Responding to a Security Incident

Even with strong safeguards in place, incidents can still happen. Quick and decisive action is the best way to minimize damage, protect guest data, and restore secure operations. Use this checklist if you suspect an unauthorized user has accessed your PMS or hotel network.

1. Contact Your Police Department

File a police report immediately.

Request a case number for insurance purposes.

2. Engage Your IT Provider

Ask your IT provider to perform a full scan of your computers and network.

Verify whether any unauthorized applications or programs have been installed.

Re-image or replace compromised machines if necessary.

3. Check the Security Log Report

Review logs to see what accounts and data may have been accessed.

Cloud PMS: Navigate to Management → User Settings → Security.

Desktop PMS: Navigate to Management → Admin → Security.

4. Reset All Passwords

Treat all stored passwords in browsers as compromised.

Change PMS, email, and any other system credentials immediately.

Require all employees to use new, unique passwords.

If you suspect a hack or want to reset every employee’s password, open a support ticket. Visual Matrix can trigger a full reset across all accounts.

5. Restrict or Remove Compromised Access

Disable suspicious user accounts right away.

Remove or tighten IP access as needed.

Reconfirm that only current staff have active accounts.

6. Notify Required Parties

Contact your Cyber Liability Insurance provider for guidance and coverage.

For Best Western properties: Contact the Best Western Helpdesk for further instructions.

7. Request a Vulnerability Scan

Ask your IT or monitoring partner to run both internal and external scans.

Confirm that no hidden backdoors remain before resuming normal operations.

A fast and organized response is the difference between a contained incident and a prolonged crisis. By contacting authorities, securing systems, and notifying the right parties, you protect your property, your staff, and your guests.

Still need help with this topic?

Ask Yourself:

- Have I filed a police report and received a case number?

- Has my IT provider completed a full system scan?

- Did I check the Security Log Report for suspicious access?

- Have all passwords been reset, including those stored in browsers?

- Did I disable or restrict any suspicious user accounts or IPs?

- Did I notify my Cyber Liability Insurance provider (and Best Western Helpdesk, if applicable)?

- Have vulnerability scans been run to confirm the system is clean?

Support May Ask You:

- When did you first notice the suspicious activity?

- Have you already contacted law enforcement or insurance?

- What did your IT provider’s scan reveal?

- Can you share findings from the Security Log Report?

- Which accounts or IP addresses were restricted or removed?

- Have vulnerability scans been scheduled or completed?

Responding to a Security Incident

Responding to a Security Incident

1. Contact Your Police Department

2. Engage Your IT Provider

3. Check the Security Log Report

4. Reset All Passwords

5. Restrict or Remove Compromised Access

6. Notify Required Parties

7. Request a Vulnerability Scan

Still need help with this topic?

Related Article(s)

Related Articles

Visual Matrix Security Overview

Visual Matrix Security Collection

Core Security Best Practices

FAQ - PMS Safety & Security

Hotmail Security Settings for Visual Matrix Compatibility