Travel companies were hit by one data breach after another last year — firms including Marriott, British Airways, Delta Air Lines and travel booking site Orbitz.
Marriott estimates that as a result of its breach — in which the reservation database of Starwood-branded hotels in its portfolio was hacked — 383 million guest records could have been affected and 5.25 million unencrypted passport numbers were possibly compromised. And experts expect breaches in the travel sector will continue.
“Travel companies are a prime target of cyber thefts” because they have “highly sensitive, personally identifiable information,” said Eva Velasquez, chief executive of the Identity Theft Resource Center, a national non-profit organisation in San Diego that supports victims of identity theft and seeks to broaden public awareness.
But travellers do have options to protect their information.
Bruce McIndoe, president of WorldAware, a risk management company, recommends creating a “digital persona” when booking travel or making other online transactions.
This can include setting up a new, disposable phone number using a service like Google Voice and RingCentral to screen any calls based on caller ID, and to forward these to the phone number that you want to protect.
McIndoe also suggests creating what he calls a throwaway email address, to be used only when booking online, to protect your actual personal or work email from theft.
You can also keep your home and work addresses private with a service like iPostal1.com, PhysicalAddress.com and PostScanMail.com, which can create a new mailing address for you.
There are many steps you can take to protect any device you bring on business trips.
If you work for a large company or service provider, like a law or accounting firm, your employer may be able to provide clean devices, even some with special protections appropriate for whatever destination you visit.
Before leaving on a trip, Sam Rubin, a vice president of the Crypsis Group, a cybersecurity consulting firm, advises all travellers, regardless of the size of their employer, to make sure their laptops are encrypted, via software like BitLocker for Windows laptops or Filevault, for Macs.
He also suggests backing up data regularly, installing application updates and deleting unneeded and old data from devices.
The Global Business Travel Association, a trade group for corporate travel managers, suggests using a privacy filter on your laptop and tablet screen when you’re traveling.
To prevent theft, lock your devices when you’re not using them, through a PIN, password protection or physical locks and alarms.
The group also recommends using a juice-jack protector — attached to the end of your USB cord — to protect against data skimmers when you plug the cord into a public charging station. If you bring your own charging device, you won’t need a public charger.
Experts strongly recommend not connecting to unsecured public Wi-Fi systems anywhere in the world, not only at coffee shops like Starbucks but also in airports and hotels, among other places.
If you must use these, Si-Yeon Kim, chief risk and compliance officer of American Express Global Business Travel, suggests minimising the number of documents you open, and being careful of whatever information you transmit.
Christel Cao-Delebarre, global privacy officer in London for Carlson Wagonlit Travel, a travel management company, advises being “very careful about speaking with colleagues and possibly sharing confidential information in public places.”
She also urges travellers not to leave confidential documents unattended either in conference or guest rooms at hotels and elsewhere.
When it comes to working online, Rubin advises using two-factor authentication on all Internet-accessible accounts.
He suggests locking and password-protecting your mobile phone and configuring it to automatically lock after a period of inactivity, and using secure passwords, with a different password for each device and account.
Password managers like LastPass and Keeper can help you remember and manage these.
As for making purchases online, consider signing up for a credit card to be used only for such transactions. You also can set up a virtual credit card for a one-time purchase whose cost you can limit.
Another payment option, possibly more secure than credit cards, is PayPal, said Robert Austin, president of KoreLogic, a cybersecurity company.
John Reed Stark, former chief of the Securities and Exchange Commission’s Office of Internet Enforcement and author of The Cybersecurity Due Diligence Handbook, advises setting up your credit card account to automatically notify you of all transactions via email or its app, which he said will make you aware of every transaction as it occurs.
He also suggests setting up a separate email account for these alerts, so you can easily track them and not clog up other accounts.
To further track any suspicious activity, he advises subscribing to a credit and identity monitoring company that can provide alerts relating to your credit rating, credit cards and banking.