As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
The bad news doesn’t stop for travel and hospitality companies.
A long list of breaches have been widely reported in the past year. On the hotel front, there’s Marriott/Starwood, Radisson, and the most recent Choice Hotels breach. High-profile hacks on airlines include British Airways, Air Canada, and Cathay Pacific.
David Dufour, vice president of engineering at Webroot, says airlines and hotels are prime targets because they’re not typical businesses at which employees are locked into a single corporate location.
“The employees at airlines and hotels handle a lot private information, and there’s a lot of turnover in those industries,” Dufour says. “People don’t spend long careers at the front desk of a hotel.”
Airlines and hotels also have branch offices in hundreds of cities around the world, so the sheer volume of their operations creates a high degree of exposure, Dufour adds.
“As a frequent traveler, when I go into an airport lounge, I want them to have all my information on hand, but from a security perspective these situations are ripe with opportunity,” Dufour says. “As a customer, I expect the service, but the reality is that potentially every open area is a vulnerability.”
The struggle to achieve that balance between customer convenience and security continues for travel and hospitality companies. Here are six tips they can follow to help lock down privacy and security.
Scrutinize Third Parties More Carefully
According to Webroot’s Dufour, travel and hospitality companies need to ask their third-party vendors how they intend to protect their sensitive data. And if they don’t have a plan for how they will do that, they need to demonstrate that can come up with one.
Instead of just focusing on the third party, companies need to identify the data flowing between the collaborating organizations, adds Sumit Sehgal, chief technical strategist at McAfee. Then, comingled with risk analysis from certifying agencies for the third party, the main company can draw a more accurate picture.
Airlines and Hotels Need to Own Their Data
Companies need to take responsibility for their data, says Bob Diachenko, the security researcher who discovered the recent hack on Choice Hotels and heads up cyberthreat intelligence at Security Discovery. “Even if a company uses a third party, it’s responsible,” he says. Companies should use analytics to verify what’s happening on their networks so they can make critical decisions, Diachenko adds.
Companies also need to be clear on what data they’re sharing, whether with third parties, customers, or social media, Webroot’s Dufour adds. They need to be clear on how long they’re sharing data, where it’ll be stored, and for how long. In addition, companies should share only the most necessary data. For example, it may not be necessary to share a person’s name when a ZIP code will do the trick.