Digital Public Services

Although tourism companies were already showing a high level of technological implementation, the pandemic and the new situation it has created have led to an acceleration of the industry’s digitalization process, with the aim of improving convenience, security, and confidence for customers.

This trend has led to the introduction of touchless or “zero contact” solutions, such as online check‑in/check‑out and doors that open automatically. One key aspect of this process has been the development of applications using technologies based on big data and artificial intelligence, such as machine vision that can be used to identify individuals, calculate capacities and personal distances, detect the use of masks, measure body temperatures, etc. This information is then used to generate a heat map to determine who has been in particular area of a hotel.

The main risks that tourism companies are facing are those that can affect apps, remote access, and Wi‑Fi systems, potentially leading to theft of sensitive data or information. Some of the most common problems include malware campaigns, especially those focused on phishing, with theft of customer data in the form of credit card numbers, loyalty program information, and personal data. It is also worth emphasizing that ransomware was one of the primary threats during the past year.

For any company, a cyberattack can present not only the risk of a major financial impact, but it can also cause reputational harm and even loss of customers.

Every company needs a good strategy that can ensure that its systems and infrastructure are protected. This can be done through a series of measures such as penetration testing (pentesting), secure Wi‑Fi, network perimeter security, data protection, secure cloud access, security by design (SecDevOps), and security diagnostics that can provide an early warning for potential threats.

In many cases, employees with a lack of awareness and training on the subject of security can act as a gateway for a wide range of cyberattacks.

However, having an awareness-raising plan can reduce the possibility that a company’s employees will permit a malware incident by up to 90%. This is achieved through a four‑step program:

• Simulated phishing to analyze the probability of success for a real attack (Assess)
• Interactive training modules (Educate)
• A tool for reporting phishing incidents (Reinforce)
• Reporting on results (Measure)

One way to provide the expert knowledge an organization needs is through what is known as CISO as a Service, which can also provide the effort required for proper execution during specific peaks in demand.

It is also important to remember that under the European Union’s General Data Protection Regulation (GDPR), information leaks can lead to substantial fines, ranging from 4% of annual revenue up to €20 million.

This means that to avoid a serious shock, it is important to be aware of the contents of this legislation and ensure compliance with it. A compliance audit can help determine the distance between a company’s current situation and the desired one, in view of the laws and regulations in effect. It can also be used to evaluate the structure of an organization’s documentation and procedures. To do this, the desired reference framework is first established, then a gap analysis is performed to identify percentages of compliance.

Solutions based on data masking can greatly improve security during testing and also in relation to data protection. This approach can also ensure that stable, reliable, and relational data is obtained, while reducing security costs and improving efficiency with fewer records. It also enables testing that can be generated quickly, fast processing, and flexibility and quality for the development process.

The use of Robotic Process Automation (RPA) has also become an indispensable part of the tourism industry’s digital transformation.

The ability to automate routine administrative procedures, such as taking reservations, recording passenger names, validating information, and managing returns and refunds, can have a direct impact not only in terms of saving time that would otherwise be dedicated to these tasks, but also by reducing human error and improving the customer experience. Employees can focus their attention on providing value to the customers, while letting the bots handle the preliminary data work.