FEDHASA – Cybersecurity FAQs

FEDHASA – Cybersecurity FAQs

Are you doing enough to safeguard your business? Have you trained your staff on cybersecurity best practices? Are you performing daily data backups? Is your company’s antivirus software up to date? Do you have cyber insurance?  

We’ve compiled a FAQ guide and a few other helpful resources to get your company’s cybersecurity on track.  

Remember, a breach in cybersecurity can cost you more than just data, it can cost you trust. It can even cost you your business.  

Don’t wait for a cyberattack to happen. Fortify your defences and stay one step ahead. 

  1. What are the vulnerable areas for hospitality businesses when it comes to handling information?

Navigating the realm of POPIA (Protection of Personal Information Act) can be challenging, and businesses must understand the pressure it imposes on them.

In the wake of GDPR (General Data Protection Regulation) coming into effect in the UK and Europe, businesses scrambled to adapt to the new regulations and requirements. Consequently, cybercriminals worked tirelessly to exploit potential vulnerabilities in systems.

Any location where data is stored or transferred presents a potential target for attacks. For instance, if your website collects and stores data, it becomes an attractive entry point for hackers.

It’s crucial to note that the individual responsible for collecting the data becomes its custodian and is responsible for its protection.

  1. What can be done to safeguard information?

Various tools are at your disposal, such as encrypted secure networks for transferring data. Encryption makes it extremely difficult for hackers to access information. That said, the most critical step educating your employees regarding cybersecurity best practices. This education must be ongoing in keeping with changes to tools, software, hacking advancements, etc.

  1. My company has been hacked – how will my insurance company investigate the breach?

It’s up to the insurance company to determine whether you, as the business owner, did everything you could to prevent an attack. Areas of investigation could include:

  • Employee training: The most vulnerable point in cybercrime is always the human element. It’s crucial to educate your team members on how to recognise phishing attacks, the importance of a strong password strategy, and the use of multi-factor authentication.
  • Endpoint protection: The insurance company will look into the antivirus software your employees use and whether this software has been consistently updated. They’ll also investigate whether data encryption is in place. 
  • Proactive cybersecurity posture: Cyber criminals are strategising around the clock. Your insurance provider expects you to stay up to date with cybersecurity prevention and tools. They’ll want to confirm you have a comprehensive approach to on-site cybersecurity.
  • Risk mitigation strategies: The insurance company will investigate your risk mitigation framework for off-site risk factors, including data leaks or web-based exposures.
  1. Is cybersecurity expensive?

Cybersecurity is very affordable if you choose the right tools. Rest assured there are many available designed specifically to protect small businesses. Don’t assume you’re not a target simply because you’re not running a large organisation. It’s that precise assumption that makes many small businesses easy targets!

Nowadays, small businesses are high up on a hacker’s radar. Skilled hackers can infiltrate millions of small businesses in a single hit – part of the reason why South Africa loses R2.2-billion annually to cybercrime.

  1. Will insurance cover me for cybercrime?

Yes – but it’s important to read the fine print. The right insurance provider will provide you with access to an IT forensic team, legal experts to assist with liability issues, and a reputation management team to help repair brand reputation damage.

Your plan will also likely encompass aspects such as sub-extortion. The dedicated team will engage with the cyber attackers in the event of a ransom demand arising from ransomware. They will ascertain whether the hackers possess the data they purport to have and aim to reduce the ransom to the lowest possible amount.

Simultaneously, the team will operate behind the scenes attempting to decrypt the affected systems to restore operations as quickly as possible. If decryption proves unsuccessful, the policy will extend to cover the cost of the ransom payments.

Your plan should also address the direct consequences on your business. It should offer coverage for downtime and additional resources required due to business disruption.

What is the course of action in the case of customer repercussions, such as ticket holders or those with reservations that may have been nullified due to the cyberattack? The policy will assist you in legal representation for any resulting liability issues and cover any compensation or settlement expenses that may arise.

  1. I’ve been hacked, but I don’t have insurance – what now?

It’s a scary situation where you’ll need to rely on your data backup. There’s a chance for recovery if your backup is properly updated and unaffected by the attack or ransomware.

  1. How often should a business operating in the travel and tourism industry update its backup data?

Daily updates are recommended. Luckily, thanks to cloud-based backup platforms, this isn’t a difficult ask.

Automated backups are best practice for an organisation collecting or transacting large amounts of data. After all, you won’t be able to transact if you lose data due to a cyberattack or your business falls victim to ransomware.

  1. What data are hackers actually looking for?

Usually, it’s all about getting hold of personal details. While banking data is obviously the jackpot for hackers, even a database of names and emails is considered valuable as it can be used to implement profitable phishing scams.

  1. If I delete data on my PC, is it really gone?

No. Deleting sensitive data isn’t enough. It’s best to utilise shredding and data destruction tools designed for the job.

  1. Who is responsible if personal data held by a third-party service provider is hacked?

The third-party service provider that collected the data is the data custodian. Therefore, liability will be on the provider.

SATIB and ASATA hosted webinars on Cybersecurity. You can view these below.


Webinar: Cybersecurity in the COVID-19 work-from-home age


More News

International Market Access Support Programme-Individual Support

In line with efforts to open and facilitate access to new and existing markets and considering the high costs associated with exhibiting and participating at tourism trade platforms outside of South Africa, the Department of Tourism invites eligible tourism enterprises to apply for support under the International Market Access Support

Read More »

We look forward to celebrating with you

The FEDHASA Hospitality Awards are designed to formally recognise and celebrate the exceptional contributions of companies and individuals in South Africa’s dynamic hospitality industry.