10 ways to protect your tourism business from cyber security threats

Nothing ever good comes from a cyber attack, that’s why it’s crucial for you to be proactive, remain informed, and better protect your tourism business from cyber security threats.

When an attack is carried out it leads to data breaches, which can result in businesses incurring financial and marketing reach losses, customer trust is impacted and so is the reputation of the business, to name just a few of the impacts.

In this blog post, we will explain the most common types of cyber attacks and 10 practical steps tourism businesses can take to protect their business.

What is cybercrime and why should business owners care

A cyber attack is an unauthorised system/network accessed by a third party, and the person who carries out a cyberattack is called a hacker/attacker.

Nothing ever good comes from a cyber attack. When an attack is carried out it leads to data breaches, which result in loss of data or data manipulation.

For example, the recent Optus data breach affected 10 million Australians. Not to mention a small percentage of these people had key details and forms of ID leaked onto the internet. Attacks can happen to anyway at any time, therefore, it is crucial you protect your tourism business from cyber security threats.

The losses come in all sorts of forms and common and recent impacts we’ve heard of from businesses who come to us for assistance include:

• Invoice payments are being made to incorrect bank accounts because a hacker has accessed the businesses email, edited their invoice PDF, and changed a debtor’s bank account and BSB details
• A client’s Facebook and Instagram accounts were taken over and cannot be gotten back, they have had to start new accounts and in doing so have lost over 5,000 followers on their Instagram account, which they’d worked hard to achieve
• An almost redirection of wages payments to an attacker’s account rather than the employee, by the email address of the employee being masked
• A client was unable to access her website for weeks to update it as her web host had been hacked and they did not have the backups and recovery systems in place to recommence their usual business activities immediately
• Deni Ute Muster was blocked by Meta from using and accessing their Facebook Event Page leading up to their annual 2-day rural festival having been accused by Meta of violating community guidelines, which of course, they hadn’t, but they had been hacked. This caused an 8-week hiatus in their usual business of selling tickets and marketing the festival, resulting in serious financial and marketing impacts estimated at $300K in ticket sales and an unmeasurable loss of reach.

COVID-19 and the phenomenal increase in peoples’ use of e-commerce, apps, and social media for communications, have had an adverse effect on cybersecurity. We’ve certainly observed a massive increase in businesses reporting cyber attacks and even the World Health Organisation has said that there has been a dramatic increase in the number of cyberattacks in recent years.

To put a curb on cyberattacks, implement the following strategies and smart tools to protect your tourism business from cyber security threats.

Different types of cyber attacks and how to protect your business from them

Cybersecurity is the method of safeguarding networks, computer systems, and their components from unauthorised digital access. Therefore, there is more to cyber security than smart and safe password management.

We live in a world where individuals can access anything on the internet with a touch of a button and have the answers to their problems right at their fingertips. With this, consumers are becoming more digitally savvy and businesses can now work smarter not harder using technology to leverage their business and sell online. However, there is always a downside to everything. Cyber attackers now have access to everyone’s data and personal information if not protected correctly.

Three different types of cyber-attacks

There are 3 different types of cyber-attacks commonly reported by tourism businesses. They include:

1. Malware attacks
2. Phishing attacks
3. Password attacks.

Malware attacks

Malware attacks are one of the most common types of cyberattacks. “Malware” refers to malicious software viruses including ransomware and spyware. For example, when one of your employees clicks on a dangerous link, it can download an email attachment that then breaches your business’s network.

Preventing malware attacks

Use antivirus software. Protect your tourism business from cyber security threats by downloading Avast Antivirus, Norton Antivirus, and or McAfee Antivirus antivirus software. These are our favourites but it is important to choose one that works for your business.

Use firewalls. Firewalls filter the traffic that may enter your device. Windows and Mac OS X have their default built-in firewalls, named Windows Firewall and Mac Firewall (so always keep your operating systems and browsers up-to-date)
Stay alert and avoid clicking on suspicious links.

Phishing attacks

Phishing attacks are a type of social engineering attack where an attacker impersonates a trusted contact and sends the victim fake emails (and SMS messages as well, more often this is occurring lately).

An all too common example is receiving a message from what looks like your bank saying that your account has been locked and you should click here to get help. Unaware of this, the victim opens the mail and clicks on the malicious link or opens the email’s attachment. By doing so, attackers gain access to confidential information and account credentials.

Preventing phishing attacks

1. Scrutinise the emails you receive, but it’s not easy to do this and you have to be very alert. In fact, most internet users are not able to identify sophisticated phishing emails. Most phishing emails have significant errors like spelling mistakes and format changes from that legitimate sources.
2. Make use of an anti-phishing toolbar and or Chrome extension.
3. Update your passwords regularly.

Password attacks

Password attacks are a form of attack wherein a hacker cracks your password using password-cracking tools.

Preventing password attacks

There are numerous ways to protect your tourism business from cyber security threats, including password attacks. We recommend businesses to:

• Use strong alphanumeric passwords with special characters.
• Do not use the same password for multiple websites or accounts.
• Update your passwords; this will limit your exposure to a password attack.
• Do not have any password hints in the open.
• Use an encrypted password system. We recommend 1Password or LastPass. When using these tools, make sure you use their password generator to create strong, using unique passwords as well as update them regularly. It will save you heaps of time as well as help secure your passwords and important credential documents.

These are the main three types of attacks incurred by tourism businesses but others include man-in-the-middle, SQL injection, a denial-of-service attack, and many more.

Our top 10 tips to protect your tourism business from cyber security threats

We work with thousands of tourism businesses around Australia and these are the top tips we share regularly and practice ourselves in our team and our personal lives to help to protect the business from cyber-attacks and stay secure online:

1. Set up multi-factor authentication on every website that you can
2. Tighten your Facebook account security by doing the Privacy Check under your Account Setting and Privacy menu and always have two admins on your Facebook page for redundancy
3. Update your operating system (all devices including your phone), apps and browsers regularly
4. Use antivirus software that is trusted eg Avast Antivirus, Norton Antivirus, and McAfee Antivirus
5. Most importantly ensure that all of your staff are following safe password practices, are aware of cyber security risks and how to be super alert and vigilant about the emails and messages they receive…don’t click the links if they weren’t expecting the email from this person. Pick up the phone and check with the individual who says they sent the email.
6. Remember your financial institution will never ask you to click a link to fix your account, they will ask you to call them, in which case you should check the number that they’ve provided to you and use the general helpdesk number that they make available
7. If an employee or debtor like a subcontractor, emails you to advise they’ve changed their bank account and provide you with a new BSB and account number, phone them to check they really have
8. Implement policies and procedures in your business, even if you are a tourism business, that ensures all of these tips and business as usual, including safe password management for all staff, and ensure your staff follows them!
9. Avoid using public wi-fi (without a VPN virtual private network) and secure your wi-fi with a strong password
10. Regularly back up your data and check with your WebHost and other digital suppliers that they have robust backup systems and good cyber security and recovery practices

Next steps to protect your tourism business from cyber security threats

We hope you have enjoyed dipping your toes in the most up-to-date cyber security best practices.

However, if you require more detailed step-by-step instructions on how to implement these smart tools, processes, procedures and tips to better protect your small business, check out our Work Smarter Not Harder course. This course has recently been updated with the latest strategies recommended by Australia’s cyber security experts on:

1. Smart and safe password management
2. Smart tools to protect your business (incl. small tourism business case studies)
3. Smart tools to save you time