What cybersecurity challenges do hotels face today?
Hotels in Malaysia face increasing digital threats from both external misuse and internal vulnerabilities.
As the hospitality sector becomes more reliant on digital services, cybersecurity risks grow in both volume and sophistication. Many hotels, especially mid-sized chains and independent resorts, offer open or lightly protected WiFi networks to guests. Meanwhile, hotel staff operate multiple digital systems daily — property management systems (PMS), POS terminals, inventory software — all of which can be targeted if not properly secured.
These overlapping systems create a complex IT environment that can easily be exploited if left unmonitored. Without strong cybersecurity measures in place, hotels face the risk of service disruption, data leaks, reputational damage, and in some cases, legal consequences under data protection laws.
External Threats
Open or poorly segmented guest WiFi networks can be exploited for malicious activity, putting hotel systems and guests at risk. Providing free WiFi is now a standard hospitality offering. However, many hotels still operate without proper network segmentation — meaning guest traffic flows through the same infrastructure as internal systems. This opens the door for abuse.
For example, a guest can use the hotel’s IP address to:
- Download pirated content or host illegal websites
- Launch phishing campaigns masked behind the hotel’s network
- Scan for vulnerabilities in devices connected to the internal network
If a guest manages to access unsegmented back-office networks, they could potentially reach sensitive systems such as the PMS or even surveillance and door-lock systems.
Real-World Reference
The Marriott International data breach (2018) exposed the personal data of over 500 million guests globally. The attackers reportedly maintained access for four years before being detected.
To prevent similar intrusions, hotels must implement strict WiFi segmentation using technologies from partners like Cisco and Ruckus, combined with access control policies that limit network exposure.
Internal threats
Staff-related cybersecurity issues — both accidental and intentional — are an often overlooked risk in hotel operations. Internal threats don’t always come from bad actors. In many cases, it’s untrained or unaware staff who accidentally create exposure points.
Common scenarios include:
- Logging into hotel systems using weak passwords
- Using unsecured USB drives on shared computers
- Ignoring system update prompts on workstations
- Clicking phishing emails disguised as vendor or booking requests
In other situations, insider threats could be deliberate — for instance, a disgruntled employee leaking customer data or overriding system logs. These risks are especially relevant in high-turnover environments like hotels, where staff often share credentials or workstations.
Mitigating these internal threats requires not only technical controls — like endpoint protection and access logging — but also strong cybersecurity training programs. This is where vendors like WithSecure and Sangfor provide security suites tailored for hospitality use cases, including user behavior monitoring and proactive endpoint defense.
What cybersecurity measures can protect hotel businesses?
Hotels need a layered cybersecurity strategy that combines infrastructure-level controls, employee training, and endpoint protection. It’s not just about having antivirus software. Every part of your digital environment is secure, from guest WiFi to internal systems. In hospitality, the smallest vulnerability can impact operations, guest trust, and your brand reputation.
Chong YC
CallNet Solution Mangaing Director
Because hotels serve both public and private users across a shared network, cybersecurity must be approached holistically. Protecting the business isn’t just about installing antivirus software—it’s about proactively managing access, monitoring usage, and preparing for incidents.
Below are the core cybersecurity measures that hotel operators in Malaysia should prioritize:
1. Network Segmentation for Guest and Internal Systems
Segmenting the network ensures guest traffic never touches critical systems.
Guest WiFi should be isolated from internal hotel infrastructure through VLANs or firewalled subnets. This prevents guests from accessing systems like the property management system (PMS), POS, or surveillance setups.
Recommended Technologies:
- Cisco Meraki and Ruckus for secure, cloud-managed WiFi segmentation
- Sangfor NGFW for internal traffic control and guest access restrictions
2. Firewall and Bandwidth Control Policies
Firewalls act as the first line of defense against external misuse and internal exploits. Hotels must enforce strict content filtering and bandwidth policies to prevent guests from:
- Accessing illegal or unsafe websites
- Running high-bandwidth applications that strain the network
- Using the hotel IP for malicious behavior
Recommended Technologies:
- Sangfor IAG for bandwidth shaping and content filtering
- Cisco Secure Firewall for unified threat management
3. Endpoint Protection for POS and Back-Office Devices
Hotels often rely on outdated or unpatched systems to run daily operations. These devices should be equipped with modern endpoint protection to prevent malware, ransomware, or unauthorized access.
Recommended Technologies:
- WithSecure Elements: Endpoint Detection & Response (EDR)
- Dell Endpoint Security Suite: For system hardening and malware defense
4. User Access Control and Behavior Monitoring
Limiting who can access what — and logging how they use it — reduces insider risks. Ensure each staff member has access only to the systems required for their role. Implement multi-factor authentication (MFA), regularly rotate passwords, and monitor user activity for anomalies.
Recommended Tools:
- Sangfor Cyber Command or SIEM integrations for real-time behavior analysis
- Role-based access control via Microsoft Active Directory or similar
5. Cyber Hygiene and Staff Awareness Training
Even the best tools fail if staff click the wrong link. Human error remains the biggest cybersecurity vulnerability. All hotel staff should receive periodic training on:
- Recognizing phishing emails
- Handling guest data responsibly
- Following SOPs during IT issues
Training Can Be Delivered Through:
- Short monthly modules or posters in staff areas
- Awareness campaigns during onboarding
- Simulated phishing exercises
These cybersecurity foundations reduce the risk of disruption, fraud, and reputational loss. And because the hospitality industry runs on trust, visible security practices, such as secure guest login pages or staff with visible ID protocols, can reinforce confidence with guests.
How Callnet Solution helps Malaysian hotels strengthen their cybersecurity posture
We understand the day-to-day realities of running hotels — guests demand fast, open WiFi; staff use shared systems; and IT support is often limited. That’s why our cybersecurity support focuses on solutions that are scalable, easy to manage, and purpose-built for the hospitality environment.
Here’s how our company can help:
- Network & Threat Assessments: We identify exposure points in guest WiFi, staff systems, and network access controls.
- Tailored Deployments: Using technologies from Cisco, Sangfor, WithSecure, Ruckus, and Dell, we secure both public and internal hotel networks.
- Staff Awareness Programs: Simple training modules help reduce risks from human error—still the leading cause of breaches.
- Local Support & Response: Our team provides ongoing monitoring and assistance, with direct access to regional tech partners.
We’ve worked with hospitality businesses across Malaysia, delivering the right level of security without adding operational friction.
What should hospitality operators do next?
Cybersecurity is a business safeguard. For hotels, a single breach can lead to lost bookings, damaged reputation, and regulatory scrutiny. But most threats can be prevented with the right planning and tools in place.
Here’s what you can do today:
- Review your current guest WiFi setup: Is it segmented from internal systems?
- Check who has access to sensitive systems: Are staff using shared logins or weak passwords?
- Ensure all devices are protected: Are your POS terminals and workstations secured with modern endpoint protection?
- Train your team: Do employees know how to spot phishing emails or respond to suspicious activity?
If you’re unsure where to start — or suspect your current protections aren’t enough — Callnet offers free consultations for Malaysian hotel operators. We’ll help assess your current setup and recommend practical next steps based on your size, location, and risk profile.
Book a free consultation today to strengthen your cybersecurity posture before the next threat hits.
