...that a UK space scientist is

predicting a three-day working week

as

we work smarter and attend meetings remotely via holograms by 2116.

DID

YOU

KNOW?

www.travelctm.co.uk

TRAVEL

TRENDS

|

11

A business traveller’s computer is a very

easy target, and the National Crime

Agency (NCA) lists eight common

cyber threats:

Phishing: bogus emails asking for

security information and personal

details

Webcam manager: where criminals

take over your webcam

File hijacker: where criminals hijack

files and hold them to ransom

Keylogging: where criminals record

what you type on your keyboard

Screenshot manager: allows

criminals to take screenshots of your

computer screen

Ad clicker: allows a criminal to direct a

victim’s computer to click a specific link

Hacking

Distributed Denial of Service (DDOS)

attacks, which prevent legitimate

access to online services by

swamping the communications links

with a mass of traffic.

Hacking is the primary method for

infiltrating networks. Using specialist

software, hackers gain access to

computer networks and systems and

take administrative control of these. Such

attacks will compromise data stored on

the network – which can be commercially

sensitive – and be sold to fraudsters.

Data security is an increasingly

frequent hazard for the business

traveller, particularly because the cyber

hackers tend to focus their efforts on

the very places that business travellers

frequent: hotels and restaurants.

A recent incident at an un-named

five-star hotel in east London in March

this year highlights just how easy it is to

do. Infrastructure and security expert

Matthew Garrett of CoreOS, purposefully

hacked into the smart-controlled

property to show the vulnerability of its

systems. The hotel employed Android

tablets to control room functions but

with no authentication needed, Garrett

could control all the in-room functions,

such as lighting, TV and curtains, for

example, through his laptop. “You could

use it to monitor and track the behaviour

of guests,” he said.

Many hotels have become targets of

the hackers. Last summer it was the

turn of US president hopeful Donald

Trump’s hotel group, Trump Hotel

Collection, to succumb to hackers. Last

autumn Starwood Hotels’ payment

systems in North America fell foul of

them, and the hackers got hold of

cardholder names, numbers, security

codes and expiration dates. Several of

Mandarin Oriental’s US and European

hotels were also hit. Next it was the turn

of Hilton’s HHonors loyalty programme,

with the hackers selling account access

online to bidders.

The big noise came when TalkTalk

was attacked last autumn, when

personal customer data was hacked

from the company’s website. The

company was vulnerable as not all

of its customers’ bank details were

encrypted, which is not a legal

requirement (see blue panel).

Events around the globe mean that

everyone has to be on high alert and

encryption is the first line of action to

keep data safe. The third party providers

most corporates use to collect, store

and transport their data must encrypt

it, “on the way up, while it’s at rest in

the database and when it’s sent out,”

advises Susan Hopley, CEO of The Data

Exchange. Data is most at risk when at

rest and when in motion.

Basic security measures should

include the use of strong passwords as

a first defence against hackers and cyber

criminals, installing anti-virus software and

always downloading any software updates.

Furthermore, Dr Tynan advises the

creation of a cyber security policy

(see green panel above), or at the very

least, a set of measures for travellers.

“Passive monitoring is not enough,” he

says. “Everyone has finite resources so

allocate them to the core risks.”

Here is his list of practical steps to

reduce the risk of cyber attack:

Don’t travel with everything; prune your

laptop and only bring essential data

Check that you know where all your

data is. Particularly with cloud-based

systems it can be anywhere

Check what information you have that

could get someone tortured or killed.

You have a duty to protect it

Protect back-up copies as well as the

master copy

You need to get it right every time,

as your adversary only needs to get

it right once. However, you will fail so

have multiple layers of security in place

Ask questions of your tech people: ‘What

detection systems do we have in place?’

Advise travellers not to plug a USB

stick into their machine if they find one

If someone takes tour laptop, don’t

take it back as it could have been

uploaded with a virus

Don’t let two machines talk to each other

Don’t use the same passwords for

multiples services otherwise any attack

will be magnified across multiple channels.

“I’d encourage you to hack yourself

to find out where you’re vulnerable,”

concludes Dr Tynan. He recommends

using Kali Linux, a free security auditing

system and toolkit that will allow you

to assess the effectiveness of risk

mitigation strategies. It will put you in

the shoes of potential attackers.

YOUR LEGAL OBLIGATIONS

The legalities surrounding the

storing of financial information

falls under Principle 7 of the

Data Protection Act 1998 and

states: Appropriate technical and

organisational measures shall be

taken against unauthorised or

unlawful processing of personal

data and against accidental loss

or destruction of, or damage to,

personal data.”

CREATE AN ONLINE

SECURITY POLICY

Basic security steps to protect

business information should

revolve around a Data and

IT Security Policy outlining

acceptable usage policy, password

policy, email and file sharing

policy, remote working and

removable media policy, social

media policy, a policy on handling

customer data and your processes

for handling operating system,

web browser, anti-virus ad other

software updates. Appoint a

dedicated point of contact who is

responsible for implementing and

communicating these policies.”