Travel firms are being urged to review their cybersecurity due to the threat of increased warfare in Ukraine a year after Russia’s invasion of the country.
Anti-fraud association Profit said the February 24 anniversary could be marked by Russia stepping up its conflict and warned of a greater potential for cyberattacks as a result of the UK’s decision to send 14 Challenger 2 tanks to Ukraine in the coming weeks.
Previous announcements about new supplies or equipment being sent by western countries have been followed by substantial cyberattacks, alleged to be by Russia.
More: Travel-related fraud nears pre-Covid levels
Travel firms warned of link between fraud and organised crime
Comment: We must stay vigilant to help fight rise in fraud
While these cyberattacks have tended to target critical, national infrastructure and third-party organisations, systems and services, private firms can be affected through the loss of digital services and businesses need to have contingency plans in place to deal with this, added Profit chairman Barry Gooch.
He said: “With travel being reliant on digital systems and networks, and increasing cyber-enabled attacks by criminals and countries, it is a good time to remind companies to check their resilience.
“Travel companies will not generally be targeted by countries, but could be by criminals who use similar techniques. Therefore, the systems that companies rely upon for banking, communication and operations could be compromised and need to be secured.”
Profit this week issued a ‘resilience checklist’ to its members that explains measures organisations need to consider to reduce the risk of a security problem.
Good cybersecurity includes essential elements such as a firewall, which acts as a buffer between a firm’s internal network and the internet; strong anti-virus software; data back-ups; keeping an up‑to-date list of hardware devices connected to the system; and managing user accounts.
Profit’s checklist suggests standard must-dos for businesses such as testing software, hardware, updates, back-up systems, third-party system access, password controls, firewall, anti-virus software and phishing responses. In addition to these steps, companies should have a response plan and comprehensive cyber insurance policy.
Gooch stressed businesses do not need to spend money or employ a third party to secure their business from attack.