Hotels store and process a great deal of sensitive data from their guests – credit card information, full names, demographics, and other personally identifiable information. These forms of data are incredibly attractive to malicious attackers with financial motives as this data can be readily sold and distributed. 

To protect guests and their data, hoteliers need to prioritize investing in cybersecurity. The tips in this article will serve as a sample of the key vulnerabilities that hoteliers will need to protect against.

WiFi Security for Hotels

Public WiFi hotspots are a prime target for cybercriminals as a large number of guests and devices connected to the network provide a wider attack surface. 

Hotel WiFi Security Risks:

    • DarkHotel: Also known as “Tapaoux”, the advanced persistent threats responsible for these attacks remain stealthily undetected while they wait for specific high-profile targets to connect to the hotel network. They infiltrate hotel internet systems intending to trick their victims into installing spyware on their machines. 
    • WiFi Spies: Guests that are connected to the shared networks used by hotels can use specialized software to analyze the traffic of other guests on the network. While encryption can help reduce the readily available amount of data, it shouldn’t be relied on as the only security measure.
    • Honeypots: Even if your hotel’s network is secured, would-be attackers can still create the WiFi hotspots that attempt to disguise themselves as an official WiFi connection of the hotel. With the prevalence of third-party service providers managing the WiFi for hotels, on-site staff needs to remain vigilant for any suspiciously named WiFi hotspots.

How to Increase Hotel WiFi Security:

    • User Authentication: To reduce the ease of passersby connecting to the hotel network, hotels can use authentication measures that use the guest’s name and room number as a barrier to entry.
    • Penetration Testing: If feasible, specialized security companies can test the hotel’s network for security vulnerabilities that could lead to compromises in the network.
    • Inform Guests: Hotel guests should be made aware that hotel WiFi should not be used for accessing sensitive accounts and websites. While you cannot completely control what guests do on the network, ensuring they are aware of the risks is a proactive measure.

Cyber Incident Response Plan

Data breaches are not a matter of if – they are a matter of when. Proactively planning an incident response plan that is specific to cybersecurity incidents will better prepare hoteliers for the steps they will need to take in response to a data breach.

Considerations For Your Incident Response Plan:

    • Cyber Insurance: A dedicated cyber insurance plan will help cover business liabilities if sensitive customer information is breached. They’ll also typically cover ways of covering the costs of restoring and recreating data.
    • Data Breach Notification: Your hotel needs procedures in place for notifying relevant authorities and affected guests of data breaches. The exact process and requirements for disclosing the data breach will depend on your jurisdiction.
    • Customer Support: Understandably, guests that have fallen victim to a data breach of the hotel’s database are going to need added support. This support could take the form of identity theft monitoring, a dedicated customer support line, and other methods for customers to voice their concerns and confirm how they’ve personally been affected by the breach.

Protect Against Insider Threats

While insider threats do include employees and contractors that maliciously steal data, an insider threat can simply be an undereducated employee falling for a phishing email or social engineering scam. 

    • Social Engineering: It’s critical that hotel employees have fundamental computer literacy skills and that they are adequately trained to detect and respond to the social engineering attempts that are used by attackers to gain access to the hotel’s network. 
    • Cybersecurity Training: Employees that interact with hotel computer systems will also need to be trained on their cybersecurity responsibilities. Measures such as multi-factor authentication, good password hygiene, file encryption protocols, and acceptable data handling procedures all go a long way when it comes to keeping guest data safe.
    • Data Loss Prevention: To prevent employees from maliciously stealing data, any sensitive files that are accessible to employees must have the critical security controls necessary to prevent unauthorized access and transfers to external storage devices.

Critical Security Software and Services For Hotels

Classic security software such as anti-virus and anti-malware programs are a good start for increasing network security, but they are not the whole picture. The evolving threat landscape requires hotels to invest in cybersecurity infrastructure much in the same way that they invest in physical security for their buildings.

    • Property Management Systems: PMS’ such as Fosse and Opera provide hotels with a centralized platform for data management. With the large quantity of sensitive data collected and stored by hotels, having a centralized system for data management reduces the potential for file mishandling to lead to a data breach. 
    • Managed Security Firms: Monitoring for advanced persistent threats is simply too resource-intensive for the average hotel. Contracting a dedicated security firm provides the tools and knowledge necessary to monitor hotel databases for suspicious activity. 

Note: When working with third-party service providers, the hotel is still responsible for the security of personally identifiable information and other forms of sensitive data. While data security software companies are heavily invested in maintaining strict security controls, there are still risks of working with a third party. Ensure that the vendor is reputable and that any contracts include a service-level agreement with the provider.


As with any industry that interacts with sensitive data, hotels must make data security a priority; the tips in this article are a critical starting place for hoteliers to start putting their data security responsibilities at the forefront of their operations. Every interaction with data must be carefully controlled to ensure that sensitive data is safe from employees, third-party vulnerabilities, malicious hackers, and guests.


Dale Strickland

Dale Strickland

Marketing Coordinator, CurrentWare

Dale Strickland is a Canadian digital content creator that specializes in voice over, content writing, and graphic design. He is a Marketing Coordinator for CurrentWare, a Toronto-based computer software company with solutions for data loss prevention, content filtering, employee monitoring, and computer power management.

We are in this together!

I need to let you all know that we are in on this together.  If you need to vent, talk, cry, or just have some to talk with then I am here listening. Since I am about to start work at the local Kroeger, I will to the best of my ability to work it out around my schedule.

But you can reach me here:


LinkedIn Profile

LinkedIn Page

Also, join us at our Facebook Group – Hotel Social Media Community

We will get through this unprecedented event together! #hotelstrong #hospitalitystrong

For any specific information on COVID-19, I recommend go to CDCWHOAHLAAAHOA, and HSMAI. Also, follow information from your local authorities.


Stay home stay safe! If you have to go out for essentials say THANK YOU to those that now show a unique spirit to serve, and helps us all get through this. #hotelstrong #hospitalitystrong

About Are Morch

Hi, I am Are Morch. Your Hotel Marketing Coach and Customer Experience Expert specializes in creating effective digital customer experience offer for hotels while growing and scale customer acquisition and revenue.

Get more from Are on Facebook | Twitter | LinkedIn | Pinterest | InstagramPodcast