Unless you’ve been living on a remote tropical island for the past few
years, you’ll know that “security” is – and most certainly
will remain – the talk of travel
And for good reason. Recent privacy breaches involving the paparazzi and
VIP travellers, and imminent regulatory changes to privacy protection that
greatly expand the scope of agency responsibility, combine to place the
spotlight of scrutiny squarely on the security and risk management strategies
of every travel agency.
A recent report1 from the
office of Minister for Justice Michael Keenan found that nearly a million
Australians suffered a breach of their private information in 2016, and according
to management consultancy KPMG2, almost a
quarter of Australians are “extremely concerned” about how companies use and
protect their personal data. As recently as November last year, sensitive
personal information of 50,000 people was exposed in one of Australia’s
biggest-ever data breaches3. And how
sensitive was the information that was leaked? Try names, passwords, ID data,
phone numbers and credit card numbers.
All of this is astounding considering the huge emphasis placed on
information security by governments and organisations large and small.
It’s also very daunting for
travel agencies who must ensure sensitive travel data is not only accurate and
accessible, but protected.
Stepping back, security is one of Tramada Systems’ our core specialties.
We’ve learned a thing or two about the best practices used around the world to
address offline vulnerabilities, online threats and governance strategies. After
all, we were the first mid-office travel technology platform in this region to embrace
the Cloud – moving critical
travel management data and functions away from individual, often siloed servers
to a secure work anywhere, anytime environment.
Given this experience, there’s never been a better time to share what we’ve
learned about the best practices when it comes to mitigating today’s ever-present,
and always changing, security risks.
To begin with, never share your passwords with anyone. In fact, this
should be a directive that’s written into your employee contract! Also on the
topic of passwords, within the tramada
system a complex password is mandatory and must include a combination of upper-
and lower-case characters, numbers and special characters. We also make it
mandatory that system passwords are changed every three months.
Finally on passwords, always use different passwords for different
systems so that if one password does fall into the wrong hands, it doesn’t
unlock other business assets.
around logins are also critical to security best practice. We recommend that agency
owners and managers regularly review staff login
time stamps, which can not only help identify anomalies in system use but also give
you a strong level of evidence – if ever needed – that your travel data was not compromised at a point in time, as well
as validation of when system security was breached and by whom.
Many tramada users take advantage
of our solution’s FOC 2-Factor-Authorisation to prevent logins from any unauthorised
IP address – and also tramada’s IP
lock-down feature which ties user logins to a specific computer, or IP address.
And of course, you should also make it a rule that employees log out of
the system when they are away for a reasonable length of time, most definitely
at the end of each day, and that their screens show information only to people
who are entitled to see it.
Another important aspect of security is to always terminate
user logins whenever employees leave your business. One would think this is a
no-brainer, but it’s surprising how easily it can be for an employee to take,
or easily guess, their former colleagues’ passwords or logins.
We could go on, like the need to clear your browser cache daily,
securely dispose of hardcopy documents and correspondence, and to have clear
role-specific security and confidentiality policies that are included in a policy
and procedures document – that is
read by every employee.
Then there’s ensuring personal software is not installed on company
computers, and that laptops are secured at all times, on and off agency premises.
Keeping the agency’s anti-virus protection up to date will stop many threats
before they reach your network but to be safe, agency staff should never
download executable (.exe) files from the Internet, only download files from reputable
companies and never unknown email senders, and always remember to sign out of their
But perhaps the best advice we can give travel agents of any size who
are concerned with security is this: be PCI-DSS compliant. Using encryption software ensure your organisation can provide maximum
security when processing customer payments and handling customer data. Here
again, the tramada solution gets a
big tick because it has been designed from the ground up to be a fully PCI-compliant
Gemalto, an international digital security firm and the world’s largest
manufacturer of SIM cards, recently reported that more than one billion data
records were lost or stolen around the world in 20164 – a number expected
to grow substantially when 2017 numbers are tallied.
It may never be a perfectly secure world, but as
you can see many risks can be eliminated and most can be mitigated.
One thing’s for certain: any investment you make in
improving your organisation’s levels of data security and privacy protection
will return to you as a tenfold reward, not least of all in the ability to
enjoy a good night’s sleep.
crime and misuse in Australia 2016.” Commercial and Administrative Law Branch,
Attorney-General’s Department, Barton ACT 2600. Email: [email protected]
“KPMG survey reveals consumers’ data privacy concerns”. KPMG, 4 November
2016. Email: [email protected]
“Data breach sees records of
50,000 Australian workers exposed.” Canberra Times, 2 November 2017.
– It’s all about identity theft”. BLI Annual Report 2015. Web: www.gemalto.com