Hello and welcome to our weekly travel media and technology bulletin featuring the latest developments on media and technology around the world, published every Tuesday at 06:00 BST.
In light of recent events with the BA Customer Data Breach, it seems a good idea to focus on the issue of security, both at home and on the move. So here are some tips to protect your personal accounts and data.
This is your first line of defence against hackers.
It is advisable not to use the same password across different accounts and logins as fraudulent access to one account will prompt attempts to access others.
A password should be “strong” with a combination of capitalised and lower case letters, numbers and characters that could not be easily guessed. It should not be based on any public information about you, such as family members, profession or personal interests.
There are many password managers which will generate and store complex passwords for you. Whilst these are reputable, out of personal preference, we don’t use them.
2. Two Factor / Step Authentication
Many websites and apps offer two factor/step authentication before your account can be accessed from a new computer or device.
The most common is two step authentication where a unique passcode is sent to your mobile phone before you can login from a new computer or device.
It’s far from infallible as SMS messages can be intercepted, but it does add an extra layer of security. Many websites and apps also allow the use of hardware tokens such as YubiKey.
The website Two Factor Auth details which websites and apps offer two step authentication.
Frustratingly, neither ba.com nor the BA Executive Club offers this.
3. Public Computers & Networks
Avoid accessing sensitive personal accounts on public computers or through networks where you cannot be confident of their security.
There was a time when access to public WiFi in hotels and cafes was considered a necessity when abroad. With the availability of 4G (and soon 5G) mobile networks, our preference is to have a mobile data plan that includes unlimited worldwide data. Security standards on public WiFi networks can vary widely and our preference is to forget them.
If you are using public WiFi, use a reputable Virtual Private Network “VPN” to secure your connection. These will often flag security issues with specific WiFi networks.
With the rise of personal devices, use of public computers in airline lounges and hotels has become less common. Many also do not have the most up to date software. If you do use these, you should always access personal accounts through a secure https (not http) connection in your browser – you should see a padlock in the address bar. Some browsers will also mark http connections as “Not Secure”. Always make sure you log out afterwards.
4. Software Updates
Apple, Microsoft and app developers all issue very regular software updates.
Although not always explicitly mentioned, these do include security updates as well as updates to software functions. Always run these on your personal devices as soon as they become available.
5. Be alerted to data breaches
As we saw last week with BA, large scale data breaches occur.
The website Have I Been Pwned can advise you whether your e-mail address has been included in any historical breaches. You can also be set-up to be notified of any future breaches.
6. Check personal accounts regularly
Always check frequent guest and hotel accounts regularly for any suspicious activity.
As you would with statements from banks and credit card companies, review periodic account statements from airlines and hotels. Frequent guest and flyer accounts have been subject to hacks and thefts of points and miles.
Facebook, Google and Microsoft also allow you to run security audits to review recent login activity.
7. Phishing e-mails, texts & pop-up windows
Be aware of “phishing” e-mails, texts and pop-up windows.
Always treat any unsolicited correspondence with caution. Banks, airlines and hotels will never e-mail or text you requesting your personal details. Also be aware of e-mails and texts in respect of bookings that you do not recognise. Or e-mails containing attachments as airlines and hotels do not generally send booking details via attachment. If any doubt, go directly to the airline or hotel website via your browser, rather than following the link in the e-mail. Do not reply to known phishing e-mails as this will only indicate that your e-mail address is genuine.
If you receive an unsolicited telephone call, take their number and call back (after searching for the number) from a different line. Similarly, with text messages, search for the number before taking any action. Many banks provide lists on their websites of their official text message and telephone numbers.
Unexpected pop-up windows advising that your computer has been compromised, with a telephone number to call to resolve the matter, are likely to be nefarious in their intentions.
If you see competitions and surveys purporting to be from well known brands on social media, always check back to their official accounts and pages to verify they are genuine.
BA publishes details of known phishing scams on its website.
8. Don’t give away personal information!
This the number one reason why non-spam comments are deleted on this site!
Frequent flyer account numbers, boarding pass barcodes, booking reference numbers are sensitive personal information and should not be disclosed online. We still keep seeing these posted on Instagram!
9. Keep up to date with internet security
As with any professional field, knowledge about internet security is continuously evolving. Good sources of information are:
– The UK’s national fraud and cyber crime reporting centre Action Fraud
– Get Safe Online has a lot of general advice about online security.
– The Information Commissioner’s Office which investigates data breaches.
– Security industry commentator Graham Cluley.
Our weekly Travel Media & Technology Bulletin is published every Tuesday morning at 06:00 BST. If you have any comments or suggestions, please e-mail us at mail [at] londonairtravel.com