Do you have an IT-related question that needs answering? Ask away.


Guest Wi-Fi is no longer a nice-to-have, but as essential to guest experience as clean sheets and a bathroom. In providing this service, however, many hotels are exposing themselves to cyber attack. In a recent engagement, Net Consulting’s team discovered a misconfiguration in a client’s guest Wi-Fi network that enabled us to access their main network and, consequently, control their access doors. With the hotel industry in the spotlight more than ever before, now’s the time to make sure you’re secure. 

Data collection is of paramount importance in the hotel industry. The race is on to provide a fully personalised experience that keeps customers coming back, time and time again. More than name, credit card information and address, hotels now want to know which coffee shops their guests buy from, where they like to visit when they’re in town and what music they listen to.

Understanding a customer fully is only possible through the analysis of vast quantities of data, which is becoming easier to collect due to digital transformation and the emergence of hospitality-specific tech. Apps and chatbots gather data seamlessly through customer’s devices, quickly building a digital profile that can be used to deliver an improved experience.

According to research by Samsung, 9/10 guests will expect hotel experiences to be personalised by 2020. Guests are driving this change, flocking towards online services that offer personalised recommendations and reviews, such as as AirBnB and Hotels face no choice other than to modernise, exploiting new technology to ensure that their guests get the service they’re accustomed to elsewhere.

Old dog, new tricks

Digitalisation is certain, but the transition poses a unique set of problems. Digital keys, smart room sensors and guest Wi-Fi are all access points through which a cyber-attack could be launched. As the industry transitions towards full digitalisation, more and more of these access points are being added to legacy systems and being managed by under-trained staff that become weak points.

Each of these points of vulnerability could provide access to a global network holding rich information on vast numbers of hotel guests. With the rewards of exploit so high, it’s no surprise that the news has been filled with recent headlines of hotel chains being breached. The Marriott International attack made headlines most recently, with financial costs estimated to be an eye-watering half a billion US dollars, before considering the damage to reputation which may never be recovered.

Wi-Fi-ght it?

Though it maybe be large hotel chains making the news, the risks of digitalisation are shared across the industry. Smaller and independent hotels might not yet have embraced smartphone enabled room access or invested in bespoke apps, but the demand for access to the internet is universal. Wi-Fi access, that underpins and enables digitalisation, is now a basic requirement.

During a recent Net Consulting engagement, we were able to gain control of a client’s electronically controlled access doors through a misconfigured guest Wi-Fi.

If misconfigured or outdated, guest Wi-Fi networks can leave the door open to attackers and the consequences can be severe. During a recent Net Consulting engagement, we were able to gain control of a client’s electronically controlled access doors through a misconfigured guest Wi-Fi. We were able to contain and repair the incident before any damage could be done, but the consequences of a malicious attacker gaining similar access could have been severe.

Digitalisation teething problems are affecting businesses in every field across the world, and increased publicity only makes further attacks more likely. Hotel owners are already in the spotlight, so the time to act is right now. Accept that a breach is likely and take the necessary precautions. Get a pen test. Update your infrastructure. Train your staff.

If you need an independent opinion, get in touch.



“Net Consulting have been extremely flexible and willing to work within the demanding restraints necessary. They have also been able to successfully adapt the Riverbed and IBM solution to suit our specific requirements, such as the need for multiple security levels. The solution has been working well for around 2 years now and is a key capability for the MOD’s approach to service management"

Ministry of Defence

Read case study

“We needed to understand whether our applications could operate from a shared services datacentre. Net Consulting were able to give us the answers.”

Sheffield Hallam University

Read case study

"What Net Consulting provides us with is a baseline for where we are now. We can achieve our longer-term objectives with this robust foundation of information. It’s key to success, and that’s why we collaborate with companies like Net Consulting to build trust and deliver our outputs."

Ministry of Defence

Read case study

“The BlueArmour service allows us to see potential ingress paths an attacker can take into our network, as well as potential data egress paths. The service provides us with critical, prioritised information to quickly remediate issues."

Blake Morgan LLP

Read case study

“Unless you’re prepared to run a 24/7 security operation in-house, headed up by a team of seriously skilled people, you’re never going to match what BlueArmour ATD offers.”

Capital Law LLP

Read case study

“Net Consulting’s understanding of our requirement was evident through a superb bid and they showcased exactly the right approach. Clearly their Public Sector experience was transferable in terms of this engagement. Their cybersecurity expertise is very strong across the team, right from knowledgeable, technical and engaging leaders, through to their team of Floodlight SOC analysts. Net Consulting were under a very tight deadline, given the fact we needed to complete this piece of work within the financial year. They performed at a significant pace, were very reactive and agile, and never once let their high level of standards slip."

Digital Health and Care Wales

Read case study