A new practical cybersecurity guide from the National Institute of Standards and Technology (NIST) can help hotel owners reduce the risks to a highly vulnerable and attractive target for hackers: the hotel property management system (PMS), which stores guests’ personal information and credit card data.
The three-part guide, formally titled Securing Property Management Systems (NIST Special Publication [SP] 1800-27 a, b and c), shows an approach to securing a PMS. It offers how-to guidance using commercially available products, allowing hotel owners to control and limit access to their PMS and protect guest privacy and payment card information.
“We have demonstrated that cybersecurity risk can be mitigated in and around a property management system using today’s technology,” said Bill Newhouse of NIST’s National Cybersecurity Center of Excellence (NCCoE). “Our practice guide documents how we enabled cybersecurity concepts such as zero trust architecture, moving target defense, tokenization of credit card data, and role-based authentication in a reference design that addresses cybersecurity and privacy risk. We also offer specific use cases to show the functionality of the design.”
In recent years attackers have compromised the networks of several major hotel chains, exposing the information of hundreds of millions of guests. According to a recent offers cybersecurity guide tailored hospitality industry
