What Do Laptop Bans on Airplanes Mean for Data Security?

What Do Laptop Bans on Airplanes Mean for Data Security?

In March, many international business travelers were taken by surprise when the US and UK abruptly issued bans on carry-on laptops and other large electronic devices on inbound flights from a number of airports in the Middle East, North Africa, and Turkey, citing intelligence that terrorists may attempt to target US-bound airplanes on these routes by “smuggling explosive devices in various consumer items.” As long as the bans are in place, such items cannot be carried onto these flights and must be checked instead. On Thursday, Politico reported that US airlines were bracing for the Department of Homeland Security to expand the ban to flights from Europe and other parts of the world, though any such expansion is not expected to be implemented until President Donald Trump returns from an overseas trip this weekend.

An expanded ban would have obvious consequences for business travelers, who would no longer be able to get any work done on these long-haul international flights, but global security consultant Luke Bencie warns at the Harvard Business Review that organizations whose employees travel across the oceans on business have another reason to be concerned—namely, that checking a laptop at an airport could put the device, and any sensitive data it may contain, at risk:

In today’s globalized business environment, the craft of spying has never been more lucrative. For intelligence collectors, the idea of forcing travelers to become separated from their large electronics is like winning the lottery.

Read more

Gannett Phishing Attack Highlights HR’s Vulnerability

Gannett Phishing Attack Highlights HR’s Vulnerability

Nearly 18,000 current and former employees of the newspaper publisher Gannett may have had their personal information compromised after hackers broke into the email accounts of members of the company’s HR department, the Associated Press reported this week:

The company says there is no indication sensitive information was taken, but it can’t be sure. Gannett says it learned in March that several people in its human resource department were victims of a phishing attack, in which hackers try to steal personal information through emails. It says hackers accessed email accounts and were able to send other phishing emails from there. There was also an unsuccessful attempt to wire transfer corporate money.

When the attacker attempted a fraudulent wire transfer, Gannett’s finance department flagged the request as suspicious and thereby uncovered the breach, the Wall Street Journal adds. The company quickly locked down the affected accounts, launched an investigation, and notified federal law enforcement. It is offering current and former employees a free year of credit monitoring services, and is taking steps to strengthen its cybersecurity protocols and train employees on how to better protect themselves against phishing scams.

In addition, as many as one million Gmail users were targeted this week by a very sophisticated phishing scam exploiting Google Docs, which has also rattled many IT departments.

Furthermore, cyberattacks are increasingly targeting organizations rather than individuals, and HR departments have become a favorite entry point for hackers as HR professionals typically have access to a lot of employee data and are accustomed to opening emails from outside the organization, where it is relatively easy to conceal malicious code in the guise of a résumé or invoice.

Read more