The National Institute of Standards and Technology (NIST) has released a three-part guide designed to help hotels boost the protection of customer data and other contents of their property management systems against cyber threats.
Titled “Securing Property Management Systems,” the guide advises hotel owners on how to cybersecure the systems that hold credit card data and other personal information of guests, NIST said Tuesday.
“Our practice guide documents show we enabled cybersecurity concepts such as zero trust architecture, moving target defense, tokenization of credit card data and role-based authentication in a reference design that addresses cybersecurity and privacy risk,” said Bill Newhouse, a cybersecurity engineer at the agency’s National Cybersecurity Center of Excellence (NCCoE).
The guide’s first part is an executive summary while the second one features guidance on the approach, architecture and security characteristics hotels should be aware of to reduce risks. The third and final part educates information technology practitioners on how to implement the security recommendations.
Cybersecurity technology providers helped NCCoE and the hospitality business community develop a design that could safeguard information within the PMS and connected IT infrastructure of hotels. The “PMS reference design” could also stop users from accessing various systems and services.
Hospitality is the third among industries that experienced cybersecurity breaches in 2019, according to an industry report. Thirteen percent of the total incidents compromised hotel chains.
