The Importance of Data Security in Hotels
When was the last time your hotel staff had data security training? The speed at which cyber criminals adapt their tactics can be frightening, and the only way to keep your business – and your guests – safe is to regularly retrain your team in the latest best practices for security.
In episode 11 of Matt Talks, Mews CEO, Matt Welle, explores this important, often-overlooked topic. He covers the modern threats facing hotels, particularly phishing attacks, and the proactive steps you can take to protect your business and your guests.
Read on here for some of the highlights.
Why Cybersecurity Matters in Hospitality
Hospitality businesses handle vast amounts of sensitive guest data, from email addresses to credit card numbers. This makes hotels prime targets for cybercriminals. In recent months, the industry has seen a surge in phishing attempts, where criminals trick employees into providing login credentials. With these credentials, attackers can access guest data, impersonate the hotel and exploit guests’ trust to commit fraud.
The consequences of these breaches are severe:
- Reputational damage: Guests lose trust in a hotel that fails to safeguard their personal information.
- Financial impact: Guests often initiate chargebacks, costing hotels money and administrative time.
- Operational disruption: Addressing breaches diverts resources from providing exceptional guest experiences.
Understanding Phishing and How It Works
Phishing has evolved far beyond suspicious emails promising a fortune from a foreign prince. Today’s attackers use advanced tactics to deceive employees and guests alike. Here’s how these schemes work:
1. Tricking employees
Cybercriminals create fake login pages that mimic legitimate platforms like property management systems. When employees enter their credentials, the attackers capture them in real time.
For example, a fake URL like app.meows.com might appear nearly identical to the real app.mews.com.
2. Exploiting guest data
Armed with reservation details, attackers contact guests via email, SMS, or even AI-generated voice calls. Posing as hotel representatives, they request credit card information under false pretenses, such as a payment failure.
3. Sophisticated multi-channel attacks
Phishing isn’t limited to emails. Criminals use SMS ("smishing") and voice calls ("vishing"), leveraging reservation data to appear legitimate. Guests, accustomed to providing payment details when traveling, are particularly vulnerable.
How Hotels Can Protect Their Data
Preventing data breaches requires vigilance and proactive measures. Here’s what your hotel can do to safeguard its systems and guests:
1. Train your staff
- Regularly educate employees about phishing tactics and how to identify fake URLs or suspicious requests.
- Emphasize the importance of never googling login pages. Instead, employees should bookmark official login URLs.
2. Enforce strong authentication
- Use two-factor authentication (2FA) for all accounts to add an extra layer of security.
- Set up trusted device authorization to flag attempted log ins from unfamiliar devices, an additional layer of security for detecting and approving user logins.
3. Adopt secure practices
- Use password managers to ensure unique, strong passwords for every system.
- Avoid shared logins and require individual credentials for each employee.
4. Monitor and respond
- Set up alerts for logins from new devices or unusual locations.
- Regularly review user access and deactivate accounts no longer in use.
5. Engage with the community
- Share information about new phishing tactics with industry peers to strengthen collective defenses.
How Mews Supports Your Security
At Mews, we understand the critical importance of safeguarding data. Here are a few of the things we’re doing to protect your teams and guests:
- Device-level authorization: Notifications alert users to logins from unfamiliar devices, enabling quick action if a breach is suspected.
- Continuous Training: Our internal teams receive ongoing security education, ensuring robust defenses.
- Expert security engineers: We’ve invested heavily in security specialists who constantly evaluate and enhance our systems.
Final Takeaway: Stay Vigilant
The fight against cybercrime is continuous, but with the right measures, your hotel can protect its data and guests. Remember:
- Never google login pages: Bookmark official URLs and train employees to avoid sponsored links.
- Educate continuously: Regular training and awareness sessions are crucial.
- Act fast: If you suspect an attack, contact your PMS provider (or relevant affected system) immediately.
Data security might not be the most glamorous topic, but it’s an essential foundation for trust and success in hospitality. By staying vigilant and proactive, your hotel can outsmart even the most sophisticated attackers.
Please do share this article or the Matt Talks video with your network, so we can better safeguard our industry, hoteliers and guests. Stay vigilant and stay safe.
If you’d like more information about what Mews is doing to maintain high security standards, click here.
About Mews
Mews is the leading platform for the new era of hospitality. Powering over 5,500 customers across more than 85 countries, Mews Hospitality Cloud is designed to streamline operations for modern hoteliers, transform the guest experience and create more profitable businesses. Customers include BWH Hotels, Strawberry, The Social Hub and Airelles Collection. Mews was named Best PMS (2024) and listed among the Best Places to Work in Hotel Tech (2021, 2022, 2024) by Hotel Tech Report, as well as World's Best Hotel PMS Provider (2023) and World's Best Independent Hotel PMS Provider (2022, 2023, 2024) by World Travel Tech Awards. Mews won the Top 250 Golden Scaler Award in 2024, given to the fastest growing company in the Netherlands, and most recently, was awarded the Tech Hero 2024 Award at CIODAY. Mews has raised $335 million from investors including Goldman Sachs Alternatives, Kinnevik and Revaia to transform hospitality.