Last week’s hacking of companies and institutions across dozens of countries highlighted the risk for travel agencies from malicious parties. But even without the new threat, travel agents must be vigilant about protecting their customers and their customers.
If you are not using a global distribution system (GDS) to book rental cars, hotel stays and air travel, and are instead booking directly through supplier sites, you may unknowingly visit a bogus phishing site and enter either agency-payment or consumer-credit information, thus making this information accessible to identity thieves.
Another scam can occur when travel agencies remit airline ticketing activity and pay through ARC. Agencies must closely scrutinize emails from ARC to ensure that these communications are not bogus.
Agencies can do their part to protect themselves and their customers by taking the growing threat of identity theft and fraud seriously, starting with their own education on the topic. Company-wide training on how to mitigate the risk both at home and at work can help individuals recognize an attempted phishing attack, data breach, or other related threat. Using mock scenarios in company training can provide employees with tangible examples of how these types of attacks manifest.
All businesses, regardless of size or industry, also need to develop incident response plans for both before and after a suspected breach occurs. Strong and well-publicized IT protocols are critical, as technology use is often the weakest link in the company protection chain. It’s also vital that all employees know how to respond to a suspected attack, as well as to whom it should be reported.
Travel agencies can create a stronger culture of cybersecurity by:
• Educating the entire company on the different types of cyber risks (e.g. spearphishing, vishing, typosquatting, etc.). This training should be ongoing, as the security threat landscape is constantly changing.
• Creating standard operating procedures (SOPs) to minimize the threat of phishing scams and to identify legitimate requests.
• Having strong spam filters in place to minimize inbound malicious emails.
• Keeping anti-virus software and firewalls updated 24/7 since hackers are always looking for new ways to infiltrate your computer and network.
• Conducting random testing with mock phishing scenarios.
• Educating employees about not clicking on links or opening attachments in emails that seem suspicious. If you don’t know the sender and they’re soliciting specific information, there’s a good chance it could be a phishing email. Companies should have specific guidelines in place so that employees know exactly how to report the incident.
• Deploying a web filter to block malicious websites.
Malware and other forms of hacking can deal a significant blow to consumers and businesses alike. By taking steps to recognize the signs of trouble, travelers and the businesses that support them can protect themselves from these hazards.
Paige Schaffer is president and chief operating officer of the Identity & Digital Protection Services Global Unit at Generali Global Assistance. Based in Generali Global Assistance's Bethesda, MD, headquarters, Schaffer leads sales & marketing strategy and revenue growth initiatives, managing operations as well global expansion.