4 Steps to Address Data Breaches in Business Travel

In the last several years, travel and hospitality industry has been frequently targeted by hackers. Read our Navigator blog post to learn what travel managers can do to proactively address data breaches.

In a time where many companies are striving to create personalized experiences for customers, the amount of data being generated and collected to fulfill this mission is staggering. While industries are working to create these experiences, hackers are at the other end trying to gain access to that same data.

Not only is it important for a technology team to plan for a data breach, it’s also vital for travel managers to be prepared as well.

Here’s what you can do to prepare for a data breach.

1. Get Familiar with GDPR

Now that the European Union’s General Data Protection Regulation is in full effect, businesses that collect or process personal data from EU citizens must be extra vigilant about protecting data that may identify a person. Failure to do so could result in significant fines.

Travel managers should consider working with a travel management company (TMC) that is highly familiar with GDPR to ensure they are fully compliant when it comes to their travel program. A TMC can help travel managers assess all of their current travel supplier contracts to determine whether their partners are compliant with GDPR and ensure that all data processing agreements between the data controllers and processors are up to date and meet the requirements of the regulation. This includes airlines, hotel brands, travel technology suppliers and other travel related vendors.

Learn more about addressing business travel concerns under GDPR in this Navigator Blog post.

2. Create a Crisis Plan

Before a data breach even happens, identify and engage a core team – security, privacy, legal, IT, communications and HR teams – who will be responsible for taking key steps if a breach happens. It’s important to have the right teams ready to put a stop to the breach and mitigate further risk to sensitive data and the brand. 

Once you have identified your core team, build a comprehensive crisis plan with them to ensure that everyone knows what needs to happen if a data breach should occur. Revisit the plan at regular intervals to ensure you still have the right individuals on the team as your business changes.

3. Communicate with Your Stakeholders

It’s important well before a data breach even occurs that everyone knows the company’s crisis plan and what role they will play to prevent it from happening. If it does happen, the news of a data breach can travel fast and will potentially cause stress and panic. As part of your crisis plan, be ready to communicate with travelers, executives, suppliers and others. Sending a communication to all stakeholders right away letting them know you are aware of the data breach and responding to it will help put a halt to any rumors. 

  • Travelers: Provide travelers with key information on how to secure their data and monitor their financial activity to see if any data has been compromised. 
  • Executives: Be in constant contact with executives to keep them updated on progress and provide them with customizable communications that they can send travelers and other employees.
  • Suppliers: Ensure that you and your suppliers have a solid understanding of each other’s data security plans and what the data breach protocol is if one company is compromised.

4. Educate Your Travelers 

Travelers are vulnerable to potential data breaches when they use public Wi-Fi and open documents on unsecure networks. Hackers are always ready to target unsuspecting travelers. As a travel manager, it’s important to educate your travelers before their business trip to proactively protect themselves against hackers. 

First, encourage travelers to be selective about the devices they bring on a trip and make sure they back up their information to the cloud or the company network. Second, avoid public Wi-Fi networks that are free, especially those that don’t require a password. Once a user accesses a fraudulent network, hackers can access all the data they want. Last, provide travelers with a hotline they can contact in case they lose a device. It’s important that they know who to contact to ensure the company’s data is safe and secure.

Are You Ready?

No system is ever perfect; however, don’t let fears of a data breach jeopardize the traveler experience. Be confident that you have a plan in place and you’re ready to act if a breach occurs. As companies continue to build new travel products and collect more traveler data, travel managers should have their crisis plan ready to address data breaches as soon as they occur. 

Managing traveler, client and customer data is an evolving challenge and organizations must be diligent about protecting their data. Read more about corporate data fraud in this Navigator Blog post:

Preventing Corporate Data Fraud with Travel Risk Management

Preventing corporate data fraud with travel risk management

Related Resources

Corporate travelers can reference this post for the latest information on international travel updates, including ETA, EES, and ETIAS.
From open tech platforms to the evolution of TMCs, here are highlights from Steve Singh’s conversation on the Travel Again podcast.
How to create a sustainable travel policy, integrate sustainability into purchasing decisions, and educate travelers about greener business travel.