Cyber security: we’re all in this together!
Every day, the travel industry processes billions of data around the world for example, traveller payment data or Passenger Name Record (PNR) data often sent to the authorities for security reasons. The companies collating and then sharing these details with the authorities carry a great deal of responsibility, as this data is also highly coveted by hackers. Cathay Pacific and British Airways recently paid the price: passport information and bank details of 9.4 million Cathay Pacific customers were hacked into and 429,000 payment card details were stolen from British Airways.
Compliance with regulations: a sign of reliability in the industry
There are many data security standards. Aware of the importance of securing data, companies in the travel industry are willing to comply with them, even voluntarily tightening security measures. The now unavoidable GDPR has strengthened the protection of personal data, the PCI DSS and the subsequent PSD2 data security standards secure payment data, while the Sarbanes-Oxley Act and the SSAE18 standard both strengthen the traceability of financial transactions. Companies in this industry therefore comply with many regulations, both at a national and an international level. Tough constraints, some might say. Others see it more as a sign of quality and reliability, perhaps even as a minimum requirement.
While there is no such thing as zero risk, security is at the heart of these concerns. Drastic measures have been taken to raise the security level of information technology systems’ platforms. A few years ago, SSL encryption “http calls (https)” was enough to reassure customers, this is now long gone.
We work with half of the CAC40 and our customers are very concerned about the level of security of our solutions, and regularly perform audits to ensure we meet their security requirements. As an organisation in the B2B market, we do not have direct contact with travellers. However, we can see that by imposing the protection of privacy as a starting point for software design (“Privacy by design”), GDPR is a huge step forward in the field of personal data protection and is even starting to spread further afield. Based on the GDPR model, Japan strengthened regulations that were already very close to it in 2017, whereas California will also be bringing a Consumer Privacy Act into force in 2020.
Travellers should also be concerned about cyber security
Cyber security is not only a matter of legislation, and national security but also, a concern for users themselves. Highly exposed, they are the first to be affected by data theft. Actions considered harmless, such as connecting to an insecure public Wi-Fi network or leaving their phones on a restaurant table at the airport, increase the risk of being exposed to data theft. These thefts become even more critical when they involve engineers, sales representatives or managers, especially when they have access to the company’s internal applications from their mobile devices. To combat these risks, password rules must be strengthened, and measures must be taken to secure access to content. It is now possible to rely on technologies that can delete content remotely during a reported theft, while others involve sending a verification message to enhance the security of a mobile device. It is nevertheless essential to bear in mind that advances in technology and changes to regulations must not replace everyone’s vigilance!