Cybersecurity training for managers and employees working in the hospitality industry


For decades, when we were using the words “hotel security”, we were usually referring to “physical security”. It was all about guest protection, locks, safes, and surveillance.

Guests and hotel employees today expect that the same level of protection extends to the digital assets that reside not only on their laptops and smartphones, but also on the hotel’s systems. Hotels are obliged to respect this expectation, especially after the new privacy regulations, including the General Data Protection Regulation (GDPR).

Hotels and subsidiaries of hotel chains must comply with cyber security and privacy laws and regulations, and must follow international standards and best practices that protect their guests and employees.

A new cybersecurity culture is necessary. It refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms, values and expectations of hotel guests regarding cybersecurity.

Cybersecurity awareness for all managers and employees of a hotel is necessary, in order to make information security considerations an integral part of an employee’s job, habits and conduct, embedding them in their day-to-day actions.

We tailor the program to meet specific requirements. You may contact us to discuss your needs.

Target Audience

The program is beneficial to all managers and employees working in hotels and subsidiaries of hotel chains.

Course synopsis


- Important developments in the hospitality industry after the new privacy regulations, including the GDPR and the revised Data Protection Act (DPA).

- Understanding the challenges.

Who is the “attacker”?

- Countries, competitors, criminal organizations, small groups, individuals, employees, insiders, service providers.

- Hacktivists and the hotel industry.

- Professional criminals and information warriors.

How they attack hotels?

- Step 1 – Collecting information about persons and systems.

- Step 2 – Identifying possible targets and victims.

- Step 3 – Evaluation, recruitment and testing.

- Step 4 - Privilege escalation.

- Step 5 – Identifying important clients and VIPs.

- Step 6 – Critical infrastructure.

Employees and their weaknesses and vulnerabilities.

- Employee collusion with external parties.

- Blackmailing employees: The art and the science.

- Romance fraudsters and webcam blackmail: Which is the risk for the hotel?

Specific risks for the hospitality industry, and best practices to protect the hotel.

- What guests need, and which are the cyber risks?

- a. Speed and convenience.

- It is difficult to balance speed, convenience and security.

- b. Effective and efficient web site and reservation system.

- Examples of challenges and risks.

- c. Great customer service.

- Example - how it can be exploited.

- d. A nice room and housekeeping.

- Example - “The cleaning staff’s hack”.

- e. Food, drinks and entertainment.

- Point-of-sale (POS) fraud and challenges.

- Credit card cloning.

- f. Internet access.

- Honeypots, rogue access points, man-in-the middle attack.

- g. Security.

- Unauthorized access is a major problem, and social engineering is a great tool for attackers.

- h. Privacy.

- The hotel industry is considered one of the most vulnerable to data threats.

- i. Money (if they can sue the hotel for negligence).

What must be protected?

- Best practices for managers and employees in the hospitality industry.

- What to do, what to avoid.

- From customer satisfaction vs. cyber security, to customer satisfaction as the result of cyber security.

- The DarkHotel group.


- Trojan Horses and free programs, games and utilities

- Ransomware.

Social Engineering.

- Reverse Social Engineering.

- Common social engineering techniques

- 1. Pretexting.

- 2. Baiting.

- 3. Something for something.

- 4. Tailgating.

Phishing attacks.

- Spear-phishing.

- Clone phishing.

- Whaling – phishing for executives.

- Smishing and Vishing Attacks.

Cyber Hygiene.

- The online analogue of personal hygiene.

- Personal devices in the hotel.

- Untrusted storage devices.

Case studies.

- InterContinental.

- Wyndham.

- Starwood.

- Hyatt.

- Hilton.

- Romantik Seehotel Jägerwirt.

- What has happened?

- Why did it happen?

- Which were the consequences?

- How could it be avoided?

Closing remarks and questions.

Terms and conditions

You may visit:

For more information, you may contact us.

Our Services

Cyber security is ofter boring for employees. We can make it exciting.

Online Training

Recorded on-demand training and live webinars.

In-house Training

Engaging training classes and workshops.

Social Engineering

Developing the human perimeter to deal with cyber threats.

For the Board

Short and comprehensive briefings for the board of directors.


Open source intelligence (OSINT) reports and recommendations.

High Value Targets

They have the most skilled adversaries. We can help.

Which is the next step?


You contact us


We meet and discuss


Our proposal


Changes and approval


We deliver

Cyber Risk GmbH, Cyber Risk Awareness and Training in Switzerland, Germany, Liechtenstein