In the world of business travel, duty of care and security often top the list of priorities when it comes to working with the right Travel Management Company. But what about the data security of your travellers and your business – are you doing enough?

Cybercrime is a modern day threat to every business big or small. As these threats continue to grow in severity and sophistication, it is important to put in place best practices and security to ensure you are effectively safeguarding your systems.

Dependent on the business sector, the data shared can vary in sensitivity, i.e. financial services institutions deal with particularly sensitive customer data, as such their security management systems need to be comprehensive.

The security of your business does not stop at central operations, however. It filters down to all suppliers with whom you are required to share data with in order to effectively function – this includes your Travel Management Company.


You don’t need to look very far to find a headline story on top brands suffering catastrophic data breaches that seriously compromise brand reputation and dent customer confidence.

In late 2014 and the summer of 2013, Yahoo reported 2 major data breaches affecting 500 million and 1 billion customers respectively. Bot breaches are considered to be the largest in internet history due to the amount of data collected; names, email addresses, telephone numbers, addresses, security questions and answers, dates of birth and passwords.

The 2014 breach was said to have used manufactured web cookies to falsify log in credentials and gain access to accounts without the need for a password.

In 2016, mobile operator Three announced it had suffered a major data breach potentially putting millions of customers at risk. Allegedly the hackers gained access to Three’s customer upgrade database using an employee login. Although the data did not include any financial information, it did contain names, phone numbers, addresses and dates of birth.

In 2017, Sports Direct suffered an internal data breach where their workforce had personal credentials stolen including names, email addresses and phone numbers. This data was attacked through an unpatched content management system running on the open source DNN platform. Sports Direct notified the Information Commissioner’s Office but did not tell their staff as there was no evidence the data had been copied.


“The possibility of a malicious attempt to damage or disrupt a computer network or system”

Throughout the process of ensuring your own cyber security, you will no doubt need to look at that of your suppliers to ensure they are conforming to the same standards, if not your efforts could well be compromised. This is now resulting in a filtration of necessary security certifications and verifications across all co-working organisations.

  • Keep your systems up to date & clean – By ensuring your security software, operating system and web browsers are up to date, you can be confident of a clean, functioning system.
  • Make your passwords long, strong & unique – Although fairly obvious, you would be surprised how many people have the same, simple password across all systems. Best practice is a combination of capital and lowercase letters, numbers and symbols.
  • Regular data back ups – Computers do still crash, so back-ups are still essential.
  • Protect all devices – Anything that connects to the Internet will potentially be at risk.
  • Talk about the risks – Ensure your team are aware of the vulnerabilities and can effectively follow essential security measures.
  • Choose your company wisely – Consider the levels of security in place with the suppliers and third parties you are working with, such as your Travel Management Company as these are an extension of your business working with your data.


2016 was largely the year that hacking went mainstream. 2017 predicts a year of increased.

As listed by Tech Republic, here are some cyber threat predictions for 2017:

  • Cyber-offense and cyber-defence capacities will increase
  • Ransomware and extortion will increase
  • Industrial Internet of Things hacks will increase
  • Internal threats will increase
  • Business Security spend will increase
  • Security will no longer be an afterthought

For more information, Click Here


We recently teamed up with SecureWorks to complete our ISO 27001 certification. We see ISO 27001 as being the implementation of best practice in information security and promoting continuous improvement in that space, so we haven’t stopped at certification. SecureWorks is a company that is highly regarded across the financial institutions market – with Hillgate having a strong client base foothold in the financial institutions market, it was important to work with a reputable company that could deliver results. SecureWorks provides an early warning system for evolving cyber threats, enabling organisations to prevent, detect, rapidly respond to and predict cyberattacks. For more information, Click Here