By Ian Richardson, CEO, ICE ICT
Cyber security is a hot topic right now across many industries. With the recent guidelines issued by the major industry associations, cruise companies are having to revisit, or in many cases develop, their methods for preventing security breaches. However, it is a daunting task, and in many cases reading through the guidelines issued can raise more concerns for many companies.
When it comes to the cruise industry there are two very different areas for concern. One relates to cyber security threats against your company, with hackers accessing your data, and the other involves threats to customers on board your ships.
Cyber attacks against you as a company may either take the form of access to your customer database, where hackers will access personal customer information. It is important to remember that once individuals submit their data into your database, either through a booking website or other means, you own that data and have a duty to ensure it is secure at all times.
The other type of attack is on commercially sensitive data, which is fairly common. Naturally, this can have a major effect on your business as it can be data that the competition can use to its advantage. It will also likely affect your share price if leaked, which is likely as such an incident will attract significant media attention. Of course, this has the added effect of instilling a lack of trust in your ability to protect against security breaches.
In a world that is becoming increasingly connected, cruise ships have had to ensure good internet access on board cruise ships for its passengers. This means that whilst out at sea, users are accessing a whole host of sensitive data from their own devices, including online banking and email services, for example.
It is important to realize that cyber security attacks are not always specialized attacks on a company or individual. The most common breach is caused when someone with legitimate access to data allows that access to fall into the wrong hands, either by sending something to the wrong person, often accidentally, or by misplacing a phone or laptop on board.
Add to that, the credit card details stored in the on-board Property Management systems on cruise ships, or the numerous credit card transactions, which take place on board ferries or are registered throughout various point-of-sale locations, such as in shops, bars, and restaurants. In both these environments, even with PCI compliance, the POS devices or the PMS solutions are still open to attack.
When it comes to keeping your data and that of your customers protected, there are a few simple steps you can take to reduce the risks.
- Ensure you have proper administration for your entire IT system. It should have role-based data access to ensure the right people within your organization can only access the relevant information and data for them.
- Ensure all equipment is set up with strong password and encryption systems, including regular enforced password renewal.
- Everyone within your organization should get good, practical information management and governance training. That way, you can be sure the entire team is operating with best practices.
- Get an independent evaluation of your current systems.