On 1 May, members of the adventure tourism community gathered at the Adventure Travel Trade Association’s (ATTA) AdventureConnect in Boulder, Colorado, to learn about cybersecurity from one of Colorado’s highest ranked startup companies, Automox. Automox offers fully automated data security through its cloud-based patching system for all major computer operating systems as well as for third-party software.
Presenter Gavin Matthews, product manager at Automox, started with the “bad news” for everyone in the room, citing the travel industry as the worst-case scenario in terms of security. Travelers are uniquely at risk because they inevitably share sensitive information as part of their journey: passport and credit card numbers, itineraries, medical history, emergency contact information. This personally identifiable information (PII) is especially susceptible to data breaches and identity theft — and travelers and tour operators alike need to be particularly vigilant in protecting themselves and/or their clients.
Describing the cyber threat landscape and the type of players that lurk “in the wild,” Matthews touched on major risks to travelers and the travel industry.
The biggest threats are:
- Customer data (PII) spread across many different tools and systems.
- Dependence on third-party software and security.
- Device proliferation; data shared across desktops, servers, laptops, and phones.
- Global networks that are more vulnerable to malware, government overreach, and bad actors.
To combat the risk of a security breach, he offered some top-level considerations for both businesses and individuals. The best defenses against cyber threats include:
- Keeping operating systems patched.
- Keeping all software patched.
- Managing third-party software deployment.
- Managing endpoint configurations. Devices may have solid configurations on them but can be threatened by bad passwords, bad USB drives, etc.
“All of these are different paths by which people can come in and ruin your day, your reputation, in a heartbeat. It doesn’t take much,” Matthews said, adding that, fortunately, patches are available for all of these vulnerabilities within days or hours of them appearing. As long as you’ve taken the right steps up front and set your system to auto-update, you should be protected. But, he said, you have to heed the notices you receive to keep things current. “Never hit that button to ignore, cancel, push off into forever,” Matthews said to a room full of guilty laughter. “You all do it; don’t pretend like you don’t.”
To sum up the fundamental rule of cybersecurity, Matthews flashed an easy-to-remember slide that elicited another good laugh: #patchyourshit.