Responding to Guest Concerns about Cyberattacks letter

Padgett-Beale a world leader in the hospitality industry and a big guest house. Company HistoryElmer and Robenia Padgetts first hotel, Robenias Guest House,  opened in 1925 with six family suites (two per floor), a tea room, and a formal dining room. The guest house primarily served wealthy families who relocated to the seashore for the summer to escape the heat in New York City. This property provided amenities and services matching those of rival long-stay hotels in major cities along the East Coast. The second and third properties, Padgetts Hotel and Padgetts Beach House,  were acquired in 1935. Flintoms Tavern, a landmark restaurant, and entertainment venue, was added to the Padgett properties portfolio in 1940.

You hired a management intern and part of cybersecurity management and you have been asked to draft a letter to guests to address concerns about the impacts of possible cyber attacks. This particular letter should reassure guests that the company is taking positive steps to protect guest privacy. The guests’ concerns extend beyond the privacy of information in databases. There have been news reports detailing situations where hackers have attacked internal building monitoring and control systems to spy on guests and invade their privacy.

In order to write an effective notification letter, it is first necessary to understand the required perspective for such a letter.

From a technical perspective, this type of attack is a data security problem because the attackers are stealing data by attacking at the point of creation (data at rest) and then along the transmission paths (data in transit).  The impact of this type of attack is a loss of confidentiality.

From a people perspective, this type of attack is viewed as an attack on the privacy of guests and is categorized as a loss of privacy.

Managers need to address this problem from both perspectives. With internal technical staff, the conversation would revolve around data security. But, with guests and Guest Relations staff, the conversation needs to address concerns about the possible loss of privacy.

Secondly, we must consider the required “tone” for such a letter. The letter must be factual but, more importantly, it is necessary to show an appropriate amount of empathy and understanding for the recipient’s feelings. Empathy and emotional intelligence are important leadership skills for managers.

Having empathy and/or acting in an empathetic manner (aware of and sensitive to the emotions of guests and customers), allows a manager to respond appropriately when a cyberattack occurs.  As you write this letter, you will need to find a balance between addressing the emotional aspects of a cyberattack (need for a supportive and calming response — less information may be best) and the need to develop trust by providing information about a situation which can invoke fear and concern.

After you read this week’s readings on data security, read this definition of Emotional Intelligence and this discussion article about What Emotional Intelligence Is and Is Not. Then, read about three types of empathy https://www.huffingtonpost.com/entry/types-of-empathy_us_56f171cde4b03a640a6bcc17.

Next, read one or more of these articles about a cyber attack that affected hotel operations and created fear and concern among guests and employees.

1. Hackers use ransomware to target hotel guests’ door locks

2. Hackers are using hotel Wi-Fi to spy on guests, steal data

3. 20 hotels suffer hack costing tens of thousands their credit card information

Using what you’ve learned about data security AND emotional intelligence, draft a letter that Padgett-Beale could use to inform and calm its guests should a similar cyberattack (door locks, guest WiFi access, or credit card Point-of-Sale breach) affect one of the company’s hotels properties. Your draft letter will also be used to train employees in how they can and should respond to guest concerns.

More references

1. https://www.isaca.org/Journal/archives/2010/Volume-6/Documents/jpdf1006-an-introduction-to.pdf

2.https://www.datamotion.com/best_practices_-securing_data_at_rest_in-use_and_in_motion/
3. https://www.psychologytoday.com/us/basics/emotional-intelligence

4. https://www.huffpost.com/entry/types-of-empathy_n_56f171cde4b03a640a6bcc17

5. https://arstechnica.com/information-technology/2016/08/20-hotels-suffer-hack-costing-tens-of-thousands-their-credit-card-information/