Usually, when we talk about cybersecurity, the primary industries involved in debate or get mentioned are finance, healthcare, education, and those related to critical infrastructure. And while these remain crucial, we also have to put the scope on other areas of business that work with the data of hundreds of millions of people and where cybersecurity is not on the frontlines. The tourism and hospitality industry is one of them.
We don’t have to look back too far in the past to find a significant cyber attack. Less than three months ago, Harbour Plaza Hotel Group suffered a data leak that affected more than one million customers. At the beginning of the year, the Montreal Tourism Agency was also the victim of a cyber attack.
Why does it matter to tourists if companies in the tourism and hospitality industry invest in cybersecurity?
In the text above there is a great example of why you as a regular tourist should care if the hotel you are staying in or the tour agency that is organizing your trip has proper cybersecurity defenses. Businesses operating in this industry have to understand that well-paying customers are more and more cautious about their personal cybersecurity. That means:
- They would not want to visit and stay in places that neglect the topic of cybersecurity
- They won’t like to share WiFi connectivity with another 1000 people, as some of them may attack them;
- They will demand to know what cybersecurity measures have been adopted by the tourist organization that is handling their personal and financial data.
Keep in mind that any potential failure to protect the sensitive information of your clients will result in future reputational, legislative, and financial damages beyond any investment in cybersecurity you will make today.
What are the main cyber threats for companies in the tourism industry?
With tourism being one of the industries that suffered from the pandemic in the last few years, the biggest threat would come from not investing in cybersecurity at all. There are a lot of giant corporations in the sector and a vast number of small and medium businesses that also handle sensitive data from their customers. And while not all of them require debit or a credit card for online payment, all are required by law to ask for your personal information.
Challenges related to cyber attacks in the tourism industry are relevant to all others that handle sensitive data and handle customers online, and they include:
- Data breachers;
- Ransomware and malware attacks;
- DDoS attacks.
What are some of the measures regarding cybersecurity that companies in the sector can adopt?
This industry relies on a lot of seasonal workers for the summer or the winter season (depending on the tourist destination). Other places are destinations for year-round visits, but we doubt that the majority of the employees will have cybersecurity awareness.
- A good first step will be providing them with training and giving them a manual that covers the basics:
- how to create and store strong passwords;
- how to browse the internet carefully and avoid suspicious websites;
- how to detect spam/scam emails and potential phishing emails and messages on social media.
- Adapt basic rules like:
- Proper network segmentation;
- Continuous security checks in the frame of Vulnerability scannings.
However, keep in mind that those are skills and knowledge that all of us should have today. A responsible company has to invest in prevention measures if it doesn’t want to face the risk of being hacked. A good first step will be consulting with cybersecurity experts about your needs and hiring a vSICO that will start working on the company’s 360-cyber defense.
Tourism and cybersecurity – a story with a happy end
Yes, there are a lot of cybersecurity challenges for the tourism and hospitality sector today. However, this industry embraces and adapts to innovation and change. We see that the industry was one to adopt digital tools for its daily operations and marketing in the last 10 years. We believe it will be the same with cybersecurity – the start may be rough and begin in the big hotels, but eventually, it will get to the small family-owned businesses. And we think this is going to be sooner rather than later. If you need help with the creation of the 360-cyber defense of your company just give us a call!