The first step to creating a cyber safe travel agency is education, according to experts at a recent panel discussion on Cyber Security held by Amadeus in Johannesburg, South Africa.
“If you can educate your staff, you can annihilate 90% of the problems,” said Ricky Reynolds, SA Reynolds Travel Centre.
Reynolds explained a common modus operandi of hackers in the travel industry is to approach the PA at a client’s company. They’ll tell the PA that they’re a division of the company in the UK and that unfortunately their travel agent’s systems are down. Could they make bookings through the travel agency in South Africa until their agency is up and running again?
The unsuspecting travel agent will receive a request from a person they trust and make the requested bookings. “They’ve always dealt with that PA and think they’re dealing with a reputable client. However, when they check the e-mail address from the client, they’ll notice the differences. That is why it’s so important to educate employees to double-check e-mail addresses and information,” said Reynolds.
Very often, travel agents are looking to boost their numbers and hit their targets, explained Reynolds. However, it’s important that they flag any suspicious looking mails or transactions to management immediately to minimise the risk of cyber-attacks and cyber crime.
Scholtz Fourie, CFO and COO Tourvest Travel Services, agreed that the education of staff around risks is crucial. “We’ve been trying to raise awareness about the value of data. It’s important for travel agents to see data is an asset. You don’t get people in a factory, leaving assets out in the rain. Data also needs to be looked after and protected. You need to know where it is at all times.”
Although education is important, BCX’s Eric McGee explained that companies can’t only rely on employees to identify all the red flags. “We are all collectively responsible. A company needs to invest in systems that makes it easier for employees to recognise and detect the threats. If a travel agent needs to work through 500 mails, they won’t have time to scrutinise each and every one of the mails. Companies need to invest in capabilities that make detection easier for their staff.”
We are at risk, and we’ll continue to be at risk of cyber attacks and cyber crime with over 390 000 new malware variants created every single day. However, the experts at the Amadeus panel discussion ended on a positive note and agreed that if travel agencies invest in technology and apply sensible controls, the risk of cyber attacks can be managed.