Hospitality and tourism firms are being warned to beef up their cyber security with a warning that attacks on businesses is rapidly on the increase.
The South West Tourism Alliance (SWTA) has backed a new police and private industry initiative to make businesses counter the threat as the region gears up for its busiest ever summer.
Cornwall, Devon and Dorset top the list for staycation bookings in self-contained accommodation such as cottages and campsites.
But the boom comes against a backdrop of small firms being targeted.
According to the Federation of Small Businesses, 46% of businesses in the UK suffered an attack on systems last year and lost an average £3,200 cash each time. Small firms are collectively subject to 10,000 cyber-attacks a day.
The SWTA joined an online seminar last week by the South West Cyber Resilience Centre, which is headed up by Superintendent Martin Moore, on secondment from Devon and Cornwall police.
He told the seminar that the bar for cyber crime was lowering enormously, with so many more people understanding how to do simple hacking.
“You can even buy kits,” he said. “There is a real move towards targeting businesses rather than individuals. The threat is only beginning to grow.”
According to a report by insurance company Erismus, the UK hospitality and food sector spent the least on cyber security in the 2018-19 period committing only £1,080 on average compared with £22,050 by financial and insurance firms.
The increasing dangers were spelt out by Rob Partridge, a member of BT’s Ethical Hacking Team, which helps customers improve cyber security by specifically trying to break into systems.
He pointed out that even the simplest social media posts asking people to name their first car, mother’s maiden name or birth date were designed to elicit information that could help change passwords.
“There are all these little quizzes out there, so think about what information you are giving away,” he said. “The answers help build up a complete picture of you – and it only takes 32 milli-seconds to get onto your device.”
The founder of a small firm may well use easy passwords to set up systems, and hackers have what are called Rainbow or Dictionary lists of obvious passwords that they will use to try and gain access.
More seriously, if they manage to physically attach a Keylogger into a USB slot on a computer, that will record every keystroke – and password – and pass on the information.
The SWCRC covers an area from Cornwall up to Wiltshire. And like other CRCs around the country, it aims to protect small and medium sized enterprises (SMEs) with advice, scam updates and webinars. It’s free to join a CRC – just head over to brimcentre.com/network to find your local centre and sign up.
It’s not for profit but does offer different levels of membership and services – including a low-cost project whereby students from Bournemouth University attempt to hack company systems to show weak spots.
The Centre has also hooked up with eight accredited computer security companies in the region who will take firms through a process whereby they can achieve Cyber Essentials Certification for £295.
Roz Woodward, co-founder of Securious in Exeter – one of the eight – listed the five essential steps that SMEs should take:
- Keep systems up to date. These updates include ‘patches’ which are often created to tackle new security threats.
- Protect systems from malware with anti-virus systems.
- Control who has access to your data.
- Secure settings, not default settings which have shared user accounts and passwords.
- A firewall.
Rob Partridge also suggested that companies consider a Password Manager, which creates new numeric and character passwords with each log-in. Rob uses one on his Google accounts.
In concluding the seminar, Sup Moore said: “If you want bespoke IT support and don’t know where to start, you’ll be shown how to access inexpensive services through new links with regional universities, or how to find a trustworthy company near you.
“We expect to have a continuing relationship with companies that sign up with us. We can’t recommend individuals so our ability to provide services is an important one.”