It’s not only large travel operators that are at risk of getting hacked, small tour operators can often be far more vulnerable to malicious intent and less prepared to deal with the consequences.
Well over a third of hacks are targeted against small and medium sized businesses. Yet, the vast majority of such businesses do not have a plan in place to neither prevent nor rectify such attacks. This is a costly mistake.
Here are three simple ways in which you can stop your travel website getting hacked.
1. Don’t use Wordpress
A lot of tour websites are built on the popular platform Wordpress. Why? Many web designers use it because it makes their life easier. They can install Wordpress without having much knowledge of the actual backend code, install or create their own theme to give the website a unique look, and then use the Wordpress dashboard to add content. For a web design company lacking technical skill but capable of creating a nice looking design - it’s ideal. The clients don’t usually understand what’s going on in the background (the platforms codebase) and understandably only care about the look of the website and the ease in which they can add content.
So, where’s the problem?
The code that Wordpress is built on and the various plugins travel websites use are all publically available. Hackers can see this code, trawl through it and seek out vulnerabilities. As soon as a vulnerability is found your website is at risk of being hacked. Not only that but because of it's popularity, and how so many WordPress sites are not properly set up or maintained means that finding one vulnerability in WordPress means that you'll be able to hack into millions of sites for months to come which is why it's such a popular target.
Wordpress and plugin/theme authors often release periodic updates that include security patches to close vulnerabilities that have been found. The problem is, these patches are often released after the vulnerability is already being exploited, some themes and plugins are left abandoned by their authors so no patch is ever released, and even if patches are released it is up to the person managing the website to install the updates as soon as they are released.
How do you avoid this risk? Have your website built on a custom CMS platform that is more secure. For example, we have our own in-house built CMS system that is specifically tailored to travel operators, so not only is it much more intuitive to use but it doesn’t require continual updates, is more secure from hacks and is far less likely to be targeted in the first place.
2. Get an SSL certificate
An SSL certificate ensures the data travelling between the visitor browsing your website and the server your travel website is hosted on is encrypted and secure. Visitors to your website will know this because your web address will begin with https:// (with a green padlock shown) instead of http://.
Furthermore, browsers, such as the popular Google Chrome, now show an off putting ‘Not secure’ message next to web addresses that are not served using a SSL certificate.
From a security standpoint an SSL certificate is extremely prudent and considered a necessity if your web visitors fill out any forms on your website. Without an SSL certificate the data sent to your server, such as your visitor’s name, contact details and booking information is not encrypted and is susceptible to ‘man in the middle’ attacks where a hacker either steals or even alters the unprotected data before it gets to you.
SSL certificates are inexpensive and vastly improve the security of your website. Web users are increasingly aware of this and will be turned off to a website that is not secure when dealing with their sensitive data.
3. Train your staff
No matter how robust you make your website there will always be the potential for human error to cause damage to your business via your website.
Ensuring your website is secure is a necessary first step - it will no longer be amongst the low hanging fruit for those looking to exploit your website. Yet determined hackers may attempt to cause serious harm via the communication methods your website provides to would-be-travellers, such as email, contact forms and real-time chat facilities.
It is important the staff who may deal with such communications are aware of the potential risks. For example, clicking on links or downloading files sent from people posing as customers opens the door for your computer systems to be infected with malware.
The devastation caused by the global ransomware outbreak in 2017 should be an eye-opener for all to the seriousness businesses and individuals should take to their online and offline security. Having staff that are aware of the methods malicious individuals may use will help protect your business, not only financially but also with regards to reputation.
Away from your website you must make sure your computer systems are secure by ensuring they are up to date, have the recommended anti-virus software and a backup system is in place.
If you’re looking for a secure tour operator website or yo'd like us to check how secure your website is then please get in touch.
The Travel Web Design Blog