As people engage in more travel, both for personal reasons and work trips, in the coming months, travellers may face more cybersecurity risks. Check Point Research, a cybersecurity solutions company, has seen a 40 per cent increase in attacks within the hospitality industry over the past year.
Business trips specifically are once again on the agenda for Canadians. In fact, according to a Bloomberg article, bookings for fall trips have increased six-fold since last year. Some of the biggest corporations are booking 24 per cent more reservations than in 2019.
Robert Falzon, head of engineering at Check Point Canada, said there are security risks in every step of travel, from the point of booking to departure.
Falzon said people can be susceptible to security risks if they don’t protect themselves properly, but even if they do, often the vendor itself has poor protection.
“Some of that risk lies with the vendor as well. So for example, if a travel portal is not properly secured, or the company that runs that portal hasn’t done a good job of having basic cybersecurity capabilities built into their platform, that can also present a challenge,” he said.
Falzon said there are several security issues that present themselves when booking a flight or hotel. He noted that one big issue is password re-use between sites. When users use the same authentication to log into their Airbnb account that they use for their Facebook ID, for example, it puts them at risk.
“In the news recently, it seems like every week, there’s a new major release of customer data from one company or another. And all of that contains credentials. So what we see is bad actors are using these credentials, they’ll get one of these leaks, for example, and they’ll take the information they get from that leak, and then they will go and attempt to login with all these other services using that user’s information. So they can expose them in a great number of ways.”
Falzon also talked about a recent tactic which involves attackers accessing people’s information through public WiFi. This strategy seems to be gaining attention as the majority of airports, stores, and coffee shops now offer free WiFi. He noted that generally, there is no security put on these WiFi systems.
“And as a result of that, it’s very like if you were to sit in a room full of people that you didn’t know, say, an airport lobby, and then have a very loud conversation with your spouse about something very personal. Everybody around you can hear it,” he said. “That’s the exact same thing as being on public WiFi, by us going on there and discussing things or uploading documents or sharing personal details.”
To avoid hackers accessing your personal information through public WiFi, Falzon recommended using protection tools on your device. Certain tools can identify whether somebody’s sitting in the middle and listening to your conversation, or whether the app you’re using might be compromised in some way.
Using a personal hotspot can also be a better alternative, since they are password protected and connected to your carrier, so your connection remains private.
Additionally, VPN services are another popular way to secure connections across a public network, but Falzon cautions users to be aware of which VPN they use. He said some services gather and sell user data.
“It’s almost worse because you’re actually paying someone to spy on you. So be very careful with those as well.”
While ransomware attacks within the hospitality industry may not be more common compared to other sectors, Falzon said the nature of the customers can be more vulnerable.
“The hospitality industry sees folks with very great cybersecurity knowledge, but also many, perhaps most, with very little to no cybersecurity knowledge or understanding. So as a result, the people interacting with their services, they’re less educated on the risks and challenges facing them. So that’s probably why we see a great number of those challenges.”
Falzon recommended that, when booking trips, users should only access flight deals directly through the companies’ websites. He noted that email scams are extremely popular, and hackers will often try to email people malicious links disguised as travel discounts. He also added not to use the same credentials on every site, and to make an effort to switch up passwords with unique IDs.
Lastly, Falzon talked about how cybersecurity education in general needs to be enhanced and taught to younger generations who may not be as aware of how easy it is to have their accounts and data compromised.
“If we could teach the younger generation about the basic risks of cybersecurity and basic security hygiene… if we start teaching children early about the risks and challenges that face them and how to be more secure, I think it would just become more second nature,” he said. “Just like how we don’t walk across the street looking both ways.”