Data breaches are a concerning and damaging threat to all kinds of industries and businesses worldwide.

In a cyber attack, hackers take all types of sensitive information from businesses – anything from email addresses to home addresses and credit card data.

A breach in the security of guests’ information at your B&B reflects badly on your brand reputation and can be a serious detriment to future revenue. As a property owner, you need to ensure you’re providing comprehensive digital security for guests.

This blog explains everything you need to know to keep your B&B’s – and your guests’ – data safe.

What is data security? Watch this first!

Data security means protecting data from being accessed, stolen, or damaged by unauthorised persons. Data security may be impacted by cyber attacks or data breaches and can have serious consequences for businesses – particularly small ones that may not have the means to recover.

Watch this video to get expert tips on how you can keep your hotel safe from data security threats:

Data security breaches: Is your B&B at risk?

Small hotels and B&Bs are common targets of data breaches, and the reason for this is credit card payments. The security breach happens online, because that’s where your guests are making their bookings, or where your front desk staff are making bookings on their behalf.

No hotel is too big or small to be a target. In fact, the smaller your property, the more vulnerable you are to attack.

Types of security breaches

There are three security threats you need to be aware of:

  1. Malware
    Malware, short for malicious software, is the most common and most dangerous online security threat thanks to its diversity. It poses many dangers to hotel technology such as reservations systems. Types of malware that you may be familiar with include viruses and ransomware.
  2. Spam
    Spam refers to an unsolicited message – usually advertising material (think of the ‘spam’ folder in your email). But in some cases spam messages can carry dangerous malware and be very convincing. Avoid opening emails and clicking links that look suspicious or are asking you to provide money or personal details.
  3. DoS attacks
    A denial-of-service (DoS) attack occurs when a hacker or virus shuts down a machine or network and prevents it being accessed by its intended users. The victims of DoS are usually high-profile organisations who people have a slight against, so you might be off the hook here.

Is your B&B PCI compliant?

The PCI Compliance Guide define PCI DSS (Payment Card Industry Data Security Standard) as “a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment”.

PCI compliance means that you have met a set of safety standards that are required for processing financial transactions online. A merchant account that is PCI compliant will have a secure server that allows you to process the payments.

Is your B&B website HTTPS secure?

Nothing is more important to online travel bookers than website security. Their personal and payment details must be kept safe, and if they’re shopping on your B&B website they need to know they can trust it.

Most websites use “SSL encryption” to protect data that’s transmitted between a website and a shopper. The SSL encryption requires a secure form of communication between a website and the consumer, known as HTTPS – where the ‘s’ stands for secure.

This is indicated to the user in the URL which displays ‘https’ and it also shows the padlock symbol on the left-hand side of the URL bar which reassures people their data is secure when entering private details.

So, what does it mean for your B&B?

As of July 2018, Google favours websites that are HTTPS secure. If your site isn’t secure, Google may warn users it isn’t safe and could even restrict access to your web pages.

84% of users say they would abandon a purchase if data was sent over an insecure connection, with many concerned about their data being stolen. So, if your B&B wants to convert direct bookings and maintain a high ranking on Google’s search results page, it’s vital you become HTTPS secure.

When shoppers see the little padlock on their browser, it gives them peace of mind and an immediate sense of trust in your business.

How do you become HTTPS secure?

One of the easiest ways to ensure your B&B website is secure is to invest in a professional website builder tool. This solution will automatically come with secure encryption and will also help you maintain a functional and charming B&B website.

The beauty of using a customisable website builder is that you’ll have your brand new website within days and it will automatically keep pace with Google’s updates as time goes by.

Does your B&B use a secure online payment gateway?

Accepting bookings through your website is necessary, but you also need to have a safe and secure online payment gateway to make it work.

While travellers prefer the ease and convenience of booking online, they also want to make sure that they are working with a reputable vendor who will keep their personal and financial information secure.

Payment gateways are third party services that process card payments on behalf of your hotel. They will usually take a small percentage of each reservation for the use of their service.

An online payment gateway is a system that works with your booking engine in order to allow you to process secure payments online. It will authorise credit card information of customers who want to make their reservations instantly on your website.

Make sure your property management system (PMS) supports the secure transmission of payment card details and sends guests an automatic confirmation message as soon as payment is accepted. This will show guests you are trustworthy and provide reassurance that their information has gone to the right place.

Why would it benefit your small hotel?

An online payment gateway is necessary for any type of hotel, no matter its size.

Today’s travellers prefer to book their accommodations online – and you need to make it as easy as possible for your guests to book out rooms at your B&B.

What should you look for in an online payment gateway?

As a small hotel operator, there are several features you need in an online payment gateway:

  • Consistent and reliable service

The experience of processing an online payment should be effortless for your guests. They should not even be aware that an online payment gateway is being used.

It’s essential that you work with a gateway that connects with your booking engine and works with it properly.

You want your customers to be able to book their rooms at your hotel without having any issues during the online payment process.

  • Security

This is of utmost importance when it comes to choosing an online payment gateway.

A study by Trustwave’s SpiderLabs showed that of 218 data breach investigations from 24 countries, 38% of the attacks occurred on hotels and, of the data stolen, 98% was credit card information.

Your guests are entrusting you with their most personal and private financial information, and it’s critical that you protect them at all costs.

It’s not enough to have an SSL certificate on your website, or rely solely on third-party payment services such as Paypal or Google Checkout to handle your guests’ credit card security. Each program you use must be securely locked down.

Discuss data storage techniques with your online payment gateway in order to be sure that your valued customers’ information will be safe and secure at all times.

  • Customer support

It’s essential to have a positive working relationship with the support team at the online payment gateway that you choose.

They should be available to assist you in the event of an unforeseen circumstance or if any issues arise.

  • Currency conversion

People from all over the world will want to book your rooms, especially when they can do it easily online.

Choose an online payment gateway that will convert any currency without charging you excessive fees to do so.

Install cybersecurity measures

Cybersecurity is the technology, processes and practices designed to protect networks, computers, programs and data from unauthorised access.

Here a couple of critical tips for businesses to reduce the risk of a data breach:

1. Keep malware from attacking your computer by keeping your software up to date

A good method for this is to use internet-based (cloud) technology instead of updating software programs on multiple computers. With cloud technology you will only require one application login and your data will be consistently backed up.

Because cloud-based suppliers automatically backup and update their system, the need for costly hardware and the worry of losing important customer information during difficult installations will be eliminated.

2. Use unique passwords and access

Creating different users and splitting access levels for each employee will reduce the opportunity for a hacker to gain control of your system. Managing what access employees have also makes it easier to track user activity and restrict access to certain areas.

For example, your PMS should allow you to select between ‘User’ or ‘Supervisor’ and implement a two-factor authentication for sensitive information. This adds a high level of security for your front desk system, and the guest information it stores, by limiting access to only your necessary employees.

Remember: Don’t forget the six expert tips outlined in the video at the start of this article.



By Dean Elphick

Dean is the Senior Content Marketing Specialist of Little Hotelier, the all-in-one software solution purpose-built to make the lives of small accommodation providers easier. Dean has made writing and creating content his passion for the entirety of his professional life, which includes more than six years at Little Hotelier. Through content, Dean aims to provide education, inspiration, assistance, and, ultimately, value for small accommodation businesses looking to improve the way they run their operations (and live their life).