Cybersecurity isn’t the sexiest topic, especially when you work in an industry as interesting as travel.
And that was the consensus when Roger Millar took to the stage at the Travel Tech. Summit in Sydney last week.
It was mid-afternoon towards the end of a packed day of conferencing when Voyages Indigenous Tourism Australia’s group ICT manager made his apologies for his dry subject.
But he soon had the attention of everyone in the room. Cybersecurity is something so many people take for granted, but it can have massive implications for your business, your brand and, of course, yourself.
According to the European Union’s cybersecurity agency, information theft has now been named the most prevalent crime against corporations. It’s become far more common than physical theft.
Millar said there is an attack on a computer every 39 seconds worldwide and the travel industry is a veritable goldmine.
“When you think about the amount of data that we all hold in all of our systems, data in the travel industry is actually one of the most high profile,” he said.
“We have the airlines collecting all of their data we have the frequent flyer or loyalty programs, all the data that is associated with those, social media, plus all the third party data that we have and the data we collect from our customers.”
This data includes credit card details, personal details and even medical information. Millar said the average person’s data is worth around $2,000 on the dark web.
“It’s all stuff that is highly saveable, it’s a commodity and it’s one of those things we need to protect, and we need to do a better job of protecting,” he said.
“As an industry, we really don’t take it seriously. The amount of data we have on our customers and the amount of things people can do with that data is extreme.”
And with that data comes a truckload of regulatory requirements like the Australian Data Principles and its European equivalent the General Data Protection Regulation (GDPR).
You may recall reading about British Airways data breach back in September 2018 where hackers stole customer data including financial details from around 380,000 customers.
Under the GDPR, the airline was fined 1.5 per cent of its turnover for that year – £183 million pounds ($351,723,168).
“It’s no longer just a case of yeah we’ve lost the data,” Millar said.
Here’s what can be done
It may seem like an overwhelming situation, especially for those who are less tech-savvy. But Millar said there is light at the end of the tunnel.
“Artificial intelligence is one of the best things that’s ever happened to security in probably the last 10 years,” he said.
“Previously as an IT manager, I’d have to have people monitoring logs looking for irregular activity eight hours a day.
“I can now use AI to aggregate all those logs in one place, detect identify and respond to issues. I can also monitor my user base for unusual activities.”
But the main thing is to stay informed and vigilant.
“Educate your staff, have them understand that when they receive an email, particularly if they’re not expecting it. They need to find out if it’s legit,” Millar said.
“Hover over links, make sure it’s all correct. Ensure you’ve got processes in place to ensure things like money transfers, supplier details changes and bank detail changes are safe. Make sure it’s not just one person who has the right to make that transaction occur.
“Use multi-factor authentication and strong passwords.”