Cybersecurity isn’t usually top of mind for hoteliers. But it should be. Protecting your guests’ data and your property’s systems isn’t just IT – it’s a shared, business-critical responsibility.
In the latest episode of Matt Talks, Mews CEO, Matt Welle, sat down with Josh Edwards, Operating Systems Manager from Penta Hotels, to dive into a crucial, often overlooked topic: how to keep hospitality tech – and your guests – safe in an increasingly digital world.
When cybersecurity goes from risk to reality
For Penta Hotels, it took a full-scale ransomware attack in 2021 to realize how vulnerable hotel systems really are. A single compromised login led hackers to cripple their entire on-premises infrastructure, disrupting operations across multiple countries.
The consequences? Phone lines went dead, doors locked down, hardware had to be destroyed, and chaos spread across properties. But for Josh and the team at Penta, they turned this crisis into an opportunity to improve.
Rebuilding with security at the heart
Rather than patching the holes, Penta rebuilt their entire IT framework from the ground up. They partnered externally, pivoting their team’s focus to cybersecurity expertise.
Their new security model rests on six pillars: protect, prevent, detect, respond, recover and review. These aren’t just buzzwords. Each pillar is backed by processes and controls that govern their entire ecosystem, creating resilience rather than fragility.
Some practical examples:
- IP restrictions: logins are geo-verified to prevent suspicious access.
- Real-time monitoring: a security partner tracks every user and device, shutting down threats instantly.
- Phishing simulations: employees regularly practice spotting phishing attempts.
- Passkey authentication: password managers and biometrics replace sticky notes and reused passwords.
It’s a culture shift – one that takes leadership and frontline buy-in. Two-factor authentication, for example, might feel inconvenient at first, but understanding the “why” turns it into a non-negotiable safeguard.
Don’t wait for a wake-up call
Thankfully, not every hotel has experienced Penta’s dramatic moment. But the real question every hotelier should ask is: what happens if you lose access to your systems tomorrow?
- How do you check guests in?
- Who do you call?
- Which reports do you need?
If you can’t answer these (or if you don’t like the answers), it’s time to act. Cybersecurity planning doesn’t have to be abstract. Roleplay a shutdown scenario. Test your team’s readiness. It builds confidence and exposes blind spots.
Cloud vs on-premises: the debate Is settled
One of Penta’s biggest moves was ditching on-premises servers for cloud-native solutions. Hosting your own servers means taking on the full burden of maintenance, compliance and security. It’s an expensive and risky game.
Cloud providers like Microsoft Azure offer world-class security baked in. Constant monitoring, automated updates, threat detection and compliance certifications you simply can’t replicate at scale. And Mews (as a Microsoft strategic partner) takes this a step further.
How Mews elevates hospitality security
At Mews, security is built into every layer of the platform. From data encryption at rest and in transit to robust access controls and regular security audits, our cloud-native solution minimizes risk while maximizing uptime.
- Continuous monitoring: we monitor our infrastructure 24/7 with advanced threat detection.
- Data privacy compliance: Mews is GDPR and PCI DSS compliant, ensuring your guest data stays protected.
- Access management: role-based permissions keep sensitive data visible only to those who need it.
- Regular penetration testing: independent experts continuously probe our systems to find and fix vulnerabilities before they become problems.
Moving to Mews means shifting from reactive to proactive security – an increasing reason why hoteliers choose us as their PMS partner.
A security-first hospitality future
Cybersecurity is evolving fast. Penta is already looking ahead, scaling biometric access, implementing single sign-on (SSO), and simplifying employee workflows by reducing login fatigue.
Leadership engagement remains critical. When executives treat cybersecurity as non-negotiable, the whole organization follows. Protecting guest data isn’t just an IT cost – it’s an investment in trust, reputation and business continuity.
A call to action for hoteliers
Cyberattacks targeting hotels are increasing, from phishing and spoofing to ransomware. Cybersecurity isn’t a back-office issue. It’s an operational priority that touches every guest, every employee, every property. Your security is only as strong as your weakest link.
At Mews, we’re committed to empowering hoteliers with secure, modern technology so you can focus on what matters: delivering exceptional guest experiences without compromise.
If you’d like to know more about how Mews keeps your guest and property data secure, check out our security page.
.webp)