Editor's Blog

A 20 million Euro warning
Tue 29 May, 2018 at 12:00 am

There is a new threat to your safety on the prowl. It does not hurt you physically but can maim you professionally. It cannot kill you but can slay your business in one fell swoop. Assaults and attacks on your business in cyber space are more commonplace now and, therefore, to be guarded against with more care and cunning. In its least obtrusive form it can cause disruption, in its most debilitating form it can hold your business to ransom and wreak havoc.

Travel businesses are increasingly relying on digital information systems and other online processes and threats in cyberspace are appearing with costly consequences. Unless adequate pre-emptive measures are taken, the risk of a security breach will not spare any business with an online presence.

The message from recent hacking cases in the travel industry are emphatic that the digital age presents immense opportunities for the travel industry, but also inherent risks. In Hong Kong, three cyber-attacks on mid-scale travel agencies have sounded an alarm for agents to take cybersecurity seriously or run the risk of losing their client databases through invasive disruption by hackers.

In 2016, JTB, InterContinental Hotels Group, HEI Hotels & Resorts and Dallas-based Omni Hotels & Resorts were hacked. Last year, the website of the Association of British Travel Agents (ABTA) and a reservation system of Sabre Hospitality Solutions were also attacked.

Alice Chan, executive director of the Travel Industry Council of Hong Kong, said: “The recent cyberattacks on travel agents have definitely created a sense of crisis for our members. In this digital age, to be cyber-vigilant is of paramount importance for all industries that are in possession of customer data, because they have a duty to protect the data privacy of their customers. It is also most undesirable for their business operations to be disrupted by such attacks.”

Cyberattacks are on the rise and it is obvious that growing reliance on IT increases vulnerability. The susceptibility of businesses to such attacks is existent for any business that uses incoming and outgoing emails, a client database, a payment system gateway for online payment and smartphone access to company resources.

I believe that other than making continuous efforts to stay vigilant and prevent such cyber invasion, travel businesses must devise methods of recovery and restoration of data in order to avoid or minimise the inevitability of having to suspend services temporarily where income will be affected. In terms of third party liability, if it involves large amounts of personal information of clients or business partners, these parties may sue the company. Therefore, upholding the integrity of their information systems is of paramount importance and specialist insurance policies are available.

Amidst the taking of stock of cyber risks, the small-scale operator seems to be unaffected as they do not perceive their businesses to be targets. Anjani Kumar Dhanuka, director of Aircom Travels, said: “We don’t plan to build any powerful website with online storage due to costly installation and maintenance. Frankly, I find it risky to store clients’ information in the cloud so our data is kept in hard disks without online access.” It is true that cybersecurity investments are costlier for smaller businesses.

Apart from periodic reviews of a system, backups are vital and that may necessitate outsourcing to skilled technology vendors. Associations, too, must come forward to educate agents. The importance of cybersecurity must be embedded within the company’s culture and processes and staff cooperation should sought be sought to prevent cyberattack.

The European Union’s General Data Protection Regulation (GDPR) came into force on Friday May 25. Part of the mission of GDPR is to make the data held by vendors more secure and many countries outside of Europe are adopting the regulation as the gold standard of data collection and storage. If your business stores data for European customers or suppliers, you could be subject to EU prosecution – whether you are based in India or Australia. Adopting good practice to prevent cyber attack may protect your business but, more importantly, it may protect you from a fine of to 20 million Euros.

You have been warned.

More Posts