The 4 cornerstones of improved hotel security

July 23, 2015 - By Mac Segal

Tags: ,

Since 2002 there have been over 20 major attacks on international hotels all over the globe. The most recent, in El Kantaoui Port, Tunisia, was terrifying in its modus operandi and chilling in its execution. We don’t want to suggest that stopping well-prepared, highly motivated and ready-to-die terrorists is a simple affair. But we do believe that closer attention to the four cornerstones of improved hotel security would go a long way to mitigate this growing threat.

Time after time we bear witness to terror attacks on hotels that attain an unacceptable rate of success. The security apparatus in most hotels today is not equipped to effectively prevent or deal with a hostile incident on the scale we have witnessed in recent years, and unless there is a fundamental conceptual change in the hotel security paradigm, when the next terror attack occurs, it too will succeed.

Feeling safe is not the same as being safe

If there is one thing we know to be true, it is that higher resolution cameras, more robust vehicle barriers or the addition of more inadequately trained security personnel is not the answer. Physical and technological security measures without properly trained manpower and proper procedures in place create an illusion of security that is both ineffectual and dangerous. The perception of security does not necessarily mean security.So, how do hotels protect themselves from becoming the next victim of international terror? We propose a four-fold solution that starts with understanding the risks, threats and vulnerabilities a hotel faces, then moves to the implementation of effective proactive and reactive measures to ensure the safety of both guests and staff.

Cornerstone 1: Updated Risk, Threat and Vulnerability Analyses (RTVA)

There is no “one size fits all” solution to security, especially not in hotels. A good RTVA shows this immediately.

Each hotel has to be considered in terms of its environment, clientele, geographical location and many other factors. Back in the days when the main concern for hotel security was petty theft and drunks in the bar, the concept had different connotations. In the reality of today’s world, without an in depth analysis of the actual threats and risks a facility faces – and where its vulnerabilities lie – it is not possible to build an effective security apparatus.

In order to improve security, it is imperative to have a clear understanding of the specific risks and threats facing the hotel and its guests, as well as the vulnerabilities that might allow these risks and threats to breach the existing security apparatus. Only once qualified professionals have properly conducted an RTVA is it possible to establish a security plan that objectively addresses risks, threats and vulnerabilities – and then reliably reduces the risks to acceptable levels.

We can compare risk mitigation to a vaccination. If one is travelling to a country where yellow fever is a high risk, getting a flu shot is not going to help. That’s not to say a flu shot isn’t a good thing to have. It simply means that for that particular country additional and specific protection is needed to optimally reduce risk.

Today, many hotels have their security “flu shots”: a range of generic prophylactic measures they hope will insulate them from day-to-day low-level threats, but nothing based on a rigorous RTVA or a current understanding of the actual threat scenarios. This mind-set needs to change.

International terrorism is growing, and hotels are a highly attractive, and for the most part highly vulnerable target. To our way of thinking, the fact that there has not been a major attack on a hotel in Europe or the US in recent years is not due to lack of motivation, desire or ability on the part of the enemy. Rather, decision makers in terrorist organizations have not yet given the green light for such attacks. Maybe they are afraid of the consequences, or perhaps law enforcement authorities do a sterling job of frustrating and uprooting their planning stages. Either way, sooner or later, it will very likely happen. We sincerely hope we are wrong, but in the event that we are not, hotels need to begin to take these threats much more seriously.

Cornerstone 2: Physical and technological barriers

  • Physical barriers: Gates, lights, locking mechanisms, windows, fences, walls, barriers, bollards, security booths, etc.
  • Technological barriers: CCTV cameras, alarms, biometric readers for employees, key cards, smart elevators, automatic fire doors, etc.

All of the above are essential for any hotel security system and should keep guests safe. Correct? Yes, but not on their own!

Physical and technological barriers that protect a hotel’s perimeter and shell should be part of every hotel security plan. But it is important to realize that while they are necessary component, they are not sufficient to establish real security.

In fact, they can sometimes provide a false sense of security.

Even though the attacks of the last several years have shown that this is where security systems fail time and again, numerous articles still call for hotels to install better quality IR and Hi-Res cameras, sophisticated alarm systems and more secure locking mechanisms on doors.

The fact is, however, that no camera has ever stopped a gunman from entering a hotel lobby any more than an alarm prevents them from accessing the premises.

Every hotel security apparatus requires all four cornerstones to be truly effective, but many hotels today place disproportionate emphasis on the physical and technological aspects of security, and far less on an RTVA, manpower/training and procedures.

The questions that needs to be asked before installing or upgrading physical and technological security measures are:

  • Why do we need this?
  • What threats are we addressing or mitigating?
  • What is our purpose?
  • Is it going to make our guests feel safe – or actually be safe?

We do not suggest throwing away cameras or leaving rooms unlocked. We do want to emphasize that CCTV cameras do not prevent attacks. Cameras have a function and a place in the security paradigm, but they are not a preventative measure. This is a prime example of feeling safe as opposed to being safe.

In order for a hotel to have a realistic chance at surviving a terror attack with minimum casualties, it is critical to consider the third and fourth cornerstones: Manpower/Training & Procedures. Having physical and technological measures without trained manpower and procedures that instruct them what to do and how to act is as useful as having a top-of-the-line Learjet sitting on the runway without a qualified pilot in the cockpit. It looks good and feels good, but it is not going to get you to your destination.

Cornerstone 3: Manpower & Training

Having the “right person for the right job” may sound cliché, but that doesn’t make it any less true. From the selection of the Security Manager to Access Control Guards, choosing the correct people is of paramount importance to the security of any hotel.

Specific qualifications for all security positions need to be established, and only qualified candidates must fill them. Proper vetting and screening of all potential hotel employees, not only for security related positions, is equally important. (In the Mumbai attacks, for example, employees who had been planted there by the terrorist organizations supplied much of the useful intelligence about the interior of Taj Mahal Hotel.)

Once the security team has been selected, appropriate and comprehensive training by well-qualified instructors is essential.

Training should not only teach the skills necessary to carry out day-to-day responsibilities in an effective and thorough manner. It should also enable staff to be a proactive security force. This means that training courses should include lessons on hostile surveillance indicators, suspicious behaviour identification, proper monitoring of CCTV, case studies of actual attacks on hotels and more. The mantra must be:

“Stop the threat as early and far away from the target as possible.”

A further aspect of training that is mostly neglected is response training: what to do when a hostile incident occurs.

When security personnel hear shots fired or a receptionist hears an explosion in the parking lot, what do they do? How do they respond? It is not reasonable to expect the average person to respond effectively to extreme circumstances, especially life-threatening ones, without proper training.

Just as police, paramedics, firefighters and many other professional first responders receive training in how to respond to critical circumstances, so too, should hotel security personnel. In fact, it is important that all hotel personnel undergo some degree of security-related training so that if a crisis hits, they will know how to respond correctly to minimize casualties and save lives.

Cornerstone 4: Procedures

The fourth cornerstone, procedures, is perhaps the most important and yet the most neglected.

Procedures are the manner in which staff should respond and act when faced with a particular set of circumstances. But while there are rooms filled with generic security procedures, and these may have been enough in the past, they no longer provide adequate answers to the threats hotels face today.

Security procedures need to be hotel-specific, and they need to address a wide variety of risks and threats at various levels. The concept of one procedures manual being applicable to all hotels in a chain or region is no more logical than suggesting that one guidebook could be relevant for every country in the world.

Hotel security procedures relate directly to the RTVA (Risk, Threat, Vulnerability Analysis) for a specific hotel. They need to consider variables such as geographical locations, environment, clientele, facilities, budgets, manpower and many other issues. They provide structure and methodology for carrying out security-related tasks, not just for security personnel, but for all hotel employees.

Procedures must be clearly written and accessible so people can refer to them when necessary. They must be simple and unambiguous, and they should provide clear instructions for how to act during routine and emergency situations.

We are aware that hotel operators have emergency procedures in place for fires, earthquakes and various other natural disasters, as well as contingency plans in the event of war or other extreme circumstances. We are also aware that one cannot know if these plans will effectively save lives until they have been field-tested in an actual crisis. That is why it is critical that these procedures be prepared with the help of experienced professionals who have a deep understanding of real-world threats and first-hand knowledge of what will actually work and save lives.

The combination of properly written procedures and training equips employees with not only the “what” and “how” to do things, but also “why” these things need to be done. This facilitates proper and effective function in the field.

It’s all about the guest experience

Turning hotels into fortresses is not the answer. Guests must feel welcome, safe and happy, and they should be able to enjoy a positive experience in keeping with the operator’s culture.

Effective hotel security will not come from more barbed wire fences or more guards with more guns. It will come from accepting the new reality: The world has changed, and is no longer what it once was.

Hotels are considered legitimate targets by those who wish us harm, and only an intelligent shift in the hotel security paradigm that will provide actual, not perceived, security is going to prevent the next attack from claiming innocent lives.


Mac Segal

Vice President, Business Development and Consulting, EMEA

With over 25 years of operational, training and consulting experience in the security industry, specializing in mitigating and responding to terror and criminal threats, Mac brings real-world knowledge and expertise to all facets of his job.

As a hospitality and fixed asset SME, Mac conducts security assessments, training and designs security master plans for hotels, business facilities, event & conference centers, and critical infrastructure the world over. Working extensively with owners and operators in the private and government sectors worldwide he possesses an in-depth understanding of the challenges facing businesses and infrastructure in today’s world. Mac has published many articles on hotel and general security and is a regular speaker at security conferences the world over as well as SME to major television and print news outlets.

Mac leads training programs in security awareness & suspicious indicator identification, event security, emergency response procedures, counter-terrorism, covert close protection, and surveillance detection. Mac has taught security professionals, hotel and event facility guards and employees, government units and C-suite executives, working together with them to customize the training to their specific requirements.

Merging his operational, training and consulting skills, and partnering with our clients, Mac carries out Operational Audits of government and private facilities and protective units to constructively identify, assess and rectify real-world vulnerabilities.

Born in South Africa, Mac has served in two militaries and government service, living in Europe and the Middle East whilst operating around the globe. This facilitates him with an excellent multi-cultural understanding which allows him to provide tailor-made, relevant and practical security and safety solutions.