Being a revered fashion icon up there with the likes of Kim Kardashian, I went on the M&S website the other day to buy my annual pair of trendy shorts. Lucky for us all, this season is all about colour (or so I’m told). Brave I might be, but I think I’ll be opting for ‘icy blue’ or ‘powder pink’ as opposed to the spring/summer in vogue ‘tangerine dream’.
To my horror, I discovered the UK’s biggest clothing retailer had been hacked and wasn’t accepting online orders. Shelves at my local Co-op, and yours too, no doubt sat empty.
As a consumer, I’m mildly miffed that my street cred might now take a hit as I stroll the streets of Lowestoft in last season’s colour palette.
But with my CTO hat on, my heart goes out to the tech teams fighting the nightmare that all of us in IT dread.
Around 30,000 cybercrime incidents are detected per year, a constant threat no IT professional ever feels complacent they have beaten.
In our sector we must be extra-vigilant. We are catnip for hackers, full of rich information about wealthier-than-average individuals: addresses, card and passport numbers, and so on.
Some of the world’s biggest airlines and hotels have received massive fines after hack attacks exposed they were failing to protect data.
Hackers are clever bleeders, and they’re getting smarter, and more patient. Typically, they use fraudulent phishing emails to fool an employee into handing over a critical password. But once they gain access, they no longer attack instantly. Instead, they silently move around the victim’s network, switching on all the permissions to access the entire system, so when they do strike it’s close to total wipeout.
What can you do as travel managers to keep the hackers at bay? Well, you can certainly encourage cyber-hygiene among your travellers: basic practice like encrypting the hard drive on their laptops and taking care when using public Wi-Fi.
But mostly you are in the hands of your travel suppliers and service providers, relying on them to train employees to recognise hacker infiltration, implement strong password policies, conduct regular security reviews, back up data and update and patch systems.
What you can do is vet your suppliers’ security efforts, involve your IT and security colleagues when you go out to bid, and check their accreditations. At TripStax, for example, we have achieved ISO 27001 certification and the US-based voluntary cybersecurity compliance Type 1 SOC audit, both far from box-ticking exercises. You will fail these audits if you don’t put rigorous defences in place.
The cyber-crime threat is 24/7, and as CTOs we are fighting it 24/7 too.
Click Here For The Original Source.
