At Access, we take data protection and system security extremely seriously. Our Guestline Property Management platform includes a range of advanced security features designed to prevent unauthorised access and ensure guest and business data remains secure.

If you suspect your site or account has been compromised, it's important to act quickly. This guide will help you identify potential security issues and take appropriate actions.

Signs your site may have been breached

Warning signs:

Unusual login activity by users.
Unfamiliar user accounts or changes to user permissions.
IP addresses that don't match your normal location pattern.
Unusual activity within Design Query, Reservation searches or Guest Lists.
Emails or notifications about password resets you didn't request.
Reports from guests about suspicious messages claiming to be from your property.
Changes to payment or banking information.

Immediate steps to take

1. Act quickly and document your actions

Stay calm and follow these steps methodically. Quick action can minimise potential damage.

Keep a detailed record of the breach, including when you first became aware of the issue, how you discovered it, and all actions and remedial measures taken.

2. Reset passwords

Contact all users to change their passwords immediately.

How to reset a password:

Email-based accounts can reset passwords themselves at any time. For more information, visit our support article on Resetting your own platform user password.
Username-based accounts require an Admin to reset passwords. For more information, visit our support article on Reset another platform users' password.

Remind users to:

Change passwords to a strong, unique password you haven't used before.
Use a combination of uppercase, lowercase, numbers, and special characters.
Make it at least 12 characters long.
Don't reuse passwords from other accounts.
Never share their account with another user or have "communal" accounts.

3. Ensure users have multi-factor authentication (MFA) enabled

Ensure your staff are using MFA to protect their user accounts and system data. Even if a password is compromised, MFA provides critical additional protection against unauthorised access.

For more information, visit our support article on Enabling Multi-Factor Authentication(MFA). If MFA is not possible for your site, please set up Trusted Browsers for your property.

4. Review system activity

Review recent activity in your system to determine what data may have been accessed:

Check for unfamiliar logins or unusual access times.
Identify unknown IP addresses.
Identify reports that ran for extended periods or returned an unusually large number of entries.
Examine any data exports or reports that were generated.
Document your findings with dates, times, and screenshots.

How to review system activity

To access the system logs to review user activity, follow the steps below:

Within Guestline navigate toHelp , then select Logs , then select System.
Set the From andTo dates for the period you want to review.
Choose an Entry Type from the drop-down menu.
🤓 Tip: Print Report and Reservation searches often return the best results.
Leave the Operator field blank unless a specific user has been flagged as a breached account. In that case, select the user from the drop-down menu to view their activity.
Click Refresh to display results, including the r eport name, the number of records accessed, dates used, and the IP address this report was accessed from.
🤓 Tip: You can verify an IP address using reputable online IP lookup tools. These tools can help you identify the location and details associated with IP addresses.
Locate the report in the system and re-run it using the same parameters to determine which guest data was accessed.

Here is an example, we have created, of how unauthorised activity within your system can look:

5. Assess risk and compliance requirements

Based on your findings, assess the severity of the breach and determine whether you need to:

Notify the Information Commissioner's Office (ICO).
Inform affected guests.
Take additional regulatory action.

Key considerations:

The nature and sensitivity of the data accessed.
The number of people potentially affected.
How easily can individuals be identified from the data.
Potential harm to affected individuals.

Under UK GDPR, you may be required to notify the ICO within 72 hours if the breach poses a risk to individuals' rights and freedoms. If the breach poses a high risk, you may also need to notify affected guests directly.

For guidance on notification requirements, refer to ICO guidance on personal data breaches and UK GDPR legislation.

6. Contact support

If Guestline has already contacted you about suspicious activity:

You do not need to raise a separate support ticket—our team has already investigated and provided information to you. However, if you find that you need further assistance, please reach out to them at any time.

If you discovered the suspicious activity yourself:

Before contacting support, collect the following information if possible:

Date and time you first noticed the issue.
Specific changes or unusual activity you've observed.
Any suspicious emails or messages you've received. Screenshots of unexpected changes or errors.

Contact our support team on 01743 282 300.

When contacting our support team, please provide:

A description of the suspicious activity you've noticed.
Specific details about when you first noticed the issue.
Confirmation that you have completed steps 1-5 above.

7. Implement prevention methods

After resolution, review what happened and implement additional security measures to prevent future breaches. Your security is only as strong as your least-informed staff member. Make security awareness part of onboarding and conduct regular refresher training to avoid future breaches.

Remind all users to: