HiRUM Software Solutions

Data Security Risk In Hospitality: Protect Your Travel Business From Scammers

Posted by HiRUM Software Solutions - 04/08/2022
hand holding mobile device with a padlock on screen highlighting a data security risk | HiRUM

The hard-hit travel and hospitality industry is finally getting back on its feet after what has been possibly the toughest couple of years in its history. Pandemic restrictions have affected the travel and tourism industry more than most, with travel related businesses taking a huge knock and many forced to close their doors permanently.

The resurgence of the industry is very welcome news. Travelers are relishing the opportunity to get back into the swing of their business trips, family getaways and summer holidays after far too long in “lockdown” and are flocking to booking sites to arrange their travel.

However, unfortunately whilst the industry may have been forced to close their doors, the same cannot be said for scammers. Cybercriminals have used the time to hone their skills and are ready to use all the tools now at their disposal to monetize their theft at the expense of unsuspecting businesses and travelers.

Cybercrime is very big business. The ACCC estimates that Australian consumers and businesses lost more than $2 billion dollars to scams in 2021. Even more frightening is the knowledge that this seems to be growing exponentially, with this figure more than double the $851 million reported lost in 2020.

From a travel industry perspective, it is all too easy for cyber criminals to take advantage of increased traveler traffic at various booking sites and make concerted attacks attempting to breach user accounts. Thanks to advances in THEIR technology, these are often automated attacks by bots which have the ability to launch large scale attacks and test thousands of login attempts at once in order to gain user credentials.

Dark web data dumps give access to information which can be pieced together to access user accounts and given that so many consumers use the same password on multiple sites, the damage can be substantial. The consumer is at risk on a personal level and the reputational damage to the booking site can be major.

Scammers can also use bots to scrape production information, pricing and reviews etc and direct unsuspecting consumers to fraudulent websites to book their travel.

Any sized business can be in the sights of the scammers. Whether you rely on your own website and online booking form, or large scale Online Travel Agent Websites for securing your bookings, every piece of technology used in every step of the booking journey can be targeted by scammers and put your guest, and consequently your business at a data security risk. It is vital that you take the necessary measures to ensure your risk is minimal.

If scammed, the immediate financial risk to your guests and your business is just the tip of the iceberg. The long-term impact on your business and the damage that such losses can have to your business’ reputation can leave you reeling for some time.

As a travel business, how do you mitigate this data security risk?

  •  First and foremost, you need to be confident that any software provider / distribution channel / marketing specialist that you use has best practice protections in place to ensure the security of your data.
  • Ensure that customers credit card details are protected. The payment Card Industry Data Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies process, store and transmit credit card information in a secure environment. Any software that you use must be PCI DSS compliant, and ideally this should be independently assessed to ensure the safety and security of your business.
  • Ensure stored data that has potential value to an attacker is stored under 2 factor identification settings, so that stolen credentials can’t be used for access
  • From both a personal and business perspective, ensure the security of your passwords across all apps and programs that you access. Don’t use the same password, or simple variations of it, to log on to multiple apps. Don’t use variations of anything that may be an easy guess should a bot have access to your personal details via the dark web. It is prudent to use a secure password keeper to save your passwords and generate unique passwords for everything you access.
  •  Ensure access to your business software is protected at the user level. Make sure users have individual logons and have accessibility to data in line with their requirements to effectively complete their role; no more. Use the security access levels built into your software to ensure that only those that really need it have access to sensitive data. Ensure your staff all use security best practice when accessing the system – lock the computer when they are away from their desk and log-off when leaving.
  •  If you have any concerns, consider getting advice from a professional IT services company that specializes in security, that can assess your risk and ensure you are adequately safeguarded.

We are all overjoyed to see the industry getting back on its feet, and consumers flocking back to travel. The last thing that the industry needs now is to have those hard earned dollars targeted by unscrupulous scammers. Ensure your business is following best practice processes, and that all platforms associated with your business take the data security risk very seriously.

See how HiRUM is dedicated to protecting your business and data compliance here!


View all posts by

Comments are closed.