8 Cybersecurity Quick Fixes for Your Hotel (and Guests)

These days, almost every aspect of the hotel business involves computers, mobile devices, or computer networks. At the property level, this includes reservations, front desk, payroll, accounting, and HR. For guests, it’s the hotel website, mobile apps, loyalty programs, social media, and third-party travel websites.

While these systems are now necessary and have brought a new level of efficiency and service, they’ve also brought an increasing level of vulnerability. Yes, cybersecurity is an issue in every industry, but the hospitality industry is traditionally among the top five industries breached every year.

To help protect your hotel (and your guests), we present eight cybersecurity quick fixes, most of which you can begin implementing today.

 

security-fixes

 

1. DON’T use your public Wi-Fi network for business.
  • Make sure your Property Management System (PMS) or any other business systems are on a different network than your public Wi-Fi.
  • Wi-Fi connections provide an easy way in for hackers. Keep things separate and make attacks more difficult.
  • Another reason to use separate networks: you must protect your guests’ personal and private information.

 

2. Change your public Wi-Fi password every 30 days.
  • This will help to keep your public Wi-Fi connection secure – something your guests will appreciate.
  • This also helps you control who is accessing your Wi-Fi. 

Download Free Cybersecurity Checklist


3. Give each employee unique passwords.
  • Give each front desk employee unique passwords to your computers and to your PMS.
  • Train employees to lock any front desk operating systems when they step away.
  • Unique passwords also help you track changes each employee makes in the system, helps with accountability and ensures unauthorized guests or employees cannot access the system.

 

4. Give employees access only to systems relevant to their jobs.
  • Although it may seem convenient to give everyone access to every system, most employees don’t need that across-the-board access.
  • By keeping system access separated, you help prevent someone accessing multiple systems by obtaining one employee’s login credentials.

 

5. Train staff to never leave portable devices unattended.
  • Tablets and smartphones are being used more often throughout the hotel. Train your staff to keep their eyes – and hands – on them at all times.
  • Even if locked, these devices could easily be hacked, and your valuable information accessed.

 

6. When employees leave, revoke all their credentials ASAP.
  • You don’t want any outsiders to have access to your systems. This becomes even more of a problem if these employees leave angry.
  • Revoke all ex-employees’ network access credentials and passwords within at least 2-3 business days.

 

7. Train employees to spot cybersecurity issues or attacks.
  • Provide training once per quarter on the basics of spotting phishing, viruses and malware attacks.
  • Regular training also keeps cybersecurity top-of-mind, cutting down on employees opening the front door to attacks.

 

8. Change default passwords on all network devices.
  • Routers, access points, cameras and other devices usually come programmed with a default password that’s easy for others to obtain.
  • Change these passwords to something more complex and unique and you protect the entire system.

Of course, no business can be completely safe from privacy breaches and cyberattacks, and hackers grow more sophisticated each day. Plus, at least 95% of reported data breaches can be traced to an intentional or unintentional act by a person within or associated with the organization.

Following these quick fix cybersecurity measures will help, as will regular employee training. But this is only the beginning. Consider bringing in a cybersecurity consultant to make sure you’re doing everything possible to keep your guests’ private information from being compromised.

After all, your hotel’s reputation is on the line.

 

Leave a Comment

Your email address will not be published.