...that a UK space scientist is
predicting a three-day working week
as
we work smarter and attend meetings remotely via holograms by 2116.
DID
YOU
KNOW?
www.travelctm.co.ukTRAVEL
TRENDS
|
11
A business traveller’s computer is a very
easy target, and the National Crime
Agency (NCA) lists eight common
cyber threats:
Phishing: bogus emails asking for
security information and personal
details
Webcam manager: where criminals
take over your webcam
File hijacker: where criminals hijack
files and hold them to ransom
Keylogging: where criminals record
what you type on your keyboard
Screenshot manager: allows
criminals to take screenshots of your
computer screen
Ad clicker: allows a criminal to direct a
victim’s computer to click a specific link
Hacking
Distributed Denial of Service (DDOS)
attacks, which prevent legitimate
access to online services by
swamping the communications links
with a mass of traffic.
Hacking is the primary method for
infiltrating networks. Using specialist
software, hackers gain access to
computer networks and systems and
take administrative control of these. Such
attacks will compromise data stored on
the network – which can be commercially
sensitive – and be sold to fraudsters.
Data security is an increasingly
frequent hazard for the business
traveller, particularly because the cyber
hackers tend to focus their efforts on
the very places that business travellers
frequent: hotels and restaurants.
A recent incident at an un-named
five-star hotel in east London in March
this year highlights just how easy it is to
do. Infrastructure and security expert
Matthew Garrett of CoreOS, purposefully
hacked into the smart-controlled
property to show the vulnerability of its
systems. The hotel employed Android
tablets to control room functions but
with no authentication needed, Garrett
could control all the in-room functions,
such as lighting, TV and curtains, for
example, through his laptop. “You could
use it to monitor and track the behaviour
of guests,” he said.
Many hotels have become targets of
the hackers. Last summer it was the
turn of US president hopeful Donald
Trump’s hotel group, Trump Hotel
Collection, to succumb to hackers. Last
autumn Starwood Hotels’ payment
systems in North America fell foul of
them, and the hackers got hold of
cardholder names, numbers, security
codes and expiration dates. Several of
Mandarin Oriental’s US and European
hotels were also hit. Next it was the turn
of Hilton’s HHonors loyalty programme,
with the hackers selling account access
online to bidders.
The big noise came when TalkTalk
was attacked last autumn, when
personal customer data was hacked
from the company’s website. The
company was vulnerable as not all
of its customers’ bank details were
encrypted, which is not a legal
requirement (see blue panel).
Events around the globe mean that
everyone has to be on high alert and
encryption is the first line of action to
keep data safe. The third party providers
most corporates use to collect, store
and transport their data must encrypt
it, “on the way up, while it’s at rest in
the database and when it’s sent out,”
advises Susan Hopley, CEO of The Data
Exchange. Data is most at risk when at
rest and when in motion.
Basic security measures should
include the use of strong passwords as
a first defence against hackers and cyber
criminals, installing anti-virus software and
always downloading any software updates.
Furthermore, Dr Tynan advises the
creation of a cyber security policy
(see green panel above), or at the very
least, a set of measures for travellers.
“Passive monitoring is not enough,” he
says. “Everyone has finite resources so
allocate them to the core risks.”
Here is his list of practical steps to
reduce the risk of cyber attack:
Don’t travel with everything; prune your
laptop and only bring essential data
Check that you know where all your
data is. Particularly with cloud-based
systems it can be anywhere
Check what information you have that
could get someone tortured or killed.
You have a duty to protect it
Protect back-up copies as well as the
master copy
You need to get it right every time,
as your adversary only needs to get
it right once. However, you will fail so
have multiple layers of security in place
Ask questions of your tech people: ‘What
detection systems do we have in place?’
Advise travellers not to plug a USB
stick into their machine if they find one
If someone takes tour laptop, don’t
take it back as it could have been
uploaded with a virus
Don’t let two machines talk to each other
Don’t use the same passwords for
multiples services otherwise any attack
will be magnified across multiple channels.
“I’d encourage you to hack yourself
to find out where you’re vulnerable,”
concludes Dr Tynan. He recommends
using Kali Linux, a free security auditing
system and toolkit that will allow you
to assess the effectiveness of risk
mitigation strategies. It will put you in
the shoes of potential attackers.
YOUR LEGAL OBLIGATIONS
The legalities surrounding the
storing of financial information
falls under Principle 7 of the
Data Protection Act 1998 and
states: Appropriate technical and
organisational measures shall be
taken against unauthorised or
unlawful processing of personal
data and against accidental loss
or destruction of, or damage to,
personal data.”
CREATE AN ONLINE
SECURITY POLICY
Basic security steps to protect
business information should
revolve around a Data and
IT Security Policy outlining
acceptable usage policy, password
policy, email and file sharing
policy, remote working and
removable media policy, social
media policy, a policy on handling
customer data and your processes
for handling operating system,
web browser, anti-virus ad other
software updates. Appoint a
dedicated point of contact who is
responsible for implementing and
communicating these policies.”