The latest data from the International Passenger Survey by the ONS 2019 & 2022 has revealed that over £9.1 billion was spent between July-September 2022 by visitors to the UK. This is a significant increase compared to the £1.8 billion in the same period during 2021.

The South East was the region with the highest spend from those travelling for tourism and leisure and also the most visited region behind London in this period.

Brighton Pier

As we head into the peak period for the travel and tourism industry, companies in the industry will be gearing up to open their doors to visitors from across the world.

The one visitor you don't want to open your door to is online criminals looking to steal your profits and customer data.

To help you prepare your employees, systems and devices for the pending peak summer season, we have pulled together 8 simple top tips for you to follow. You can find these below:

Tip 1: Make sure you switch on password protection Set a password, PIN, fingerprint or face ID to unlock your device. Make sure that your office equipment (so laptops and PCs) all use an encryption product (such as BitLocker for Windows) using a Trusted Platform Module (TPM) with a PIN, or FileVault (on macOS) in order to start up. Most modern devices have encryption built in, but encryption may still need to be turned on and configured, so check you have set it up.

Tip 2: Use two-step verification for all accounts If you’re given the option to use two-step verification (also known as 2SV) for any of your accounts, you should do; it adds a large amount of security for not much extra effort. 2SV requires two different methods to 'prove' your identity before you can use a service, generally a password plus one other method. This could be a code that's sent to your smartphone (or a code that's generated from a bank's card reader) that you must enter in addition to your password.

Tip 3: Avoid using predictable passwords Avoid using predictable passwords (such as dates, family and pet names). Avoid the most common passwords that criminals can easily guess (like 'passw0rd'). Don't re-use the same password across important accounts. If one of your passwords is stolen, you don’t want the criminal to also get access to (for example) your banking account.

Tip 4: Use a password manager Consider using password managers, which are tools that can create and store passwords for you that you access via a 'master' password. Since the master password is protecting all of your other passwords, make sure it’s a strong one, for example by using three random words.

Tip 5: Change all default passwords One of the most common mistakes is not changing the manufacturers' default passwords that smartphones, laptops, and other types of equipment are issued with. Change all default passwords before devices are distributed to staff. You should also regularly check devices (and software) specifically to detect unchanged default passwords.

Tip 6: Train your staff to be able to identify phishing emails - Phishing remains the most common type of cyber-attack - affecting 79% of businesses in 2023 - and results in the largest financial losses for companies.

Phishing is a tactic used by criminals who try and trick you into clicking a bad link that can download malware or try to encourage you to hand over passwords or account details.

• No legitimate company will send emails using ‘@gmail.com' or ‘@hotmail.com'.
• Look at the email address, not just the sender. Do they match?
• Check the spelling and grammar, are the domain, name, sender's name and signature spelt correctly?
• Did you expect to receive the email or attachment? Don't open an attachment unless you are fully confident that the message is from a legitimate contact or company.

Tip 7: Make sure that your computer firewall is enabled - Switch on your firewall (included with most operating systems) to create a buffer zone between your network and Internet. A firewall monitors incoming and outgoing network traffic to prevent unauthorised access to your network.

Tip 8: Take regular backups of your important data, and test that they can be restored - Remember to back up your data either in the cloud or on an external drive that isn't connected to the network.

Recovering your data should you become the victim of a ransomware attack is imperative to keep your business running.

How can The South East Cyber Resilience Centre help SME's to tackle the threat posed by cybercrime?

We provide many free resources designed to improve your #online security, from checklists to Incident Response templates, there's something for everyone. Get yours today and receive our FREE welcome pack here https://www.secrc.police.uk/free-information-pack

We hope this will be useful for you but if you have any further questions or would like to know how we can help your business, please get in touch.