The COVID19 pandemic caused disruptions in the normal functioning of people’s personal and professional lives. Various restrictions were put in place for working and traveling.
People had to work from home and put their travel plans on hold.Now post the emergence of Omicron, travel again has gone for a tailspin. Consider this- during Christmas, around 1,600 flights were cancelled across US, UK and Australia.
According to WHO, globally, as of 12 January 2022, there have been 312,173,462 confirmed cases of COVID-19, including 5,501,000 deaths, reported to WHO. As of 10 January 2022, a total of 9,194,549,698 vaccine doses have been administered.
Nearly two years after the pandemic, life is coming back to normalcy. A lot of organisations have resumed working from office and people have resumed traveling, which has also led to organisations being vulnerable to cyberattacks and data breaches. So, how have travel companies ensured that their data is secure?
“Farerportal invested in creating a new data platform, where we store millions of searches and search results from our B2C Websites Cheapoair.com and OneTravel.com. We also get a feed of all the searches happening across online and offline travel agents across North America, and then leverage that data to show at any point of time around 1.5 million unique deals to our customers. This entire technology stack is powered using our home grown architecture, and leverages Airflow, Clickhouse, MongoDB and other technologies,” said Vikas Banga, VP – Product, Fareportal.
Fareportal is a global travel technology leader and the third-largest flights OTA in North America, powering a next-generation travel concierge service and has built partnerships providing customers access to over 600 airlines, a million hotels, and hundreds of car rental companies around the globe. They have now entered the Indian market.
According to a recent report by the International Institute for Strategic Studies (IISS), India has made only modest progress in developing cybersecurity policies. And this is despite some high-profile attacks: earlier this year, an Indian aviation company was the victim of a major cyberattack and data breach, which affected around 4.5 million customers. A fast-food company in India found 13TB of its customers’ data had made it onto the dark web. A payments firm experienced a data breach that dumped the personal data of 3.5 million users onto the dark web, around 8.2TB of it.
“Managing data is very crucial for us and the hospitality industry as a whole. Data helps us to make important decisions for revenue generation and occupancy predictions. Once we know the level of demand for our property and from where exactly is the demand coming in, it helps us to optimize our marketing techniques. With travel being back in vogue we experienced an increase in occupancy and managing data became challenging. We had to speed up our hiring process and also shift to a space-efficient office. We invested in effective database management software for easy information feeding, tracking customer information, and building a customer database for the future,” said Varun Arora, CEO and Co-Founder of Ekostay, a homestay venture.
EKOSTAY is a homestay venture that offers the comfort of private homes/villas/apartments in different parts of Maharashtra and was founded in 2018 by Husain Khatumdi, Sohail Mirchandani, Varun Arora and Zishan Khan.
Is customer data safe?
According to a report in Orange Business Services,the cyber threat numbers in India have been alarming over the past 18 months. According to India’s Computer Emergency Response Team (CERT-In), the country was subjected to over 600,000 cyber-attacks in the first half of 2021. Kaspersky found that brute-force attacks against remote desktop protocol (RDP) in India increased from 1.3 million in February 2020 to 3.3 million in March 2020 as Indian workers began mass working from home (WFH). The attacks continue to grow: in July 2020, India reported its highest monthly number of attacks ever, at 4.5 million. By February 2021, there were up to 9 million attacks.
Vikas Banga explained that Fareportal is PCI-DSS and ISO 270001 certified and follows best security standards including CCPA and GDPR to ensure safety of our customer’s data. They have 24X7 monitoring of malicious activities by the Security Operations Centre through SIEM (Security Information and Event Management). Along with this, they also use best-in-class encryption and hashing technologies to protect PII and PCI customers. All this is managed by a team of 25 Information Security professionals, led by their CISO.
The hospitality industry sets an ideal environment for cybercrimes like identity theft and credit card fraud. There has been a rise in cybercrimes with more people opting for online payments and use of digital wallets like Google Pay and PayPal, added Arora.
He further explained that this makes it important for Ekostay to develop stringent policies for customer data security. Cybercrimes take place because we put in Payment card information (PCI) and personal identifiable information (PII) while making a payment online. We take a few constructive steps like encrypting card information and using basic cyber security measures like firewalls and anti-malware, updating firewall protection, validating our authentication systems timely, blacklisting access to risky sites. With the pandemic, we have most of our employees working remotely from different devices. So, we made sure that they access the servers securely with their mobile, by using a VPN. I believe that the safety of customers’ data makes you reliable and trustworthy in the eyes of your customer.
Improving Awareness
Awareness regarding the possible cyberattack or data breach is another area where organisations should invest their time and efforts. Many organisations are under an impression that they might never get attacked which is not possibly true.
According to Business Insider India report cyberattacks are increasing in frequency and severity, but nearly 80 per cent of Indian organisations struggle to provide adequate education to their leaders and employees regarding cybersecurity, according to a survey.
Despite increasing cyberattacks, budgets on cybersecurity have remained stagnant and executive teams continue to underestimate the level of damage threats can do to organisations, revealed the survey by global cybersecurity firm Sophos.
The survey identified that in India, the executives assume that their organisation will never get attacked. This was followed by the assumption that even though their organisation may be compromised, there is nothing they can do to stop it.
The findings also showed 56 per cent of Indian organisations weren’t running up-to-date cybersecurity protection at the time of the most significant attack they suffered in the past year.
It is important for organisations to make their employees aware of the possibility of a cyberattack and a plan of action for the same.
“All employees including leadership go through periodic mandatory Security Awareness programmes. This is followed by Certification as well. All the new employees also go through the mandatory certification as part of the Induction process. We also conduct security awareness engagement programs which include gamification, phishing simulation, online quizzes and more,” said Banga.
Varun Arora further explained that educating employees on cybersecurity threats is important so that they are prepared to encounter them at the right time. We have developed clear cyber threat policies in our firm that have to be followed uniformly by everyone. There are mandatory training sessions for the same.
“Our training sessions aim to build a culture of data security and ensure that everyone is equipped to identify potential cyber threats. Training includes communicating IT security policies, blocking access if wrong passwords are entered, identifying malicious emails, educating them on phishing scams, keeping them updated on cyber threat news, enabling email SPAM and internet web filters on their systems, recovering backup in case there is a fall back. We make sure that our IT team keeps a close eye on the training efficacy and extends maximum support to employees to equip them completely,” he added.
In the previous month, in another case of a data breach, personal data of almost 5.9 million Singaporean and South-east Asian customers of hotel booking site RedDoorz was leaked. Industry watchers have dubbed this as Singapore’s largest data breach.
Section 24 of the Singapore’s Personal Data Protection Act 2012 (“PDPA”) requires an organisation to protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks (the “Protection Obligation”). Authorities noted that Commeasure, the company which runs RedDoorz website failed to implement reasonable security arrangements to protect the personal data in its control.
All in all, as the travel industry gets back on its feet, it needs extra strength- to stand firm against all forms of cyber threats.
