Consider the lowly login. For black hats it can be the key to your information kingdom
Most of us who use computers, smartphones and other devices – and that’s most of us – don’t think much about our passwords. Or if we do, it’s an emotion akin to terror as we realize that the password we thought went with that device is the wrong one, and we’re locked out.
So we make life easy on ourselves and use the same password on all our devices and all our accounts. Not only that, but we keep the same passwords for years at a time. After all, once we’ve committed it to memory, it’s hard to change. That’s why for so many of us, our password is ‘password’ or ‘123456’ or maybe even ‘ ’ (no password at all).
Experienced business travelers, by and large, know a thing or two about personal security on the road – at least to a greater extent than the occasional leisure travelers. Road warriors maintain a watchful eye on their surroundings; they’re familiar with areas to avoid in the cities they visit; they understand how to keep themselves out of trouble.
But when it comes to maintaining the security of data and devices, many business travelers play Russian roulette with that vital link to their cyberpresence. And they are not alone; according to recent research by Kapersky Lab in conjunction with B2B International, only 11 percent of employees are concerned about keeping work files on mobile devices safe.
But while another survey in the UK found that 60 percent of senior management in the sensitive finance and insurance industry consider cyber security a very high priority, the same survey found only 15 percent of high-level managers in the hospitality and food sectors place a very high priority on cyber security.
“Business leaders cannot afford to be just concerned or treat it as another risk management exercise,” cautions Darren Best, managing director of London-based property managers SavoyStewart.co.uk which sponsored the research. “Adequate governance and employee education on cyber security can go a long way in protecting a business’s key capabilities and functions.”
Security SmartsPart of the employee education is eliminating human error from cyber security procedures, says Todd Thibodeaux, CEO of CompTIA. Much of the vulnerability in information technologies results from people clicking on phishing e-mails, opening WiFi in sketchy situations and not safeguarding – and frequently changing – passwords.
“Carelessness about where you’re browsing, what you’re doing and where you’re using credit or debit cards online can put you at tremendous risk,” Thibodeaux warns. He cites the breach of Target’s systems a few years ago. “The hacker was able to get into the company’s payment processing system because the IT staff had not purged old accounts. A consultant who’d had an account set up was never purged from the system after his work was finished. The hacker found the username and password and was able to get in and cause all kinds of problems.”
More recently, Canada’s Office of the Privacy Commissioner has reported several companies which suspect their systems were accessed by individuals using valid customer or employee login data. It's believed the criminals had obtained the data from previous, unrelated breaches that resulted in username and password combinations being published online.
"There's a simple way for individuals to prevent these types of password reuse breaches: Don't reuse passwords," OPC commissioner Daniel Therrien says.
"Businesses also have a role to play. They should require employees to change their work passwords if they've ever used the same one elsewhere. Companies should also remember that an employee's password should not be their only line of defense against online intruders."
Besides not using the same password for different websites, accounts and devices, the OPC cautions users to consider several best practices when selecting passwords:
• Avoid obvious choices such as mother's maiden name, child's name, pet's name or any other reference someone may be able to guess through information you have posted elsewhere;
• Make passwords eight or more characters;
• Use a combination of letters, numbers and symbols;
• If you need to write them down to remember them, keep them offline in a secret, secure, locked place.
While writing the passwords down may be the surest low-tech way of remembering how to crack the code, it still comes with drawbacks – like misplacing the piece of paper. A slicker alternative is a password manager, which installs as a browser plug-in and captures your existing passwords in a secure ‘vault’ that you access with a single password.
However your public-facing passwords on the secure sites you visit are the ones that are automatically filled in. They should be as complex and unmemorable as you can make them; the password manager will remember and access them whenever you visit your bank, credit card, company e-mail or any other account you want to keep the bad guys out of. It’s up to you to remember only the password that unlocks the ‘vault.’
Among the most widely used password managers are LastPass 4.0, Dashlane 4, Roboform 8, Password Boss and Logmeonce, along with many others. Some come in free limited-use versions with paid upgrades available offering more bells and whistles; pricing for the feature-rich upgraded versions range from $12 to under $50.
There is one caveat however: It’s still on you to keep the password manager’s password secure. Apparently some phishing scams have already surfaced trying to lure the user to reveal their password manager’s secret.
SHORT STORIESDelta Launches Test of Biometric Boarding Delta Air Lines’ customers now can use fingerprints instead of their boarding passes to board any Delta aircraft at Reagan Washington National Airport. The airline’s biometric boarding pass trial that launched in May at the DCA Delta Sky Club is now integrated into the boarding process.
It allows eligible Delta SkyMiles Members who are enrolled in CLEAR to choose fingerprints as proof of identity to board their plane instead of a paper or mobile boarding pass. Delta is partnering with CLEAR to power the back end of the biometric boarding pass test. The final phase of the test, coming this summer, will allow members to also use their fingerprints to check a bag.
"Once we complete testing, customers throughout our domestic network could start seeing this capability in a matter of months – not years,” according to Gil West, Delta's senior executive vice president and COO.
Participating in the test is optional.
GroundLink Unveils BRIO Technology for Managed TravelGroundLink, a global black car service, has unveiled BRIO, its new technology platform exclusively for managed business travel. The company says BRIO links travelers with their travel arranger and automatically saves their history and preferences. Arrangers can book multiple rides in one seamless step with linked airport and return rides.
The new booking tool, which will be available this fall, also provides full visibility of both real-time travel and past travel details. BRIO allows the traveler to switch between business and personal accounts. At the same time, the platform provides the arranger with transparency into the company's complete ground transportation spend along with its expense management functionality.
Emirates Introduces Facial Recognition TechnologyEmirates is introducing facial recognition technology at its Dubai International Airport hub to shorten passenger wait times at immigration and check-in counters. Passengers will be able to upload biometric details as “selfies” to their smartphones and use the data to scan through boarding gates and other checkpoints at Emirates’ Dubai hub, the carrier said in a statement.
The technology, which will be rolled out over the next 18 months, will also facilitate access to immigration counters. Using a facial recognition solution integrated with the UAE Wallet, travelers will be able to register and store their biometric data through multiple means, including by taking a selfie on their mobile phones, as well as using biometric registration kiosks placed at check-in areas and Emirates Lounges. They can then use this biometric data to speed up their passage through immigration at Terminal 3 Departures, and later, at other touch-points throughout the airport.
Business Travelers Want to Use All Mobile DevicesTwo thirds of business travelers want to manage and book their business travel on every mobile device (including laptops and ‘wearables’ like the Apple watch), not just on their smartphones. In addition, according to a new survey from Egencia, the business travel subsidiary of Expedia, fully 50 percent of global respondents would avoid human interaction on the road unless they were having a problem.
Among the other findings: nearly half (48 percent) would like to use text to update their travel arrangements (higher among US business travelers at 63 percent); and 43 percent believe artificial intelligence will help improve their travel experiences (higher among US business travelers at 55 percent). The survey also found that 70 percent of business travelers find business trips “more enjoyable than everyday work life.”
Chrome River & Lyft Roll Out Automatic Receipt SystemExpense and invoice management solutions provider Chrome River has launched an automatic receipt forwarding system for Lyft passengers using a business profile.
Anyone can create a Lyft business profile by adding a work e-mail address in the Lyft app or online. Once the business profile is enabled, users select Chrome River as their expense management provider within the account settings. Receipts from rides taken under the user’s business profile account are automatically sent to their Chrome River expense account without the need for any additional input. Chrome River then converts this data into an expense item, ready for submission.
Companies can sign up for a free Lyft for Business account and invite their employees to take advantage of the integration, as well as offering options for payment of employees rides.
American Airlines to Deploy 3-D Scanners for Carry-onAmerican Airlines is spending $6 million to buy 3-D scanners for carry-on bags and will deploy them at eight airports once the machines get fully certified by the TSA, which is currently testing the scanners. These machines not only give TSA agents a clearer view of potential problems in bags, including explosives, but they are designed to go twice as fast when checking carry-on bags.
"We are always looking at ways to invest in technology that enhances global aviation security while improving the customer experience," says Kerry Philipovitch, American Airlines senior vice president of customer experience.
Cvent Introduces New Event Website Design ToolCvent has introduced Cvent Flex, a tool for meeting planners to build, design and manage their event websites and registration process. According to the company, Cvent Flex simplifies the website experience in several ways, including drag and drop interface that makes it easy to generate and place content, more control over design and graphics and customized registration options.
Cvent Flex is currently available through an early adopter program, and will be made available to all customers over the next year. “The event website is often the first interaction attendees have with an event, long before they arrive onsite,” said David Quattrone, chief technology officer for Cvent. “Ensuring that the site is easy to use, and aligns with the brand’s image, reflects well on the organization and the event, as well as informing and exciting the attendee.”
Study Finds Hotel Guests Expect Immediate CommunicationGuests now expect hotels to initiate communication once a booking is confirmed. In fact, according to a new study from TrustYou, a feedback platform for the hospitality industry, 80 percent of travelers expect to receive correspondence from the hotel.
The research found that a vast majority prefer digital communication, with e-mail the most frequently used medium. However, according to the survey, there is a significantly higher correlation between guest satisfaction for those guests who have communicated with a hotel via messaging (such as SMS or Facebook Messenger), compared with those who communicate via e-mail.
Online Hotel Scams Rising According to Industry StudyAccording to American Hotel & Lodging Association research, online hotel booking scams are rising. The study showed that in 2015, just 6 percent of American travelers reported having booked on what they thought was a hotel’s official website, only to find they had booked on a fraudulent site. Just two years later that number had quadruped to 22 percent – amounting to 55 million bookings costing $3.9 billion.
The AH&LA study also showed that a great majority of consumers are unaware that when they comparison shop OTA’s like Kayak, Trivago, Hotels.com, Booking.com, etc., they are actually dealing with two companies – Priceline and Expedia. As a result, AH&LA launched a “Search Smarter” awareness campaign that encourages travelers to book directly with a hotel or with a trusted travel agent.