Ensuring your business is prepared for cyber attacks can protect you from lawsuits.
In recent years, well-known travel brands have been a target for cyber criminals, with companies including British Airways, Marriott, Butlin’s and Abta reporting breaches.
In these cases, customer details such as names, addresses, passport numbers and even credit card information were exposed.
The travel industry collects and stores the personal data of millions of people and, because of this, it is a high-reward target.
With the Information Commissioner’s Office announcing an intention to fine British Airways £183 million – expected to be the largest fine relating to data breach to date – it is imperative to be aware to the risks. Below are some of the popular methods hackers use to infiltrate work systems.
Social engineering aims to bypass the security of a company by relying on human error. The criminal can impersonate any character in order to trick employees, such as an external IT engineer who needs to carry out important system updates.
Once inside, it’s very easy to blend in and obtain the information.
Spear phishing is a method that is highly targeted to specific individuals using information commonly taken from social media.
It involves sending a fake email tricking the user into clicking a link or attachment. This then allows the criminal to steal information such as passwords from that computer.
Ransomware encrypts all files, including shared drives, and demands a ransom payment to unlock them.
Whaling is a technique that targets finance staff whereby a fake email is received from a senior staff member often requesting financial payments to be made urgently.
Unsuspecting staff affected by the seniority and urgency will often comply without asking questions.
“The most effective way to protect yourself is by exercising caution”
Aside from the potential fines that could be imposed, the reputational damage, disruption to services and distress and anxiety caused to agents and customers all add to the overall cost.
Data breaches can also result in intellectual property and trade secrets being stolen.
The latest anti-virus, malware and network protection do well to help guard against such attacks.
However, the most effective way to protect yourself is by exercising caution, both in your work and private life.
Within the workplace, personal ownership of cyber security must be a priority for every employee.
You should always remain vigilant. Ensure you are familiar with the information security policies within your workplace, and know who to contact in the business if you have any concerns.
For further information, email Rob Green, legal director and head of commercial at asblaw, on firstname.lastname@example.org
Rob Green offers tips for guarding against cyber attacks
- Maintain privacy on your social media accounts.
- Employ effective password management and use two-step authentication.
- Ensure that the most up-to-date software is installed on mobiles and computers, as out-of-date software is more susceptible to attacks.
- Use caution when opening email correspondence, such as checking the sender’s email address and carrying out authentication steps for all payment requests.
- Be aware of practices and policies in the workplace, test them, review them and have a plan in place for when things do go wrong.