Over four in ten SME businesses (43%) and seven in ten (72%) of large companies in the UK experienced online data attacks last year according to a 2018 governmental Cyber Security Breaches Survey. The travel sector has also seen its fair share of high-profile data breaches involving the hacking of customer credit card information, passport details and personal information.
Cyber-attacks not only cost money and threaten the loss of existing customers, they also cause immeasurable brand and reputational damage.
As a leading independent travel management company (TMC) with a large and varied client base, Blue Cube Travel handles significant amounts of sensitive data on behalf of its clients. Robust cyber security systems and processes to protect that data and stay ahead of the ever-present threat from hackers are critical to the continued success of Blue Cube’s business.
That is why Blue Cube has invested in working with leading cyber security consultancy CNS for the last two years. CNS implemented Aegis, a benchmarking tool that measures and scores the TMC’s cyber security maturity against standards such as PCI DSS, ISO 27001 and Cyber Essentials Plus.
“Crucially CNS and Aegis enabled us to identify any potential risks and prioritise areas where we needed to focus on bolstering our cyber security,” said Kevin Trill, Blue Cube’s Director of Technology and Transformation. “We now have a multi-layered approach in place to deal with the vast array of existing and future cyber threats in the digital world. For example, our new online booking tool, launched last year, is fully PCI DSS compliant.”
Blue Cube has also enhanced safety for sending and receiving sensitive data via email by implementing message encryption and the internet email standard DMARC (Domain-based Message Authentication, Reporting & Conformances). This means Blue Cube staff have the ability to encrypt emails sent to clients if required.
“Our customers need to be confident that emails they receive from us are genuine and cannot be tampered with,” explains Kevin Trill. “These enhancements ensure identification of fraudulent emails, and when needed, secure message encryption to protect sensitive information.”
Mel Phaure, Director and Co-founder of Blue Cube adds: “We have built up a very successful business over the last 15 years with a reputation for providing exceptional personal service. To suffer a cyber breach would be hugely detrimental. We believe Blue Cube has gone further than any other similar-sized TMC in ensuring clients’ data is safe. Meeting and surpassing not only what clients require, but also what GDPR regulations require, is essential to our continued growth.”
The strategy is certainly paying off. Blue Cube is now being asked to bid for prospective clients where PCI and cyber security are a critical element of the tender process.