May 30, 2022
You use a property management software (PMS) solution every day, yet there’s one important thing few remember to consider: its security.
Be honest: how often do you think about your property management software security? Rarely? Ever?
Think of all the private guest data you house and the implications of that information being breached! Your hotel’s very operations could be at risk.
There's no better time than the present to go over these security considerations for your PMS. Here are some questions to ask yourself to better secure your property management system:
1. Have You Taken Steps To Ensure Your Customer’s Data (and Yours!) Is Secure?
Besides your property management systems’ out-of-the-box security features, have you taken additional measures to add more layers of defense? Consider the following:
How many staff members do you allow to use your PMS, and how many different usernames and passwords do you need to keep safe? For the best security, it’s important to use unique, hard-to-guess passwords for each platform’s login — but that's hard for your team to remember and protect. We recommend installing a password management tool to house all your important passwords. It’ll professionally store and hash all passwords, making it easy for staff to auto-login but impossible for hackers to decrypt.
A simple yet extremely effective security measure is enabling multi-factor authentication (MFA). Instead of only needing one form of identification to gain access to something — like entering a username and password alone — MFA requires a user to verify the second piece of information — like answering a set of security questions or entering an SMS-texted code. Hence, the name “multi-factor,” or sometimes referred to as “two-factor authentication,” since it requires two forms of independent authentication to gain access.
Phishing Awareness Training
Phishing is a form of social engineering in which a cyber threat actor tries to trick your employees into sharing access to private information. Sneaky criminals try to con your team via email, phone, or even text message to click infected links that’ll give your device malware or to provide private information that enables them to easily hack your PMS. Because hotels store so much private guest data, the hospitality industry is a huge target for this type of cybercrime. It’s up to you to educate your staff on the threat of phishing and how they can avoid this type of cyber attack. Read more from the Federal Trade Commission on recognizing and avoiding phishing scams.
2. Are You Using Your PMS on a Secure Network?
Even the best-secured property management tool is hackable if it's running on an unprotected or poorly protected network. Do you run your operational tools on the same WiFi network you share with guests? If so, change it so that you have a private network for business and a separate, publicly-accessible WiFi for customers. Be sure to change the factory-set passwords on the network to strong, secure passwords and set reminders to change them every few months.
Be sure to also educate your employees on the dangers of accessing your PMS via a public network or device, explaining how public WiFi is subject to all sorts of vulnerabilities. For instance, cybercriminals can make fake WiFi network names that look legitimate. Instead of logging onto a Starbucks WiFi network, remote staff could be hopping on a hacker’s proxy network — a fake WiFi network programmed to capture all data viewed while connected.
3. Who Is Using Your Hotel’s PMS?
Of course, your staff should have access to your hotel property management system — but not everyone needs an all-access pass. Restricting user permissions helps to ensure that only those who need to view data can view it. In the event a user’s credentials are compromised, this helps to keep a hacker from accessing your PMS or hotel’s digital infrastructure at large. Since human error is a major contributing cause in 95% of breaches, the fewer hands using your system, the better.
Teach your staff about the principle of least privilege and be mindful of the permissions each user is granted. Don’t forget that proper training on your hotel PMS can also help to drastically reduce errors and foster better security!
4. How Does Your PMS Provider Value Security?
When vetting property management software, don't be afraid to ask your provider what they are doing to keep their product secure. How was security prioritized in the coding and design? How often do they roll out updates? How can they help you enforce a stronger security policy with your staff?
Does their software boast approval from leading security standards like PCI DSS, GDPR, OWASP, SSAE 18 SOC 1 and other important certifications and accreditations? For example, here at Solonis we are proud to be the only property management system to have earned the Federal Risk and Authorization Management Program (FedRAMP) certification, meaning we offer the same level of cloud security as U.S. Federal Agencies. Don’t be afraid to ask your PMS provider for verification of all these important stamps of approval.
5. Do You Know All the Areas of Vulnerabilities for Your Property?
Your PMS makes up just one part of your hotel’s holistic security concerns. Other cyber threats can arise through your POS systems, outdated technology like phone systems or fax machines, physical security cameras and devices, and really any technology that’s connected to the Internet.
With all pieces of technology, be sure you are performing frequent updates to keep up with the latest security patches. Remind your staff that this isn’t solely management’s responsibility. If they become aware of an update, alert your management team. Better yet, consider outsourcing an IT provider so none of these important updates are missed and your guest data isn’t at risk.
6. Does Your Platform Have a Response Plan in the Event of a Breach?
No matter how well you prepare, security problems still occur. Instead of acting as if they aren’t possible and panicking when a breach happens, be sure to prepare a proper security response plan ahead of time. Whether you are creating one for the very first time or want to give your current plan a well-needed update, Traveler’s has some great how-to advice.
Here at Solonis, our Breach Response Plan uses adaptable strategies, depending on the origin and extent of the breach.
Fewer Hotel Management Tools, Better Security
Hoteliers juggle dozens of different tools to keep their property running smoothly. But the more pieces of software you use, the higher your risk of breach.
Opt for an all-in-one solution to keep you and your customers’ data more secure. Download the All In One Hotel Management Software to explore all the perks of using Solonis as your one and only hotel management system.