OBRYN GUARD® • CAPABILITY BRIEF

Lock Down Access

Outcome
MFA enforced • Least privilege • Vendor access controlled
Insurer-aligned identity + access controls.

Most hotel cyber claims start with access problems: shared logins, missing MFA, stale vendor accounts, or a staff member with permissions they never needed. “Lock Down Access” removes those weak points while keeping operations fast — and it produces proof you can hand to underwriting and audits.

AudienceGM • Ops • IT • Finance • Risk
ProtectsPMS • email • POS • vendor portals • endpoints
ProofMFA reports • access rosters • role summaries • offboarding logs
Rule 1
No MFA = no access
Not “recommended.” Enforced.
Rule 2
Least privilege
Front desk ≠ admin. Vendors ≠ staff.
Rule 3
Remove stale access
Offboarding is a control, not a task.
Next step
Request an Access Lockdown
We enforce MFA, clean access, and produce insurer-ready evidence.
Request Lockdown

Why access control is the highest-leverage fix

Training reduces clicks. Access control prevents damage when clicks happen. Insurers care because identity failures are repeat offenders: compromised email leads to invoice fraud, vendor accounts lead to ransomware paths, shared logins kill accountability.

Common hotel access failures
  • Shared logins during shifts
  • MFA “optional” or inconsistent
  • Vendors left active after projects
  • Generic admin accounts
What it causes
  • Email takeovers and payment fraud
  • PMS profile exports
  • POS disruption
  • Operational downtime
What insurers want to see
  • MFA enforced
  • Role-based access
  • Access reviews
  • Documented offboarding

What we lock down (control set)

We standardize identity, permissions, and vendor access so staff can work fast without being able to create a breach.

01
MFA enforcement
Turn MFA into a requirement across core systems.
We implement
  • MFA required for staff and admin accounts
  • Conditional rules for high-risk logins
  • Exception handling (owned + dated)
  • Rollout plan that doesn’t break shifts
Proof you get
  • MFA status report
  • Policy export
  • Exception list
  • Remediation timeline
02
Role-based access (least privilege)
Match access to job function. Remove blanket admin.
We implement
  • Front desk / manager / night audit role separation
  • Admin roles limited to named owners
  • Vendor roles separated from staff roles
  • Approval rules for high-impact actions
Proof you get
  • Role summaries
  • Access roster
  • Admin account inventory
  • Change log
03
Shared logins elimination
Restore accountability and stop “who did that?” incidents.
We implement
  • Unique accounts per staff member where possible
  • Shift-safe access patterns (no downtime)
  • Credential handling rules for exceptions
  • Monitoring for repeated failed logins
Proof you get
  • Shared account reduction record
  • Login policy summary
  • Account inventory
  • Incident-ready audit trail
04
Vendor access control + offboarding
Vendors get scoped access, logged access, and clean removal.
We implement
  • Vendor roster + ownership
  • Remote access windows and approved tools
  • Access reviews (insurer cadence)
  • Offboarding playbook + record
Proof you get
  • Vendor access roster
  • Offboarding log
  • Remote access policy
  • Review sign-offs

Deliverables (audit + insurance ready)

Clean outputs that answer underwriting questions fast.

Identity proof
  • MFA enforcement report
  • Password + login policy export
  • Exception register
  • Admin account inventory
Access proof
  • Role summaries
  • Access roster by system
  • Access review log
  • Change records
Vendor proof
  • Vendor access roster
  • Remote access policy
  • Offboarding log
  • Review sign-offs
Next step
Request an Access Lockdown
We enforce MFA, clean permissions, and produce proof packs insurers accept.
Request Lockdown
MFA proof • Role summaries • Vendor control • Offboarding logs