The Ultimate Data Security Itinerary For Travel Firms

Aug 8, 2023
May 15, 2024
Jonathan Sharabi
The Ultimate Data Security Itinerary For Travel Firms

When Travel Weekly listed their top 50 travel agencies of 1992, the top four brands were over 100 years old. In the magazine's most recent list, published in 2022, most of 1992's leading brands have been bought out or have gone out of business, and the two top spots are taken up by companies built on tech that barely existed 30 years ago.

Today's mix of cost inflation, unique post-Covid market conditions, and sustainability concerns are the continuation of a wave of change that has rocked the travel industry. Resilient travel brands will face these challenges head-on. How? By reducing the risks they have the most control over, like data exposure. 

Whether you're in hospitality, transportation, experiences, or a combination, the personally identifiable information (PII) that powers your travel brand's sales, marketing, and operations growth plans is valuable, and cybercriminals are getting better at stealing it. Ransomware attacks, which nowadays involve data theft, against travel industry operators are rising year-on-year

You can't prepare for every data risk you face, but you can use a proven itinerary to guide your journey toward secure data use - even while processing information from millions of travelers across different jurisdictions from a multitude of sources. 

3 Data Security Destinations for Travel Firms

From the moment of awareness to the point of sale, your marketing, sales, and operational teams collect, analyze, and store prospect and customer data. 

But while the collection of data from online reservations, loyalty programs, and any interconnected businesses you may rely on is a top concern for your organization, the security of this data can be an afterthought. To reverse this trend, add these three security destinations to your bucket list. 

A cruise toward continuous discovery

A leading reason for security breaches in the travel sector is brands not knowing what kind of data they’ve collected or where sensitive data is located.

Even if you make a concerted effort to find and classify your data estate, can you be sure you are classifying everything? Sometimes sensitive data can sneak in through pathways you take for granted, i.e., when you collect spousal names and phone numbers during the booking process. 

Data can also be transformed and copied, ending up in different locations across the organization than it was initially stored in. 

As many as 45% of data breaches are cloud-based, according to IBM’s 2022 Cost of a Data Breach Report, yet as headlines such as "Exposed database left terabyte of travelers' data open to the public" show, organizations are often the ones who leak sensitive data in the first place - most of the time, because they don’t know they have it. 

With data flowing into your business continuously, the best response is to continuously understand and maintain oversight of new and changed data. 

An island-hopping adventure classifying and contextualizing data  

For travelers, great experiences blur into happy memories, but negative ones stick out for very clear reasons. And just like a noisy room in a hotel or a delayed flight might prompt potential customers to go elsewhere, losing customer data to a data breach will make someone reconsider your brand.

Reducing this risk depends on classifying and contextualizing data. Behind the scenes of every travel brand, each unsecured data record is unique in how it creates risk.

Aside from obviously sensitive information like someone's financial details, data creates risk as a product of its context. A first name by itself is relatively harmless but put that first name alongside an email address and phone number, and you need to provide it with robust protection. 

Understanding data in the context of data sovereignty rules is also essential. You might be a US-based business but receive bookings from EU travelers. Are you treating their data in a GDPR-compliant fashion? With regulations like the CCPA and CPRA creating different data protection regimes within the US, this challenge is multiplying.

Travel firms need an AI-powered classification engine that can give them insight into the evolving context surrounding their data. 

A wilderness adventure in sensitive data security controls

Few travel firms apply data security controls uniformly. Just look at some recent hospitality data breach examples for evidence:

  • A hotel reservation system owned by Best Western Hotels left a 179-gigabyte database containing PII, including names, dates of birth, phone numbers, and home addresses, exposed online due to a cloud storage misconfiguration. Some of the exposed PII belonged to members of the US government, the Department of Homeland Security, and the military.
  • The same thing happened to a European hotel chain this year which exposed about 13,000 individuals’ PII, like names, email addresses, phone numbers, and booking details. 
  • An ethical hacker accessed an unencrypted database backup file that belonged to the Indian airline SpiceJet and contained the private information of more than 1 million customers. 

These and other data breaches could have been avoided if data security controls were applied uniformly.

But, as any security team knows, deploying controls at scale through manual processes is impossible, especially within a modern connected IT environment where data is constantly changing. It's one thing to say you follow a least privilege model but another to enforce it.

The solution here is an automated system that knows what security controls are applied to your sensitive data and helps you enforce controls. 

Keep Your Travel Firm’s Data Secure with Cyera 

Cyera helps your firm delight customers without putting their data at risk. Our platform allows you to continuously classify data without installing agents or undergoing complex configurations. 

Through precise classification and context, we provide businesses in the travel and hospitality sector with a way to gain immediate actionable context into their data risks. 

The data you collect is fluid and continuous, as is our AI-powered classification platform. 

See how Cyera helps travel firms understand and secure their most sensitive information by scheduling a demo today.