Travel TechnologyWTTC and Microsoft release tips on how travel companies can protect themselves against cyber-attacks.

7 cybersecurity best practices for travel businesses

Travel industry players are especially vulnerable to cyber-attacks considering their high volumes of sensitive client information.
Travel industry players are especially vulnerable to cyber-attacks considering their high volumes of sensitive client information. Photo Credit: GettyImages/peshkov

In this increasingly digitised world where technology has become integral to our lives, companies are more susceptible of falling prey to cyber-attacks — especially travel businesses since they often store huge amounts of sensitive data ranging from a traveller’s personal details to credit card information.

Considering the heightened risks that travel corporations face as the world progresses into a more digital future, WTTC and Microsoft collectively devised several tips to establish cyber resilience in the travel and tourism sector.

1. Integrate cyber risk management into organisational risk management

Cyber threats are just as damaging to organisations as any other operational risks, like financial loss. It is highly advisable that cyber risk be prioritised and managed along with other business and operational risks. Specialised cybersecurity professionals can be hired to create and inform cyber risk policies, understand and implement best practices, and manage risk proactively and continuously.

2. Educate and train staff

While skilled hackers may be able to directly break into the company’s computer systems and steal, change or destroy information on their own means, they may also do it indirectly through the company’s employees. For example, they may masquerade as a stakeholder via an email to get an unwitting employee to download a dangerous malware that gives them access to data. Therefore, each staff member should receive training to understand what risks exist and how to mitigate them.

3. Expand risk protections beyond the physical workplace

Historically, many cyber security protocols were designed around the physical office and work environment. However, with the move to remote and hybrid working, coupled with the adoption of cloud technologies that allows employees to access company information wherever they are, cyber security should be viewed on an all-encompassing scale, which include home Wi-Fi security, employee cyber hygiene on their own devices, and accessing systems from public locations. Ensuring that employees only have access to the data they need to do their job and core systems have strong protections in place can mitigate the risk.

4. Employ a zero-trust approach to cyber security

Casting doubt on everything is beneficial in this case when it comes to ensuring cybersecurity. This zero-trust approach protects the modern mobile and connected workforce, and usually involves verification of requests to access resources; implementation of the principle of least privilege access to limit users’ access rights to what is strictly required to do their jobs; and assumes a breach or compromise so that no system or connection is assumed to be clean.

5. Employ ongoing threat assessment

Engage cyber experts on a regular basis to find security vulnerabilities by performing threat actions and penetration tests to help the mitigation of risk and build resilience. As much as possible, segment systems to avoid breaches compromising the entire cyber ecosystem and mitigate risks of double extortion.

6. Be transparent

While trust in the travel industry is high, and security is assumed and often seamlessly incorporated, cyber security should not be concealed. Travel companies are encouraged to let their employees and clients know as soon as possible should their personal and payment information be breached, and what steps will be taken to mitigate the impact of the breach.

They should also be notified of implemented security measures and enhancements and be open about the reasons for data collection, data usage, and the period for which data will be stored. By only using the least amount of required personal data and payment information while offering the highest protections, organisations can foster trust while limiting organisational risk and the risk to the data owners.

7. Implement an organisational standard

Business leaders should set an organisational standard that complies with legislation in their regions of operation. An organisational standard can foster a standardised approach to cyber security that complies with legislation while enhancing data protection.

To determine these standards, consider applicable legislation in regions the business operates, and the controls required to comply. In many cases, compliance with the legislation in one location, such as privacy requirements for example, may enable global compliance.

Power to the People
April - June 2022 eBook

Tough times never last, but tough people do. Just look to these resilient travel agents, who bounce back stronger from the pandemic.

Read Now

JDS Travel News JDS Viewpoints JDS Africa/MI