Cyber threats make hoteliers very nervous. With increasing reliance on a whole structure of interconnected technology, and major compromises being regularly reported by even the largest hotel groups, it’s right to be concerned. From the security boost of cloud-based Hotel Management Software to crafting robust cybersecurity policies, here’s how to protect your hotel software from hacking.
Guest security is paramount to any hotelier, and guest data is a sensitive and valuable asset you’re entrusted with as soon as someone makes a booking. Criminals are deeply aware of how invaluable this data is too, and hacking situations are still all too common in the hospitality sector. Almost a third of hospitality organisations have reported a data breach, with the average cost of a breach being approximately US$3.4m (Cyber Magazine).
The number of breaches reported in the last two years alone has been staggering.
A breach on MGM Resorts left guests locked out of rooms, and brought its payment and booking systems across the United States (Forbes).
Last year, Marriott was fined almost $24million for a data breach that happened in 2014, when the credit card details, passport numbers and birthdates of more than 300 million customers were leaked. The breach wasn’t discovered for a number of years (Hotel Tech Report).
Last summer, the Caesars Entertainment rewards programme was hacked, and tens of thousands of members’ Social Security and driver’s licence numbers were stolen (Cybersecurity Dive).
Phishing scammers have even targeted travellers through online travel agents (OTAs) such as Booking.com, gaining their bank details via email requests to confirm hotel payments (The Guardian).
The threats clearly aren’t going away. So what are the vulnerabilities of your PMS, and how can you protect it?

Why is your hotel’s technology vulnerable?
Hotel systems are a target for cybercriminals because they hold such a range of key data about a large number of people. At the very basic level, your PMS collects details including date of birth, address, passport information and credit card data. You’re likely to have this for every guest who has ever stayed at your hotel.
Hotels also have point of sale (POS) systems, often working with third party vendors. So even if your own hotel’s technology isn’t breached, your guests’ data could still be accessed if the third parties you work with are victims of cyber-attacks.
Most hotels communicate with their guests by email. Cybercriminals can take advantage of this through phishing. They send emails out posing as your hotel, asking guests to send or confirm personal information. If your PMS has been hacked, these cybercriminals can make very targeted approaches, as they may have some of the details of guests who have forthcoming bookings.
Other threats to hotels include Dark Hotel hacking, when cybercriminals hack into a hotel’s Wi-Fi. They install a code on the hotel’s server, and then obtain personal information about guests when they log into the Wi-Fi. Ransomware and Distributed Denial of Service are also cyber-attacks where criminals access hotel systems such as remote check in, digital key cards or security cameras – taking control of them until their demands are met.

How can you protect your hotel technology?
The information you collect and store on your guests is crucial for you to be able to run your hotel efficiently and effectively. But you must protect it as a core priority. Here are some ways you can reduce the risks:
- Use a cloud-based PMS. Compared to on-site servers, cloud-based technology has enhanced measures in place to prevent cybersecurity issues. System updates and backups happen regularly, protecting your systems from the newest and emerging cybersecurity threats too.
- Have a cybersecurity policy for vendors and colleagues. Ensure all third parties you work with have robust measures to prevent cyber-attacks, and train hotel employees on cybersecurity prevention.
- Use a modular Hotel Management System. Solutions such as SIHOT.PMS enable you to add on modules such as SIHOT.POS as per your hotel’s needs, with additional solutions provided by a handpicked selection of trusted third parties. This means you don’t have to worry about validating the security measures of third party suppliers directly.
- Communicate with your guests. Be clear with guests about how and when you will collect their personal details. Let them know how they should contact you if they’re unsure about the authenticity of emails or other communications they receive.
SIHOT.PMS can support your cybersecurity efforts – contact us to find out more.