There is a new threat to your safety on the prowl. It does not hurt you physically but can maim you professionally. It cannot kill you but can slay your business in one fell swoop. Assaults and attacks on your business in cyber space are more commonplace now and, therefore, to be guarded against with more care and cunning. In its least obtrusive form it can cause disruption, in its most debilitating form it can hold your business to ransom and wreak havoc.
Travel businesses are increasingly relying on digital information systems and other online processes and threats in cyberspace are appearing with costly consequences. Unless adequate pre-emptive measures are taken, the risk of a security breach will not spare any business with an online presence.
The message from recent hacking cases in the travel industry are emphatic that the digital age presents immense opportunities for the travel industry, but also inherent risks. In Hong Kong, three cyber-attacks on mid-scale travel agencies have sounded an alarm for agents to take cybersecurity seriously or run the risk of losing their client databases through invasive disruption by hackers.
In 2016, JTB, InterContinental Hotels Group, HEI Hotels & Resorts and Dallas-based Omni Hotels & Resorts were hacked. Last year, the website of the Association of British Travel Agents (ABTA) and a reservation system of Sabre Hospitality Solutions were also attacked.
Alice Chan, executive director of the Travel Industry Council of Hong Kong, said: “The recent cyberattacks on travel agents have definitely created a sense of crisis for our members. In this digital age, to be cyber-vigilant is of paramount importance for all industries that are in possession of customer data, because they have a duty to protect the data privacy of their customers. It is also most undesirable for their business operations to be disrupted by such attacks.”
Cyberattacks are on the rise and it is obvious that growing reliance on IT increases vulnerability. The susceptibility of businesses to such attacks is existent for any business that uses incoming and outgoing emails, a client database, a payment system gateway for online payment and smartphone access to company resources.
I believe that other than making continuous efforts to stay vigilant and prevent such cyber invasion, travel businesses must devise methods of recovery and restoration of data in order to avoid or minimise the inevitability of having to suspend services temporarily where income will be affected. In terms of third party liability, if it involves large amounts of personal information of clients or business partners, these parties may sue the company. Therefore, upholding the integrity of their information systems is of paramount importance and specialist insurance policies are available.
Amidst the taking of stock of cyber risks, the small-scale operator seems to be unaffected as they do not perceive their businesses to be targets. Anjani Kumar Dhanuka, director of Aircom Travels, said: “We don’t plan to build any powerful website with online storage due to costly installation and maintenance. Frankly, I find it risky to store clients’ information in the cloud so our data is kept in hard disks without online access.” It is true that cybersecurity investments are costlier for smaller businesses.
Apart from periodic reviews of a system, backups are vital and that may necessitate outsourcing to skilled technology vendors. Associations, too, must come forward to educate agents. The importance of cybersecurity must be embedded within the company’s culture and processes and staff cooperation should sought be sought to prevent cyberattack.
The European Union’s General Data Protection Regulation (GDPR) came into force on Friday May 25. Part of the mission of GDPR is to make the data held by vendors more secure and many countries outside of Europe are adopting the regulation as the gold standard of data collection and storage. If your business stores data for European customers or suppliers, you could be subject to EU prosecution – whether you are based in India or Australia. Adopting good practice to prevent cyber attack may protect your business but, more importantly, it may protect you from a fine of to 20 million Euros.
You have been warned.
I defined the EU’s General Data Protection Regulation (GDPR) and its implications on businesses dealing with clients in the EU in my last blog. I pointed out that being in India does not remove you from its jurisdiction. The EU’s reach is long and the massive potential fines pose an existential threat to most small […]
Destination Canada is revving up its marketing effort to entice more Indian outbound travellers to visit Canada, a plan that targets the millennials as well as corporate business groups and incentive tours. This is in alignment with the North Star 22 agreement with the provinces, who will work in a dollar for dollar promotional spend […]
Indian and south-east Asian corporate groups are looking at Japan as a business events destination as a result of unique learning opportunities stimulating their interest in the country. Industry stakeholders and corporate buyers say the country is increasingly seen as a place where corporate visitors can grow professionally. Etsuko Kawasaki, executive director of the Japan […]
India launched its 100th airport at Pakyong in the north-eastern state of Sikkim in the Himalayas. When fully operational, it will emerge as a boon for tourism business in the entire eastern Himalayan region, including Darjeeling and Sikkim. Besides Bagdogra airport in Northern West Bengal, which was the sole airport in the region albeit with […]
Bangkok’s hotel industry is on a sustained growth curve, aided by political stability and strong inbound travel demand from international visitors. The city has seen its strongest performance in recent years in this year with greater demand for meetings and exhibitions. Jesper Palmqvist, STR’s area director Asia-Pacific, said at the Thailand Tourism Forum: “Thailand has […]