On 1 May, members of the adventure tourism community gathered at the Adventure Travel Trade Association’s (ATTA) AdventureConnect in Boulder, Colorado, to learn about cybersecurity from one of Colorado’s highest ranked startup companies, Automox. Automox offers fully automated data security through its cloud-based patching system for all major computer operating systems as well as for third-party software.
Presenter Gavin Matthews, product manager at Automox, started with the “bad news” for everyone in the room, citing the travel industry as the worst-case scenario in terms of security. Travelers are uniquely at risk because they inevitably share sensitive information as part of their journey: passport and credit card numbers, itineraries, medical history, emergency contact information. This personally identifiable information (PII) is especially susceptible to data breaches and identity theft — and travelers and tour operators alike need to be particularly vigilant in protecting themselves and/or their clients.
Describing the cyber threat landscape and the type of players that lurk “in the wild,” Matthews touched on major risks to travelers and the travel industry.
The biggest threats are:
- Customer data (PII) spread across many different tools and systems.
- Dependence on third-party software and security.
- Device proliferation; data shared across desktops, servers, laptops, and phones.
- Global networks that are more vulnerable to malware, government overreach, and bad actors.
- Keeping operating systems patched.
- Keeping all software patched.
- Managing third-party software deployment.
- Managing endpoint configurations. Devices may have solid configurations on them but can be threatened by bad passwords, bad USB drives, etc.
To sum up the fundamental rule of cybersecurity, Matthews flashed an easy-to-remember slide that elicited another good laugh: #patchyourshit.