Do you save-up your frequent-flier miles in anticipation of your next business trip, family vacation, or points’ spending spree? What if the next time you logged into your account, you found the points balance displaying a big, round zero?
A recent WSJ article notes that hackers are now targeting frequent-flier and airline accounts, since they are largely unmonitored, not well protected, and usually include valuable Personally Identifiable Information (“PII”). Thieves have been able to convert the stolen points into cash, gift cards, or sell/redeem the points for merchandise or airline tickets.
Though the WSJ article focuses on the security of the frequent-flier points’ websites, the underlying core issue isn’t security protocols – it goes beyond that, yet, it’s quite simple. Users are not being responsible with their data on the Internet. Though it sounds like I’m siding with the corporations here, at this point , it should be expected that there is no company with 100% airtight security. All of your online data is subject to theft. Once that is understood, we, as consumers, business owners and employees should do our part to secure our own data to the best of our ability.
There are several ways we can do that:
- Do not use the same password for all online accounts. If your password is compromised, then the hacker will, theoretically, have access to all of your accounts.
- Update your passwords regularly – Every 60-120 days to be safe.
- Monitor your accounts – Set up automated alerts for balances, if possible, but also be conscious of what is on your monthly statements (or regularly check your balance online), and question any unusual activity.
- Keep track of all of your online accounts/logins and delete data from old, stagnant accounts. Remember that Yahoo email address you set up in 2002? You should probably check back on that. My first recommendation would be to close those accounts. If you want to keep them, make sure you update your passwords, soon.
- Take advantage of two-level authentication if offered by your vendors. This will require that you enter a personal code (usually sent to you through a text message or displayed on a key fob) after you enter your password.
- Lastly, be mindful of what personal data you’re putting on any device connected to the Internet.
Of course, these suggestions are a small sampling of the security protocols and risk mitigation strategies a company should employ to manage their ever-evolving cyber risk. The protection of company and customer data should be paramount to any business owner.
The theft of frequent-flier miles is clear evidence that hackers are looking for any avenue of access to your customers’ and/or your personal information. Take the time to ensure all of your business and personal online accounts are as secure as possible. You won’t regret it.
Click here to request more information or if you have any questions about your cyber risk profile.