Johannesburg, 21 Aug 2017
Fourteen Trump hotels recently fell victim to hackers who accessed guests' personal data and credit card details when their booking service system, Sabre, reportedly suffered a data breach. In February, a cyber attack on UK travel trade organisation ABTA's Web site potentially affected around 43 000 individuals. One month earlier, a bunch of hackers reportedly spoiled travellers' fun in Austria when they used ransomware to try and lock them out of their luxury hotel rooms in the Alps.
There's no doubt that the travel industry is increasingly under serious cyber threat, especially as these attacks, data breaches and phishing scams are becoming more frequent, sophisticated and tailored. It's said that the global hospitality industry is under the top three most favoured by hackers, says Gerhard Conradie, Managing Director of Evolv Networks.
What makes the travel industry so susceptible to cyber crime?
Hospitality networks - from travel agents, tour operators, hotels, airlines, car rental companies, tourist attractions, online travel agents**, to shared-economy role-players - store a small "treasure chest" of holidaymakers' personal data. This includes contact details, birthdates, passport information, itineraries, travel likes and dislikes, and last but not least, credit card details. This high-profile, confidential data ebbs and flows in and out of these networks, with cyber criminals prowling for weak spots to commit fraud or extortion.
Travel companies often rely on booking partners and third-party vendors to conduct their business, making them vulnerable to hackers as they cannot always vouch for these vendors' cyber security measures. Cyber criminals know this. They also know these third-party vendors are attractive aggregation points of sensitive data and would rather target them than the better-geared, big-name travel and tourism brands.
Numerous travel companies offer online booking portals which immediately put them on cyber criminals' radar. With bookings being done on personal devices and smartphones, an extra security risk factor is added.
How can the travel industry create a cyber security culture?
It's imperative that travel companies understand exactly where the sensitive data resides within their business and what its travel patterns are. With this insight, all third-party access points can be tamper-proofed.
* Monitor in and outgoing communication to detect data-lifting malware and prevent data pilferage, needs to be in place.
* Keep your CRM system secure by restricting staff's activities within the system, reducing the Web sites they can browse, and controlling access to your back-end systems.
* Update security and anti-virus software.
* Apply the latest browsing protection, script and ad-blocking technologies.
* Use only strong passwords.
* And don't ever open e-mail attachments from unknown sources.
* Tokenise - A rock-solid way to protect data is tokenisation (substituting sensitive data elements with non-sensitive elements or "tokens") or data encryption (translating data into a form or code which people can only access with a key or password).
As a Galaxkey Platinum Partner, Evolv highly recommends this e-mail and document encryption solution. It can be deployed on multiple platforms, is simple to use and is embedded with the highest level of security technology. It also protects data you store in the cloud.
Should your travel business fall victim to a cyber attack or data breach, your Galaxkey protection will ensure that hackers cannot monetise your data. Their "plunders" will be pretty much worthless.
Share