As a predominantly tourism-oriented country promising exclusive services, cybersecurity should remain one of the priorities for the future development of the Montenegrin international brand and image. E-business and telecommunications offer many opportunities: greater visibility in the global market, bigger workload, and easier management of all the business processes. Likewise, new risks are introduced which require timely identification, prevention and, in the event an incident occurs, every effort must be made to contain any damage.
In this text I will primarily focus on basic security considerations, as well as risk assessment and management procedures. As new technology finds its way into the tourism and hospitality industry, fundamentally changing it, systems become increasingly vulnerable to security breaches – especially considering they process and carry valuable customer data.
E.g. during a reservation, businesses handle sensitive information such as card payments, which can be misused in two ways: physically – by intercepting the data before it reaches the card reader; or virtually – by withdrawing money if the CVV/CVC codes are known to the attacker. To ensure secure handling of transactions, payment processors can be utilized, which guarantee the data will be safely encrypted in transit, and information will be stored only when strictly necessary.
Wireless networks are also probable targets. Out-of-date networking equipment, vulnerable firmware and not using a firewall may enable access to data packets in the network, especially if transferred over unsecured protocols. Certificate-based authentication (such as WPA-Enterprise) may offer fine grained control over the access to the network, as simple password sharing is no longer effective.
Personally identifiable information may leak from the databases if adequate protection measures are lacking. Complex software systems, such as information systems used in the hospitality industry, are often vulnerable to threats and exploits. In particular, exploits can occur client-side (such as workstations used by employees) as well as server-side (cloud-based server used to process and store the data required for usual business activities). Robust and proven methods for authentication and authorization need to be provided whenever there is a need to access the system. Furthermore, every access needs to be logged, as to enable efficient surveillance and rapid response in case of an incident. Given the utmost importance of privacy and discretion in the hospitality industry, any data leaks may have significant ramifications.
Guests are often concerned about the way their passports and IDs are handled, sometimes repeatedly issuing an inquiry and demanding their return. While physical damage to the documents is less likely to occur, sensitive information such as unique citizen numbers, passport IDs and signatures are much more vulnerable given they are electronically stored.
Means of electronic communication, such as e-mail, are common targets for attackers. Contents may simply be unsolicited advertisements or worse, deceptive material specifically crafted to carry a phishing attack, causing financial loss or technical issues at best. Attackers usually present themselves as a group of potential guests or agencies offering a collaboration on some level, only to demand sensitive details such as bank accounts and personal information. I have given my colleagues a word of caution on multiple occasions as to prevent a possible incident.
Systems carrying out reservations are often under attack as well, and many corporations operating in this business have made headlines.
Cyber security in this context is relatively new, but very much needed in the hospitality industry. Several topics of interest pertaining to cyber security in tourism are:
- The challenges of cybersecurity for travel, tourism and hospitality
- Cyber risks and tourism
- Security policy, standards and procedures
- Data loss prevention and encryption Services
- Protection of tourism business information systems
- Cyber security risk assessment models and theories
- Cyber security and system vulnerability in tourism
- Data breach incidents in tourism and hospitality organizations
- Customer perception of cyber attacks
- Building cybersecurity capability in travel and tourism
- Organization’s cybersecurity defense mechanisms
- Cyber forensics in travel and tourism
- Machine learning techniques as a cyber-attack defense mechanism
- System condition monitoring and cybersecurity
- Cyber security in sharing economies
- Good governance and cybersecurity
- Data-driven security and measurement studies (Artificial Intelligence(AI) security, machine learning, digital innovation, and big data in travel and tourism).
- Trust, ethics, and accountability in cybersecurity (CSR, corporate digital responsibility, new risk management policies, and social bonds).
- Cybersecurity and brand reputation
It is of utmost importance to introduce safety measures and training of all the staff in the hospitality industry to prevent and understand the scale of cyber attacks. Regular system check-ups, assessments and risk mitigations strategies are paramount. Having good defensive measures in place means staying up-to-date with latest defense strategies.
Insurance of the equipment is also an option, and gives a piece of mind when dealing with attacks of unprecedented scale.
Mitigating all the risks poses a challenge not just to a brand and/or a service, but is necessary to ensure resilience and positive outlook for all businesses operating in this branch.
Written and adopted by Vasilija Velfel
Communications Coordinator
