Top tips for the Leisure and Tourism industry

With all the delays and cancellations in the recent weeks, the travel and tourism industry has been hit hard by a combination of challenging situations.

Group of people checking in at airport

A successful cyber attack is the last thing that you need, with the cost in time, money, and reputation. Imagine if you couldn’t email your clients about the last-minute deals or forward them their travel plans because your network was encrypted by malware?


So, to make you sleep secure in the knowledge that you have taken some steps to strengthen your business, follow our top tips to improve your cyber resilience.

A few, free, simple steps can vastly improve your resilience.

5 things to do today

  1. Ensure all your staff are using strong passwords. This means that they are unique – not used across multiple platforms – and not easily guessable - so no MyCompany1.

  2. Consider using a password manager for your staff to use. You remember just one strong password and your password manager remembers the rest. Watch our short video to find out more.

  3. Enable 2 Factor Authorisation (2FA) wherever possible, but specifically on any social media site, emails and anywhere you have payment details. This means that if your staff’s usernames or passwords are released, criminals still won’t be able to access the account. You can find more about 2FA here.

  4. Check your current exposure on haveibeenpwned.com to see if any password they are using is known to cyber criminals.

  5. Register your business's domain at haveibeenpwned.com and NCSC Early Warning and get notified if it appears in any data breaches or malicious information feeds.

Things to to do as soon as possible

  1. Join the Eastern Cyber Resilience Centre. It’s free. We’re a police-led, not for profit company. By joining us you will be kept up to date with the latest threats to your business as well as guidance, support and direction to free tools and services, and access to our affordable student services which can help with vulnerability assessments and staff awareness training amongst other services. Join today.

  2. Have offline backups and test the recovery of them. Companies falling victim to ransomware still pay criminals even though they have backups because they have never evaluated them, and then when they need the data the most, they find that they can’t recover. This can be linked with having an incident response plan. You can find free template plan to get you started here.

  3. Ensure you have anti-malware on all devices, including your phones.

  4. Train your staff to recognise common phishing attacks and how to report them. Phishing attacks are the most common form of cyber-attack, and your staff can be your weakest link or your strongest defence, but only if they know what to look out for a do. The ECRC can provide bespoke Staff Awareness Training through our affordable student services.

  5. If you have a website, get a web app vulnerability assessment. This will look at whether your site is secure from the most common cyber-attacks against it.

  6. Install those updates as soon as possible. Criminals also know about the vulnerability and will craft attacks specifically for known vulnerabilities.

Further Guidance and Support

The ECRC is a police-led, not for profit organisation which companies can join for free.

Joining our community provides:

  • Threat alerts both regionally and nationally

  • Signposting to free tools and resources from both Policing and the NCSC

  • Little steps programme – series of weekly emails which aligns to cyber essentials looking at bite-sized practical information to build cyber resilience

  • Discussion area to meet and discuss other companies in the region and our partners