At the Travel Leaders’ EDGE Conference, we attended a session by Shoeb Ansar, CIO for Travel Leaders Group, on how to safely conduct your business in a digital world. Here, we have a few tips for you on how you can keep your clients’ information safe, while conducting your business in a digital world.
During the presentation, Ansar pointed to the main causes of data theft as: equipment and property theft, system glitches, malicious hackers, and human error.
Human Error and Phishing Attempts
Let’s talk about human error, which is often caused by using e-mail to exchange payment information with your customers, which in turn can cause you to fall for phishing attacks. A phishing attack is when there’s an attempt by an outside source (a hacker) to obtain sensitive information such as usernames, passwords, and credit card details, by disguising as a trustworthy entity in an electronic communication.
The more barriers you put in the way of a hacker, the less economical you’re making it for them to hack you. — Shoeb Ansar, CIO for Travel Leaders Group
Phishing can involve sending an unsuspected individual a trick e-mail to steal their login and other critical information. Opening these e-mails can cause vulnerable gaps that allow hackers to infiltrate secure systems. In order not to fall for phishing attempts, check all elements of e-mails, from places such as your bank, that have a link. Make sure the e-mail sender is an e-mail from your bank, and always make sure the links open to your bank page, and not a different address—check the web address it opens to, not just what the page it opens to looks like. Often times, you can also receive an e-mail from Outlook that will give a sense of urgency saying if you don’t click a link or update a password, you can loose access to your e-mail account. Always check the e-mail sender’s address to make sure it’s actually from Outlook, and not a random e-mail address.
Three ways to stay safe from phishing attempts:
- Do not click on links or attachments in e-mamils you didn’t expect to recieve
- Never enter a password on any website by clicking a link in an e-mail—unless you requested this e-mail
- Do not download files or attachments from unknown websites or e-mails
Now, we know you are handling payment information often from your clients. Ansar’s advice for best practices when handling payment information is to call your customer to exchange financial information. Or, use encrypted data forms or approved applications to gather payment data from customers. NEVER send payment information via e-mail. And, only store credit card information in approved, secure, and encrypted databases.
“If you have systems in your business, make sure you’re storing credit card information, passport information, etc. in encrypted form, not simple text,” said Ansar. “Because it can easily be ticked off by hackers who have installed something on your PC. Encrypting it installs an extra step for them to hack you.”
Best Practices to Improve Security
- Always protect your username and password
- Never leave sensitive information unattended
- Destroy hard copies of sensitive data after use
- Create a cyber security plan to protect information, computers, and networks from a cyber attack
- Train employees to follow security best practices
“The more barriers you put in the way of a hacker, the less economical you’re making it for them to hack you,” said Ansar.
Here is a virtual assistant that can help you in making these online transactions a little easier.