[BreachExchange] Why Cybersecurity in the Travel and Hospitality Sector is So Critical?
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Dec 21 18:53:38 EST 2017
https://ftnnews.com/technology/33559-why-cybersecurity-in-the-travel-
and-hospitality-sector-is-so-critical.html
For many years now, cybersecurity has been a primary concern of government
organisations and the banking sector, but the hospitality and travel
industry is beginning to acknowledge the importance of online security in
its day-to-day operations.
Each travel operator, hotel or transport company handles all kinds of
sensitive data on their customers, as well as their own staff and
suppliers. The consequences of organisations experiencing online data
breaches are now higher than ever before. For instance, if a travel
operator is hacked, leaking thousands of personal addresses of customers,
they face significant financial, legal and reputational ramifications. The
loss of customer confidence in the operator and the legal costs of any
resulting identity theft would hit any travel operator big or small right
where it hurts – the profit and loss sheet.
As businesses within the travel and hospitality sector grow, so too does
their global footprint of sensitive data. There is an increasing need for
these brands to maintain the privacy, integrity and security of all
personal information that is in their care. A sure-fire data security 101
tip is to implement a robust user rights management hierarchy. This can
help to control the level of sensitive data an individual can access in
line with their seniority within the organisation as well as their job
description. It requires travel companies – particularly those with global
workforces – to keep a tight reign on their user rights systems to remove
dormant users that may have left the company; mitigating the possibility of
any revenge attacks. Organisations should also closely monitor and audit
their employees’ data usage to pinpoint any signs of access abuse, which is
not always malicious but can still have ramifications for the company when
it's not.
The major elephant in the room for travel and hospitality brands operating
in and out of Europe is the new impending European regulations designed to
safeguard customer data. The new General Data Protection Regulation (GDPR)
has been devised by the European Union (EU) and will come into force next
year. Although GDPR is aimed at giving the average consumer or holidaymaker
greater control over how their personal data is used and stored, it also
gives travel and hospitality organisations greater clarity about data
protection law, creating one legislation across the entire single market.
Under the GDPR rules, travel and hospitality firms that fail to comply in
time for 25th May 2018 could experience hugely damaging financial penalties
which could plunge brands into difficult times; perhaps even closure. The
upper limit penalty for non-compliance will be €20m or 4% of an
organisation’s annual global turnover; whichever is greater. GDPR will
affect all kinds of departments of travel firms; from legal and compliance
teams to IT and marketing divisions. Those within the travel and
hospitality industry must therefore take the protection of customer and
employee data as seriously as their revenue.
Regular security audits, increased encryption of data and watertight
password control are no longer something that can be ignored. So too are
lawful marketing campaigns and privacy policies, while teams should be
educated and briefed on how to handle a data breach if – and when – the
time comes. Travel professionals handle more data than you realise and
meeting those new obligations will not only keep brands on the right side
of the law, it will increase consumer confidence and strengthen brand
reputation overall.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171221/d5acfc0a/attachment.html>
More information about the BreachExchange
mailing list