Although this series of articles may not sound intriguing, the information they hold is critical to the well-being of your business. Just as you help your clients understand why they need travel insurance, our purpose here is to make you aware of the benefits of understanding and adequately addressing information security in your business. It can be the difference between surviving and going out of business. Read these articles to gain an overall understanding of what and how your business should be protecting. Don’t panic! If you do not consider yourself “tech savvy” just pass this information along to your “computer guy” (be it your teenage son or the Best Buy Geek Squad) and have them take the necessary steps to protect your clients, your business and yourself.
Most people think of security in terms of protecting people or material things, such as a car or a house. Security systems, cctv security cameras, security cables, police, etc., most often come to mind when considering security. In many instances, there is some type of alarm to warn you when your security has been breached. Others may think of financial security – making sure there is money to take care of unexpected things now, and being able to retire on a cruise ship in the future.
But, what is information security? Have you ever actually thought about the type of information that you’re entrusted with and how you keep it safe? In many ways, information security is about both physical security and financial security, but possibly not for the reason that you may think.
Before we get into that, however, we need to have a common understanding regarding what information security really is. At the very highest level, information security is the management of risk. In other words, it’s understanding what information you have, what that information is worth, and what the consequences are when it gets lost or stolen.
Data versus Information
It is also necessary to understand the difference between data and information. Data are simply facts. When data is processed, structured and put into context, it becomes information. Data is not nearly as valuable as information. As an example, a series of sixteen numbers (0012345678901011) is data. These numbers could mean almost anything. But without any more data, this is nothing but a series of numbers. If someone were to get this data, there is nothing that could realistically be done with it. But, when this same series of numbers is combined with a name, an expiration date, and three-digit security code, it becomes a credit card number – usable (and valuable) information.
So, what information do you have?
As a travel professional, you have access to your clients’ information. This usually includes names, addresses, phone numbers and email addresses. That information alone, if lost, could be an identity theft threat for your clients. It is also highly likely that you have even more sensitive and confidential information such as: dates of birth, passport numbers and credit card numbers.
All of this information combined gives you what is called Personally Identifiable Information – or PII for short. PII is defined by individual states and the definitions vary across them. For example, in most states a name and address in conjunction with an account number and PIN are considered PII. In other states, something like a credit card number, passport number, or social security number is needed. The PII laws that apply are the ones where your clients live, not where you are located. (We’ll go into much more detail about PII in a future article.)
Why should you care about its safety?
The loss of your clients’ information (even if it is simply their name, address and phone number) can constitute a data breach. By law, if you do not take adequate precautions to protect this data, you would be financially responsible to any clients affected; responsibilities that could put you out of business.
Of small and medium size businesses that have suffered some type of data breach, 80% end up filing bankruptcy and/or going out of business as a result of the data breach. You can protect your business (providing you with financial security) by implementing a solid information security plan.
How do you know if the information you have is secure?
Running anti-virus or anti-malware software is absolutely critical, but it is only the first step. Do you have client data on your laptop, iPad, or iPhone (even just names and phone numbers in a phone directory)? Do you have a power-on PIN or Password on the device in case it’s lost? Do you use any type of online backup service (like BackBlaze or Carbonite)? Do you encrypt your information?
If a cyber-criminal has managed to get access to your information, there will not generally by any type of alarm that lets you know that your information is at risk (or has already been stolen), as it would if someone were to break into your car. There are no statements to look at to see that you’re doing the right things to prevent a breach, as you would for your investments and credit cards.
This is the first in a series of articles that will focus on various aspects of information security. In the coming weeks, we’ll dig deeper into each of the areas mentioned above: Virus & Malware Protection; Personally Identifiable Information; Encryption; Backup and Recovery; and PIN & Password Protection. By implementing an information security plan in your business, you will be protecting your clients’ information, but protecting your business as well.
John Schaefer is an information security expert with over 20 years of experience in Global 100 corporations. His experience includes application development, network operating systems, network hardware, and security architecture. He is the Chief Technology Officer for Eastvale Consulting Services, Inc.
Susan Schaefer is the owner of Ships ‘N’ Trips Travel (www.shipsntripstravel.com) located in Brentwood, Tennessee, and specializes in leisure travel with a focus on group travel and charity fundraisers. Through their division Kick Butt Vacations (www.kickbuttvacations.com) she focuses on travel for young adults under 35. Susan can be reached by email at firstname.lastname@example.org or by phone at (888) 221-1209).