In 2019, the U.S. business sector had a whopping 17% increase in data breaches, according to the Identity Theft Resource Center. What’s even more alarming is that identity theft and identity fraud have skyrocketed during COVID-19 when our use of digital technology is not only a nicety, but a necessity to connect us with our work, schools, and doctors. The result is that data distrust is at an all time high and businesses and organizations who need to deliver their goods and services are under even more pressure to achieve and maintain compliance with privacy regulations.
At Airside, we often say our technology keeps your personal information safe and secure, but what does this really mean?
When we built the Mobile Passport App we placed ourselves in the shoes of the traveler. We all want to reduce paperwork and spend more time on the journey, but not at the cost of jeopardizing our sensitive passport information and personal data. We tested our technology against a variety of heterogeneous devices and operating systems to make sure we could provide a solution to fit most and expedite everyone’s experience at passport control. We combined source-verification from the government with consent from the traveler to provide a reliable process for both the government and the travelers. We applied advanced end-to-end encryption to protect the information from being tampered at rest on the device and during transit. Mobile Passport is trusted by over nine million people and going strong today, when the need to eliminate crowding and shared touch points is of the utmost importance.
Now, we find that our feet have grown and so too has our technology. Biometric ID verification is an essential part of our everyday personal data exchanges and is used throughout the world to facilitate experiences, like flying, accessing buildings, opening checking accounts, and sharing health records. We approached these situations in a similar way, knowing that everyone can share their personal information, such as a driver’s license, passport, or other documents, to speed up a safe and secure identity verification process and get on their way with peace-of-mind. Personal information is added to the Airside App in a way that ensures no data can be accessed by anyone, but the person and the organization that received consent to access it. Every API transaction undergoes multiple end-to-end encryption protocols and signatures using an AES algorithm and a strong 256bit key created by the individual’s device.
What’s different is that we, the developers of the Mobile Passport App and the new Airside App, do not want to- and cannot know who you are. (No offense!) Furthermore, we don’t think anyone else should know more about you than you deem is necessary. We’re proud of our service to protect your personal information. We wish you a safe and secure National Cybersecurity Awareness Month and would like to share some of our common sense tips we abide by here at Airside.
- Know what lives within. Set quarterly reminders in your calendar to take inventory of your accounts and the software on your personal and company owned technology. Determine whether it’s still essential, then:
- Say goodbye. If you no longer use accounts, close them; if you no longer require software for your work, uninstall them.
- Lock up what you keep. In the words of the U.S. Cybersecurity & Infrastructure Security Agency (U.S. CISA), “If you connect it, protect it.” Turn on multi-factor authentication (MFA). Check out sites that offer MFA on twofactorauth.org.
- Invest in anti-malware software. This doesn’t have to be costly. Take the time to research and purchase software to detect and mitigate malware.
- Use a VPN. For company-owned devices, enable a VPN to provide a better level of communications security while using Wi-Fi. Don’t be shy about asking your security office how to configure it for your use.
- Share only what is relevant. Even with the most diligent attempts to separate your personal information from your business’s proprietary information won’t stop some overlap. While you may know not to share business credit accounts and “the secret recipe” of your trade, your employee information, such as HR, healthcare and payroll, are likely a part of your company systems. In general, avoid sharing too much personal information online (such as your full name, address, birthday, etc.). Also, check a website’s privacy options to ensure you have enabled them to be as strong as you’re comfortable.
- Treat your workplace technology like the front door to your own home. Always log off or lock your computer, phone or tablet when it is not in use. You should ensure that all devices are protected with a PIN, password or biometric identity verification.If using a PIN or password:
- Make sure you change it periodically and don’t reuse previous passwords.
- Never use the same password on multiple systems.
- NEVER tell or share your password with ANYONE.
- When your computer prompts you to save your password, click on “No.” Dedicated password managers are good alternatives.
- Never use a word found in a dictionary (English or foreign).
- If you think your password has been compromised, change it immediately.
- Make your password as long as possible – eight or more characters.
- Create a password that’s hard to guess, but easy for you to remember. When possible, use a mix of numbers and letters, special characters or use only the consonants of a word. If you have difficulty in thinking of a password that you can remember, try using the first letter of each word in a phrase, song, quote or sentence. For example, “The big Red fox jumped over the Fence to get the hen?” becomes TbRfjotF2gth?.
- Know when to get help. Data breaches can take several forms, from phishing to accidental exposure to accessing the infrastructure. The best defense against security breaches are conscientious and alert users. Report any of the following to security or senior management:
- Damage to equipment, facilities, or utilities.
- Loss or misplacement of media (e.g., disks, tapes, paper) containing confidential/highly restricted information.
- Inappropriate use of the computing environment.
- Unauthorized access or attempted unauthorized access to information or computing resources.