When the security issue first was reported, it caught the attention of Rosen Hotels and Resorts in Orlando, Fla. Rosen Hotels has over 7,000 rooms and knew that it had to be proactive in its resolution of the problem.
Given the impact of the initial media reports and the subsequent negative press on the industry responses, the company knew that it had to move quickly. The company had received notification from several meeting planners that it had to guarantee the replacement of the current door locks prior to the arrival of their groups if Rosen was to secure the business.
Once Rosen made the determination that it needed to replace its locking systems, the company engaged Karen Faircloth with the Millennium Technology Group (a subsidiary of Rosen Hotels and Resorts) to head up the overall project management and RFP process. The company took the unique approach of involving all aspects and personnel of the hotels and resorts. Its was realized that in order to get the entire organization behind the initiative, the company needed to involve all departments in the decision making. Additionally, Rosen realized that each area of its operations had unique requirements and demands for the system. Therefore, the best people to conduct the overall due diligence on the products would be the operational personnel themselves.

Every department attended meetings with the potential solution providers. Representatives from the front desk, engineering, sales, housekeeping, IT and even the general manager were asked to participate in the meetings, and effectively all aspects of the systems were evaluated from the ground up, regarding operational needs and requirements. Each department was asked to validate the solution providers’ references. The staff had a vested interest in how the product actually worked and would also know the correct questions to ask from a functionality standpoint. The front desk staff contacted the front desk staff of the other hotels, engineering contacted other engineering departments, IT contacted IT, and so on. The reference checks were compiled together and distributed to all of the Rosen staff.
Additionally, Rosen pulled the Dun and Bradstreet reports on each company to establish if they were financially stable and what the outlook was for the long-term support of the products. Rosen also examined the companies’ insurance coverage and what coverage they had to sustain large claims.
The final selection process came down to a shoot-out. Rosen hired a certified master locksmith with experience in the hospitality industry, but who was not affiliated with any of the companies. Rosen installed the test locks then asked the locksmith to break into locks and automatic deadbolts. The locksmith also reviewed how the locks were manufactured and was asked to comment on their components and quality. Finally the locksmith was asked to put the locks back together to see how long it would take and what was involved. The test proved to be extremely informative.
The hotels’ staff voted on the system that they would prefer to see installed at their properties. The voting came back overwhelmingly in favor of one solution. Faircloth confirmed that Rosen has just completed the installation of its first hotel which went smoothly, and that the company is on track to meet the necessary installation deadlines. Along the way, Rosen discovered features and functionality in the newer system that will allow the company to become more efficient and provide better controls and services to both its guests and staff.

Security
TIPS
In the wake of the recent electronic door locking breach, many hotels have implemented a proactive security program to enforce operational security protocols and educate guests on key security basics. While these security procedures may not address the direct issues affecting the electronic door locks, they represent a proactive approach to overall guest security and ensuring the safety of the traveling public.
Use of Deadbolts Doors are easier to kick in than outwards. Most hotel room doors open into the room. This is usually due to code requirements that prevent a door opening out into the hallway. As such, it’s important to remember to deadbolt the doors, and where possible, install and have guests use a serviceable security latch. While it may not stop someone who is trying to break into a room, it will delay them and potentially provide enough time for a guest to call for help.
Educate and Train Staff on Security Practices Many hotels have reduced or eliminated the number of security staff due to budget constraints. As such, it’s important to train all staff to maintain a presence throughout the property. Security and ensuring guest’s safety should be the responsibility of all staff members. Criminals do not like to work in active areas and a strong staff presence particularly in guestroom hallways and other quiet areas of the property will limit the potential for theft.
Check the Security of the Adjoining Doors Both staff and guests should be encouraged to check that the dead-bolts for adjoining doors are secured. While the adjoining doors may not be used, frequently the locks are not adequately secured on one of the doors, resulting in potential entry from the other room.
Monitor Security Cameras Many hotels that do not have full-time security staff do not monitor the CCTV cameras consistently. In these instances, monitors should be placed in administrative areas, such as the front office, where staff can be trained to scan and keep a look out for suspicious activity.
Upgrade the Security Camera System Many camera systems are outdated and do not provide effective visibility of the property, especially the key areas of safety such as the entrance and exit access locations to guestroom areas. Properties should evaluate existing systems to determine if they should be either upgraded or replaced.
Proactively Review Security Protocols Undertake regular evaluations of the security protocols for systems including but not limited t network access, password rotation, staff access levels and application updates and revisions. It is recommended when practical to have outside security specialists evaluate systems and run scans and penetration tests to gain an understanding of potential areas of weakness.

What Did the Vendors Say?
Response from the Electronic Locking Vendors
In an effort to obtain input on the subject we asked a number of the well-known electronic door locking system providers for feedback on the issue. Some declined to comment, and, for the most part, the responses we received were somewhat limited due to the sensitive nature of the subject.
ASTC
The company provided the following statement: “ASTC places the highest priority on the safety and security provided by its products. We will continue to support and augment our customers’ security strategies. Immediately following a hacker’s public presentation of illegal methods of breaking into hotel rooms, ASTC engineers developed both mechanical and technical solutions, which have been tested and validated by two independent security firms. These solutions began shipping to customers worldwide in August 2012, (and to date we have) shipped 4 million solutions to hotels worldwide.”
That said, there have been a number of criticisms regarding ASTC’s purported fixes, which in many cases consisted of mechanical caps and security screws that block the physical access to the lock ports that hackers have used to illegally break into hotel rooms. Criticisms include the plugs and screws can be circumvented by hackers, but in some cases can prevent hotel staff from interrogating the lock; additionally the plugs can create a short in the batteries that power the lock; and many of the HT24 and HT28 locks use control boards that cannot be upgraded and have to be replaced.
VingCard Elsafe
VingCard Elsafe offered the following insight: “There is no question that the exposure of a security flaw in a specific brand of hotel door locks has created a crisis for the industry, due to the widespread use of these locks around the world. It has also created an unwelcomed expense and risk for hoteliers, as they grapple with various fixes that have been offered by the manufacturer and other third-party suppliers. In addition, due to mass media coverage of the situation, hoteliers are now faced with reassuring their guests that they are indeed secure in their guestrooms.

“On a more positive note, it has also forced increased awareness of hotel security, which will ultimately lead to better security. Since the most reliable fix for affected properties is to upgrade their locking systems by replacing them entirely, ultimately, hotels and their guests come out ahead by benefitting from the most up-to-date and advanced security systems.”
Kaba
When asked about the enhancements that the company was looking to implement to stay ahead of hackers, the company responded: “Kaba constantly evaluates current security technology and implements continuous improvements to its products and generates best practices for clients and in-house development.”
Salto Systems
Salto provided the following: Electronic door locking systems should no longer be a hardware spec product, but instead should be considered as a security access control system. Hotel owners, management companies, IT, engineering and security departments should be reviewing and specifying the locking systems that go onto the doors of their hotels. Salto said it can see what has happened in the industry because locks became a commodity based on the lowest price where the focus was not on a security system. “Most of the hotels that Salto has been installed in have chosen our products because of their superior secure access control features and the commercial grade quality and reliability of our locks.”

Great Wolf Resorts
Great Wolf Resorts is the largest chain of indoor water parks in the world. Each of the waterparks is part of a larger resort, which also features specialty restaurants, arcades, spas, fitness rooms and children’s activity areas. The company focuses on providing a safe environment for traveling families with children, and it pays particular attention to the security at each resort. The resorts use an RFID wallet-on-your-wrist program at many of its properties to allow guests to use wrist band as a room key and to charge for goods and services purchased around the resort. Because Great Wolf Resorts has used this system for some time we contacted them to discuss how the recent security issue has affected the company.
CIO Rajiv Castellino said, “The issue has not affected our operations. We have a proactive approach to security at our properties. As such once the issue was raised we immediately followed up on the potential concerns and ensured that all of our properties had the latest security features installed on the locks. Most of our door locks are newer RFID locks that were not affected.”
Given the nature of the guests and families that come to Great Wolf resorts, security and safety has always been a priority. Castellino said, “Our security, IT and other departments, such as housekeeping, focus on being proactive and alert to possible threats that could affect the safety of guests. From an IT perspective, each resort has an IT manager onsite who directs and controls the security of the systems, applications and even physical access to each of the distribution frames where sensitive equipment is housed.”
Castellino said that his team is constantly evaluating other emerging technologies such as near-field communications (NFC) and is cautiously optimistic about its potential and also about using mobile solutions. They might introduce an NFC solution in the future but not without rigorous testing to ensure that the solution meets Great Wolf Resorts’ security standards.
According to Castellino, the industry needs to take the issue of security and breach incidents seriously and collaborate on ways to address the problem on an industry level. By sharing experiences and educating about possible solutions, the industry can be successful combating the problem.