Cybersecurity: How to protect your company's digital financial assets

Leighton Cosseboom on 04 September 2018

Businesses looking to conduct financial transactions online need to take cybersecurity into consideration. This is especially true for Asia’s tour and activities companies, many of whom are operating online for the first time.  

If you run a tour and activities business in Asia, then you’re probably used to the old paradigm of locking up cash in a safe and making weekly bank deposits. But as tech and e-payments continue to penetrate and propel the industry, operators coming online need to take measures to ensure their digital financial assets are protected. Afterall, you wouldn’t leave the safe open in the back office, would you? Cybersecurity is no different. 

According to Australia's telecoms giant Telstra, 59 percent of Asian organisations experience a business-interrupting security breach at least once a month. Its director of security solutions asserts that modern hackers are moving to more sophisticated agendas such as espionage, disinformation, market manipulation and disruption of infrastructure. These are on top of previous threats such as garden variety data theft and extortion.

Risk solutions company ThreatMetrix echoes this sentiment, claiming modern cybercrime in the travel space is not only about monetary theft. Both fraudsters and “dishonest establishments” now see that there is a market opportunity in the form of rigging trusted review systems, platforms have become a key part of the online travel experience worldwide.

For tour and activities operators, common and preventable risks include things like fraudulent e-payments and theft of sensitive information such as passwords and financial data. Here are some common sense steps that Asia’s tour and activities operators can take to secure their digital financial assets. 

Secure all your company's networked devices


Small digital viruses known as malware can easily infect your company’s laptops and mobile devices. Start off on the right foot by installing security software on all company devices to protect against malware invasions. 

Make sure the software you choose includes features that specifically guard against viruses, spam and spyware. Have your IT person set the software to update automatically. Often, updates contain important security upgrades based on recent viruses and attacks.

Go the extra mile and implement a firewall to protect your internal network. Calibrate the firewall to all portable devices and keep them updated to prevent threats from entering your network.

Manage and update administrative passwords


It’s imperative that you as the top manager have all the administrative passwords for people who work at the company. It’s also important that you update them regularly. One conceivable reason for this is that you don’t want a terminated employee walking out onto the streets with a working password to your financials. 

Make sure you change passwords to something that can’t be easily guessed. Attackers can often gain full access to your system from an administrator level account. Think about using a password manager that safely stores and creates passwords for you. 

Teach your staff to be savvy


Experts will tell you that it’s much easier to hack a human than it is to hack a digital system. Tour and activities operators who are accepting e-payments for the first time need to invest in team training. Make sure your crew understands the threats they can face online and the role they play in keeping your business safe.  

To get specific, they need to know the basics about things like network access usage, suspicious activity, fraudulent emails, phishing schemes, and why they need to maintain strong passwords. 

Protect the customers


Now that you’ve built a digital moat around your business, it’s time to extend protection assurances to your customers. No matter how small your customer database is, it’s important that you keep it safe. Apart from delivering a painful hit to your brand’s reputation, there could even be legal consequences for losing control of your customers’ personal information.

Many online shoppers insist on knowing that their payment details and address are kept private. Your customers want to know that you will not share their details without consent. Set up a secure online environment for transactions, and make sure their personal information is locked up tight as a drum. Establish a relationship with your payments gateway, and ask about what it can do to prevent fraudulent transactions.

While developed regions have specific laws in place (e.g. the General Data Protection Regulation in Europe or the Australian Privacy Principles), Asia is still largely unregulated in this respect. This means operators need take it upon themselves to handle customers’ data with integrity.    

Schedule regular security audits


This cannot be overstated. Routine security audits—inclusive of bolstered data encryption and airtight password control—are paramount. There’s nothing more dangerous for a business than an outdated cybersecurity system. Enlist the help of a reputable tech solutions provider to assist with this. The right partner can also advise your team on what to do in the event of a data breach (knock on wood). 

In short, Asia’s tour and activities operators handle more data than you probably realise. Imposing regular checkups will keep your brand in good legal standing, increase customer confidence and hopefully lead to more repeat business in the long run. 

著者について

Leighton Cosseboom
Leighton Cosseboom is an American media entrepreneur in Southeast Asia. He is the former chief English editor of Tech in Asia's Indonesia chapter, and recently co-founded Content Collision (C2), a media services and technology firm serving brands and publishers in the region. He often writes about technology, travel, and business. He is a contributor to outlets like Nikkei Asian Review, Thomson Reuters, and more. Today, he serves as CEO of C2.