Categories
Business Travel Travel Management

What Common Password Mistakes Are Putting You At Risk?

Is your password still your birthday? Do you get that guilty feeling every time you use it, swearing you’ll be more creative next time you login? For good or bad, you’re not alone. 91% of people in a recent survey said they knew they shouldn’t reuse passwords, but 59% continue to do so.  Unfortunately, we live in a time when data breaches are part of the norm. In fact, in the time it takes to finish this sentence, there will be approximately 280 data records stolen. Not only are you putting yourself at risk, but your company and coworkers as well. It’s time to stamp out those nasty password mistakes and start on the right foot.

The most common password mistakes

  • Thinking a weak password is ok for some accounts. You may be thinking that hackers are more interested in your PayPal account than your FitnessPal. And you’re right — for the most part. Hackers will often start with a login on a less important account as a way to climb the ladder to your more valuable accounts. Users should be aware that every login is important for a hacker, whether it’s your banking password or online shopping account.
  • Reusing passwords, especially from home to office. Turns out slight adjustments to your tried-and-true password is not enough of a change to thwart off hackers. It becomes even more problematic when you use the same passwords across personal and business accounts. Once this gap is breached, confidential information for your business, coworkers and even clients may be exposed. For example, an employee of Dropbox reused a personal password, ultimately leading to the credentials of over 60 million accounts being seized.
  • Sticking to the default password. Always remember to change any new logins created by your tech department. ‘Admin’, ‘password’, or ‘12345’ might be easy to remember, but it’s not worth the risk. Plus, it’s often the first words hackers try.
  • Not using two-factor authentication when available. You have likely used this process recently. It requires a second verification to log into an account, typically it’s an additional pin sent to your phone or fingerprint scan. This added step in security ensures that no one other than you will be able to access your account. If given the option, always activate the two-factor verification process.

Tricks to creating a secure password that you’ll actually remember

If you’re anything like the majority of people, you should probably update your passwords. The hurdle for most people is the fear of forgetting their new password. In fact, the same study found that only 55% of victims change their password after they discovered they were hacked. The truth is, secure password habits is actually pretty easy to learn and utilize. The trick to a hard-to-crack password is one that is unique, easy for you to remember, but also hard to guess. Just follow our tricks below and you’re accounts will be like Fort Knox in no time.

  • Make passwords lengthy and complex. A secure password should contain at least 12 characters, with uppercase and lowercase letters, as well as numbers and symbols.
  • Avoid using painfully obvious passwords, or commonly used words in passwords. For example, ‘12345’, ‘asdfghjkl;’, or ‘password’.
  • Don’t use information that a friend or family member would be able to guess. Hackers would likely be able to decipher it as well. Avoid using information like you or your family member’s birthdays, your favorite band, your home address, maiden name etc. If it’s something a facebook search could reveal, avoid using it in your password. You can still make it personal and memorable to you without using these general and searchable facts.
  • Try using a passphrase instead of a password. A passphrase is a string of letters or words put together, making it unique and harder to crack. You can still personalize it to make it memorable. For example, use your favorite breakfast, ‘startthedaywith_Eggs&bacon.’
  • Use a phrase or acronym to keep it memorable but also obscure. For example, ‘2BorNot2B_ThatisThe?’ (To be or not to be, that is the question) or ‘4Score&7YrsAgo’ (Four score and seven years ago).
  • You can also be systematic about your process. Use passwords with common elements, but customize for the account. For example, ‘ABT2_uz_AMZ!’ (about to use Amazon) ‘ABT2_uz_BoA!’ (about to use Bank of America)
  • Use the keyboard as your reminder. Create a password by creating a shape on the keyboard. For example, by creating a big W starting at 1, my new password is ‘1qsxfthmko0’. That’s pretty tricky to decipher to an outsider, while still being relatively easy to recreate. Try different patterns, like smiley faces, hearts, or a letter you will remember. Just be sure to avoid completely straight lines across the keyboard.
  • Get in the habit of changing passwords regularly. Start with National Change Your Password Day on February 1.
  • If you’re still wary of forgetting passwords, use a password manager to generate and store your passwords. Here are some the the top rated managers on the market.
  • Hopefully this is a no-brainer, but should be repeated for any roadwarriors out there – always use a secure wifi connection when creating a new password or logging into an account. Wait until your home or in the office to make any changes. Hotel wifi is often not secure enough for sensitive information.

Passwords are truly the first line of defense against identity theft. Whether it’s a food delivery app or banking account, it needs to hold a strong defense against impending attacks. These simple tricks may taxing to start with, but will keep you and potentially your company’s information safe.

Categories
Business Travel Travel News

What You Need To Know About Marriott’s Starwood Breach

Marriott announced Friday that their reservation database for Starwood hotels has been breached by hackers, leaving almost 500 million user’s personal information exposed. Learn what happened in Marriott’s Starwood breach, how to determine if your information has been compromised and other important next steps.

The Marriott’s Starwood data breach

  • Hackers illegally accessed Marriott’s Starwood Hotels reservation database. Marriott purchased the Starwood hotel brand in 2016, though it appears this breach has been taking place since 2014. Only Starwood brand information has been compromised.
  • An internal security tool detected the breach on September 8. Upon further investigation, they discovered the length of time the attack has taken place.
  • Starwood hotels include : Westin, Sheraton, The Luxury Collection, Four Points by Sheraton, W, St. Regis, Le Meridien, Tribute Portfolio, Design Hotels, Four Points, Aloft, Element.
  • It is the second biggest corporate data breach in history. The first involving Yahoo last year, with over 3 billion accounts being compromised.

What information has been exposed

  • For 327 million people, the information breached includes names, phone numbers, email addresses, passport numbers and date of birth. It also includes trip arrival and departure information.
  • For some, credit card information and card expiration dates were compromised. There was encryption on this information, though Marriott is unsure if that encryption could have been breached as well.
  • This leaves an estimated 500 million people vulnerable to having their identities stolen. It can then later be used to open bank accounts, credit cards and even loans in their name.

What to do if you think you might be a victim

  • Visit Marriott’s website about the breach. Contact them directly through the call center listed on the site or read additional information about the breach.
  • Keep an eye on your email. Marriott has begun sending out notification emails to those that have been compromised. These roll-out emails begin Friday, November 30.
  • Marriott will provide guests with free WebWatcher enrollment. Free of charge for one year, it will monitor if your personal information is being used online without your permission.

Additional ways to protect yourself

If you’re concerned that you may be a victim, or just freaked out in general, here are a few actionable items you can start doing today:

  • Start changing your password on your Marriott Starwood accounts regularly. This is the first line of defense to keeping hackers out. Make sure your new password has at least 12 characters, tricky to guess, and doesn’t include any information that can be gleaned from your online profiles, like your birthday or home address.
  • Monitor your accounts for suspicious activity. Keep an eye on your Starwood Preferred Guest account for any suspicious activity. Also check your bank, retirement, brokerage accounts, and credit card statements for anything unusual.
  • Freeze your credit. Keep anyone from taking out credit cards or loans in your name by freezing all credit.
  • Open a separate credit card for online transactions only. Make it easier to track transactions and spot fraudulent activity by using one dedicated credit card for online transactions. If compromised, you won’t have to change additional bills or utilities billing information, reducing additional stress and headache.
  • Be aware of anything fishy in the future. It’s not new that we should be vigilant with our actions online or on the phone. ‘Phishing’ schemes usually include people trying to access additional information from you or your computer with bogus emails, fake links, and fraudulent websites. Marriott has said they will not call or email you asking for your profile or password information. Do not provide this information if requested online or on the phone, as they are likely trying to steal additional personal information.
Categories
Business Travel Travel News Travel Tips

Avoid Syncing Your Phone To A Rental Car

Beginning another year in the business travel industry, I often find myself reflecting on the changes and advances I’ve seen in the previous year. The biggest change I’ve notice is the growing access to technology conveniences while traveling. Aircrafts are equipped with USB charging ports and entertainment apps. It’s easy syncing your phone to a rental car or connecting to free wireless networks in hotels.  With so many ways to stay connected during business trips, I now even find myself feeling annoyed when an airport does not offer free Wi-Fi access.

The compulsion to stay connected while traveling

Being “connected” to the office, email, current news, etc, is becoming an ever-growing necessity of business travel. Not only do we always feel the need to stay connected, but we demand it in a convenient manner too. In this growing frenzy to stay locked in with those in the office, many travelers unknowingly put their employer’s information and personal data at risk while achieving this growing need. With this growing accessibility, I find myself easily forgetting the consequences as well.

Why you should avoid syncing your phone to a rental car and other no-no’s

While reading a recent USA Today article, I was reminded of the hacking risks related to connecting to unknown or unsecured networks. When free or instant wifi is offered, security is often a second thought. This is how hackers and identity thieves are so successful. Our “careless connection” behavior is found in many circumstances when traveling, including hotel wifi issues or basic phishing schemes. Below are a few surprising situations in which you might encounter unsafe network activity.

  • Syncing your phone with a rental car. Most newer rental cars immediately offer pairing with their onboard infotainment system. Unbeknownst to most travelers, your information can stay within the car’s system after you return the car. This leaves you susceptible to the future drivers of the car. Or, hackers can install malicious software to the car before you rent it, accessing your information once you connect your phone.
  • Using the free USB charging stations in the airport. Plugging your phone into an infected USB hub is so common it even has a name – “juice jacking”. While connected to this port, hackers can easily access your private information.
  • Connecting to free wifi in your hotel or airport. Are you seeing a trend here? Free access leaves many open to malicious software and hacking schemes.

Tips for avoiding hacking scams

As we’ve covered, immediate and instant communication is a necessity for business travel. And unfortunately, the easiest routes often put you in arms length of security issues. Below are a few easy tips to avoid hacks. Some of these tips are from the Federal Trade Commission.

  • Avoid connecting your phone to a rental car’s infotainment system. Instead, manually enter the addresses needed.
  • Charge your phone in a rental car with a cigarette lighter adapter. This is the only way it will charge your device without accessing your personal information.
  • ‘Do you trust this computer?’ Say ‘no’. Don’t quickly skip through this step. If you are traveling and accessing unknown devices, always select ‘no’ for this option.
  • Delete your data before returning the rental car. If you do sync your phone with a rental car’s infotainment system, be sure to delete your information before returning the car to the rental office. Deleting information is usually done by going into the settings menu of the infotainment system. Find your device and go through the prompts to delete the data. The owner’s manual or car rental company may have more information.
  • Bring a fully-charged portable phone charger with you. These portable devices act as a second charge for your phone. When you are almost out of battery, just connect your phone to this device, and it charges your phone without needing to access an electrical outlet. Just remember to charge it before you leave home.
  • Use a company VPN to access sensitive data while in hotels. Ask your IT department to set up an VPN connection to use while you’re traveling for business. This connection is a secure access straight to company files, so your information can not be hacked.

Our world is continually changing with increased accessibility and connectivity. With this instant gratification, it is very easy to overlook the potential security issues involved. I hope these tips will help as a reminder next time you are about to sync your phone with a rental car or in other ‘convenient’ situations.

Categories
Business Travel Travel Tips

Beware – Hotel Wifi Is Not Always Secure!

 Whether it be a vacation splurge or just a place to rest your head before an important meeting, hotels have worked hard to become an easy place to trust and feel secure.  That’s why I was initially surprised when I read a recent article. A study by Trustwave found that 38 percent of known cyber breaches occurred through hotel wifi. You read that correctly – almost 40 percent of all known cyber breaches occurred in our home away from home! Additionally, many of these hotels are well-known chains including: Trump Hotels, Hard Rock Cafe, Hilton and Hyatt, to name a few. This is not just a lack of security at smaller hotels or motels, this is an issue affecting even the big dogs. 

How to protect yourself from cyber breaches through hotel wifi:

So, what are you suppose to do? As a business traveler, you need to be prepared professionally in a moment’s notice, and conquer any personal responsibilities at the same time. Before you take the chance of using the free or cheap wifi at your hotel, make sure you take these precautions.

  1. Always keep firewall and anti-virus software on and up-to-date. This is your first line of defense, so make sure it’s a good one.
  2. Be wary of connecting to a duplicate or twin wifi network. Most often you are given a wifi name and password at check in. A common hacking tactic is creating an evil twin network that has a very similar name to the valid hotel wifi network. People often assume the name of network or simply choose the free wifi with the most signal strength. Always verify at the front desk before joining a new or unknown wifi network.
  3. Disconnect when not in use.  Don’t leave your drawbridge open if it doesn’t need to be. Minimize your risk by disconnecting when you aren’t actively using the wifi.
  4. Avoid financial transactions when using free or public wifi.  If this transaction is not avoidable or time sensitive, make sure the site you are using is secure. You can tell if it is secure based on the site url. A secure site’s url will begin with ‘https:’ instead of ‘http:’
  5. Use a company VPN, if possible. This is a company-created computer network that provides employees with remote access to company servers. It encrypts your online activity, so others can’t see what your doing and allowing access to company drives and software. 

Most importantly, never let your guard down when it comes to potential cyber breaches. It may feel like an inconvenience at the time, but it could lead to a lifetime of repercussions.

Christopherson Business Travel is a corporate travel management company with more than 60 years of experience. Known for our consultative customer relationships and one-of-a-kind travel technology, we provide dedicated and superior travel management service.

Read Next- Avoiding High-Tech Scams While Business Traveling