It’s officially November, which means that the annual frenzy of holiday travel is on the horizon. Booking flights, renting cars, and making hotel accommodations are all activities that process vast amounts of data.
Unfortunately, airline data breaches are becoming an all too regular occurrence, and a succession of airlines have fallen victim over the past few months. On the heels of last month’s British Airways hack, Cathay Pacific experienced a similar breach on October 24 which exposed the personal data of up to 9.4 million passengers–names, dates of birth, phone numbers, email addresses, and passport numbers were all leaked.
In the wake of the recent Cathay Pacific breach, consumer advocates, experts, and consumers have been calling for stricter regulation for companies on how they report data breaches. In today’s blog entry, we’re sharing a few best practices for keeping your personal data safe this holiday season and all year round. And although 100% security is never guaranteed, you can take the necessary steps to be proactive, educated, and informed.
Under GDPR, always-on encryption is a good first step
Let’s start with encryption. The GDPR’s broad aim is to protect personal data, including any personally identifiable information–or PII data–like name, location, identification numbers, IP addresses, cookie data, and RFID tags. But simple encryption at rest and in transit isn’t enough, and companies evaluating this set of requirements in isolation will run into trouble down the road.
This is why taking a data-centric approach to encryption and anonymization is critical – when GDPR-sized fines are looming, it’s not enough to deploy device or full-disk encryption. To limit the damage and scope of a breach notification, individual records should be protected uniquely, preventing a single attacker or identity getting access to the entire dataset.
Keeping data safe online: a cue from Air France-KLM
According to a recent Information Age article, Air France-KLM manages 16 million exchanges on Facebook and three million on Twitter a year. The data processed by Air France-KLM enables the airline to create more personalized emails for its customers, building trust and allowing the airline to offer value-added services. Ahead of most airlines today, Air-France KLM is committed to adhering to the regulations concerning the privacy and data security of the users of their websites. Therefore; all data collected through the Air France-KLM website is processed in accordance with the terms laid out in the GDPR.
For most companies today, we can assume they are still in the process of assessing their security infrastructures to find gaps in their GDPR compliance. The good news is they can start by looking into a more data-centric approach to security.
Protecting personal data, before it’s hacked
At Vera, we believe that when it comes to building a successful security strategy, the best defense is a proactive one. It’s simply not acceptable for an organization, of any size, to not protect its data–no matter where it resides. To protect customer and personal data, businesses must have complete visibility and control over exactly where their data resides, and take the necessary measures to encrypt what’s most important– that’s where very really shines.
Data-centric security helps mitigate these risks by providing tools that encrypt data, provide dynamic access controls, and automatically provide audit logs to ensure only privileged individuals have access to that data at all times. Here at Vera, we’re confident that travel sites and airlines will only get more sophisticated in their data and information security practices in years to come.
Bottom line: breaches are no fun for anyone. Companies take major hits in their pocketbooks, reputation, and brand as a whole. Users lose confidence and tend to move their information and business elsewhere. By protecting data in more intelligent ways, the holiday season will bring more joy and fewer compromises online.