Check Your IT for Free!
Click below to get our FREE IT assessment. We’ll review your systems, highlight savings, and check if your backups and disaster plan are solid.
Danny Grimes
Account Manager & Co-Founder
April 16, 2025
Hotels handle huge amounts of personal and financial data. As cyberattacks increase in frequency and sophistication, the hotel industry is increasingly being targeted because of the Personally Identifiable Information (PII) they store. There is an urgent need for the hotel industry to recognise the threat and take steps to protect themselves and their guests.
Hotels are being targeted because of the complexity of their operation and systems, and the amount of PII they handle, in particular:
• Large amounts of data, including credit card information, address data and even passport numbers
• Multiple interconnected systems, such as guest booking, property management and point of sale systems, mean potentially lots of weak points.
• Systems supported by third parties, who may or may not have rigorous security procedures in place
• High staff turnover rates make training and maintaining security protocols difficult
It is estimated that the combination of inadequate training (quality and quantity) and lackadaisical implementation will lead to almost all cybersecurity incidents being triggered by human error.
The attacks come in multiple forms:
Exploiting human psychology, rather than technical weaknesses, takes advantage of peoples’ trust and mistakes. The main weapon are various forms of phishing
• Spear Phishing: Targeting individuals or organisations with malicious emails to steal data or infect devices.
• Whaling: Targeting senior executives to gain access to sensitive information or funds.
• Vishing: Using fraudulent phone calls to extract private data.
• Smishing: Creating and sending fake text messages to steal information.
Impersonating business email accounts, particularly from senior management or suppliers, is a frequently used strategy.
• Asking for money to be transferred quickly
• Saying that bank accounts have been changed
They rely on the importance of seniority and tight deadlines to circumvent security procedures, most often to steal money, more than personal data.
Less of an issue in the hotel industry because of the nature of the business, this method relies on less stringent security behaviours when people are not on their worksite, sometimes even working on personal devices, rather than work ones.
Made harder when staff turnover is high, it is still vital that all staff are trained on their cybersecurity responsibilities:
• How to recognise phishing attacks
• What to do if they believe something is a threat
• How to create and use strong passwords and multi-factor authentication
There are multiple ways to deliver this training; it doesn’t have to involve getting everyone in a room.
• Videos that staff can watch at any time can be highly effective
• Online training packages are more and more common too
• Acronis’ security awareness training is something we recommend.
Procedures need to be in place to check that staff are doing what they need to do, and for what to do if there is a breach.
• Immediate action protocols
• Procedures for investigation, recovery and future prevention
Your network and infrastructure configuration can build on the human security behaviours and prevent problems caused by human failures:
• Zero-tolerance cloud infrastructures that assume compromises will happen, with continuous verification taking place
• spam filters and other protections in place and constantly updated will weed out most phishing attacks
• Strong password configurations and multi-factor authentication can prevent unauthorised logins
• Ensure third parties have strong security protocols in place to prevent supply chain attacks
• Managed Access Policies to ensure that users can only access the resources they need from verified devices and locations
If there is a cybersecurity breach in your hotel, the losses can be devastating. Final losses, legal problems and reputational damage that can mean the end of your hotel business. If your customers lose trust that you can store and manage their data securely, they will simply stay elsewhere.
If you are at all concerned that your cybersecurity isn’t where it should be, get in touch. As experts in the hotel industry, we are more than happy to assess your current cybersecurity arrangements and make the recommendations needed to secure your business.
.svg)