Travel companies were hit by one data breach after another last year – firms including Marriott, British Airways, Delta Air Lines and travel booking site Orbitz.
Marriott estimates that as a result of its breach – in which the reservation database of Starwood-branded hotels in its portfolio was hacked – 383 million guest records could have been affected and 5.25 million unencrypted passport numbers were possibly compromised. And experts expect breaches in the travel sector will continue.
“Travel companies are a prime target of cyber thefts” because they have “highly sensitive, personally identifiable information,” said Eva Velasquez, chief executive of the Identity Theft Resource Center, a national non-profit organisation in San Diego that supports victims of identity theft and seeks to broaden public awareness.
But travellers do have options to protect their information.
DON’T BE YOURSELF
Bruce McIndoe, president of WorldAware, a risk management company, recommends creating a “digital persona” when booking travel or making other online transactions. This can include setting up a new, disposable phone number using a service like Google Voice and RingCentral to screen any calls based on caller ID, and to forward these to the phone number that you want to protect.
McIndoe also suggests creating what he calls a throwaway email address, to be used only when booking online, to protect your actual personal or work email from theft. You can also keep your home and work addresses private with a service like iPostal1.com, PhysicalAddress.com and PostScanMail.com, which can create a new mailing address for you.
There are many steps you can take to protect any device you bring on business trips. If you work for a large company or service provider, like a law or accounting firm, your employer may be able to provide clean devices, even some with special protections appropriate for whatever destination you visit.
Before leaving on a trip, Sam Rubin, a vice president of the Crypsis Group, a cyber security consulting firm, advises all travellers, regardless of the size of their employer, to make sure their laptops are encrypted, via software like BitLocker for Windows laptops or Filevault for Macs.
He also suggests backing up data regularly, installing application updates and deleting unneeded and old data from devices.
The Global Business Travel Association, a trade group for corporate travel managers, suggests using a privacy filter on your laptop and tablet screen when you’re travelling. To prevent theft, lock your devices when you’re not using them, through a PIN, password protection or physical locks and alarms.
The group also recommends using a juice-jack protector – attached to the end of your USB cord – to protect against data skimmers when you plug the cord into a public charging station. If you bring your own charging device, you won’t need a public charger.
Experts strongly recommend not connecting to unsecured public Wi-Fi systems anywhere in the world, not only at coffee shops like Starbucks but also in airports and hotels, among other places.
If you must use these, Si-Yeon Kim, chief risk and compliance officer of American Express Global Business Travel, suggests minimising the number of documents you open, and being careful of whatever information you transmit.
When it comes to working online, Rubin advises using two-factor authentication on all Internet-accessible accounts. He suggests locking and password-protecting your mobile phone and configuring it to automatically lock after a period of inactivity, and using secure passwords, with a different password for each device and account. Password managers like LastPass and Keeper can help you remember and manage these.
BCD Travel, another travel management company, advises against posting pictures online of your itineraries, tickets or boarding passes. It also urges travellers to never leave their boarding passes and tickets on an air plane or in a hotel room, and to shred these once you’ve used them – all steps to keep cyber thieves from obtaining your travel details.
By Jane L Levere © 2019 New York Times