New Australian research has singled out hospitality as one of the weakest sectors on basic cyber hygiene. As reported by Tech Business News, only about half of hospitality businesses use unique passwords and just one in three protect their business email with multi-factor authentication (MFA). That’s against a backdrop where 84% of Australian small businesses copped a cyber incident in the past year.

Why it matters for venues

Pubs, clubs, hotels and restaurants make tempting targets: high transaction volumes, casual staff turnover, shared logins, and booking and POS systems stuffed with customer data. The biggest financial risk isn’t dramatic hacking — it’s payment redirection, where a scammer slips into an email thread and quietly changes the bank details on an invoice. The National Anti-Scam Centre logged $166.8 million in payment redirection losses across Australia in 2025. Without MFA on email, a single phished password is all it takes for an attacker to sit inside your accounts and wait for the next invoice to go out.

Three fixes for this week

None of them are expensive. First, turn on MFA for every email and admin account — it’s the single highest-value control you can deploy, and it’s already included with the Microsoft 365 plans most venues pay for. Second, stop sharing logins; give each staff member their own account so access can be cut the day they leave. Third, set a hard rule that any change to supplier bank details is verified by a phone call to a known number — never by replying to the email.

If your group runs several sites and nobody clearly owns this, that’s the gap. Our hospitality IT team and managed security awareness training can lock down the basics across every venue without slowing your floor staff down.