes, but will expand to 80 sites around Europe in the near future, allowing it to reduce the cost of moving data around Europe while maintaining security levels.