Skip to main content

Have you watched data breaches happen to big companies and thought, “That wouldn’t happen to me. I’m just a small tour operator.” Well, I hate to break it to you, but small businesses are at risk of being hacked, and it’s probably higher than you think.

36% of targeted hacking attacks are made against businesses that operate with less than 250 employees. Why? Small businesses tend to not make investments in cyber security. In fact, according to the National Cyber Security Alliance, 83% of small businesses don’t have a cyber security plan, making them easy targets for hackers.

What type of cyber attack is aimed at small businesses?

There are a couple of different attacks that could happen. One way is that hackers will steal your customers’ credit card information. This has happened to tour operators in the past. Roberts Hawaii(opens in a new tab) had their customers’ personal information and credit card information stolen from them, and customers had fraudulent charges on their cards. The same type of cyber attack happened to NY CitySights(opens in a new tab).

It’s also possible that hackers will encrypt your company files or shut down your website, making them impossible for you to access unless you pay their ransom, likely a hefty price of a few thousand dollars. Hackers do this with enough companies and make enormous amounts of money.

Don’t let either of these cyber attacks happen to your tour company.

Take steps to protect your tour business, and it will benefit you in the future. Hackers are becoming more sophisticated and able to target more companies quickly, so if you haven’t taken steps to protect yourself, it is time.

Don’t worry too much because we at Tourism Tiger have created a guide for you to follow to protect yourself. All of these steps are easy and completely manageable for a small business.

Here is our advice on how to protect your company from hackers:

1. Train your employees to identify spear phishing.

You may not know it by name, but you have certainly heard of this hacking technique. Spear phishing is when a hacker sends an email to an individual or organization that seems like it is from a legitimate and trusted sender. The goal is to obtain confidential information. If you want to check to see if the sender is who they say they are, double check the email address for any spelling mistakes. For example, if they claim to be from Time Warner, make sure the email address doesn’t actually say “Time Warnar”. If you want to be extra safe, it is possible to check the IP address using certain email providers. Here are instructions(opens in a new tab) for the ones that make this possible.

The security software firm Trend Micro found that 91% of cyberattacks originate with a spear phishing email.

There are spear phishing awareness courses(opens in a new tab) available, but with some research, you could also attempt to conduct a course yourself.

2. Tell your employees not to download anything or click on links from suspicious emails.

3. Remove email addresses from your website.

Instead, use a contact form. This will make it more difficult for hackers to find you and target you through email.

4. Do not use a public WiFi network.

If you do, be careful to not share any personal or sensitive company information while using it. Public WiFi doesn’t just mean your metro’s WiFi: you should also avoid using a hotel(opens in a new tab) or coffee shop’s WiFi as well.

5. Buy an antivirus software.

Make sure to keep it updated to keep up with the changing techniques of hackers. Here’s a recent comparison(opens in a new tab) of the best antivirus softwares in 2017. You can weigh the options and see what you think would work best for your needs.

6. Invest in a firewall system.

Here’s a list(opens in a new tab) with the pros and cons of the best firewall systems so that you can decide which is best for you and your company.

7. Backup your files on a hard drive.

If hackers encrypt your data, at least you’ll have access to everything that you have backed up on an external hard drive. It won’t totally solve your problem, but in that moment of chaos, it will help.

8. Avoid the cloud.

Though companies claim to have secure cloud storage, you can’t be certain that it won’t be hacked. Don’t give anything sensitive to other people to watch over. Invest in a hard drive, and keep it safe on your own.

9. Regularly change your passwords.

Make sure they contain a mix of numbers, letters, and symbols.

10. Set up two-step authentication for your email addresses.

This means that you would have to log in with both a password and a code that is sent to your cell phone, so the hacker would only be able to access your account if they had your cell phone and were able to complete both steps. If your password is stolen by hackers in another company’s data breach, having a two-step process will prevent them from stealing more of your data.

No website is totally safe from hacking, but Tourism Tiger websites(opens in a new tab) come with TigerCare. In addition to regular site updates, you’ll get site monitoring with your subscription.


Find this article useful? Enter your details below to receive your FREE copy of 95 Epic Places To List Your Tours and receive regular updates from Tourism Tiger and leading industry experts.

By submitting this form you agree to Tourism Tiger contacting you via email.

(opens in a new tab)