Don’t Let a Phishing Expedition Reel in Your Private Data

Don’t Let a Phishing Expedition Reel in Your Private Data

Cybersecurity Strategy

Data and its capabilities increasingly power our world; consequently, data’s value is priceless. In 2023, the cost of cyber data breaches averaged around US$4.45 million, which doesn’t include reputational damage. Alarmingly, the average time to detect a violation was nearly four months. With more than 2,800 data breaches recorded in the same year, resulting in eight billion records being compromised, the question is, how do you protect your personal and commercial data?

The simple response is that organizations, corporations, and individuals must implement a robust cybersecurity strategy. If an entity is offline for any length of time, it is vulnerable to financial, reputational, and technical compromise. This doesn’t include personal data stored on a growing number of digital devices. With 53 percent of users not changing passwords regularly and an alarming 57 percent of users writing passwords on sticky notes for all to see, it is hardly surprising that so many data records were compromised.

Josh Wheeler, Sr. Director of Entry into Service for Satcom Direct, says these stats illustrate that while the threat of cyber events is a clear and present danger, cyber vigilance is still lacking. “It really is a matter of if, not when a cyber event will happen, and what I often sense is that clients and customers think it won’t happen to them. There’s a lack of understanding that a serious breach can push a company to crisis point.” Wheeler spends significant time applying his security mindset to support SD customers’ cybersecurity and, with his team, successfully blocks some 10,000 attempted malware attacks on customers’ assets every day.

Wheeler adds that laptops and personal computers are not the only vulnerable devices. “I often have conversations with clients who believe they are immune from attack because they only use their phone in flight. It is simply not the case. If the phone is connected to the internet, which it nearly always is, it’s equally as vulnerable as a laptop or tablet.”

Cybersecurity Blog

Phishing, Smishing and Vishing

Phishing, the use of fraudulent emails to appropriate data, and social engineering remain the most common strategies, as well as optimizing cheaply acquired software readily available on the internet.  “Phishing gives rise to clickbait scams, giveaway frauds, false Facebook quizzes and cloned accounts. These are currently the greatest threat to operators as they are incredibly simple in their appearance but use clever tactics and slick graphics to trick users into revealing valuable information,” says Wheeler. These are not the only strategies operators and passengers must be aware of. The landscape is transforming, and increasingly, cyber events manifest themselves in an array of imaginative guises.

Smishing, which uses fake texts to extract data, and Vishing, which uses voice-generated AI, are entering the sector. “The clever use of AI, publicly available digital recordings, and a little background research can lead to the generation of convincing fraudulent phone messages where voices and speech patterns are emulated.”  At a recent SD Connecting with Customers event Wheeler demonstrated a frighteningly real voice message that sounded very much like one of the SD team requesting the use of the SD demo jet for a customer meeting. The creation of the recording required just a few steps yet was compelling.

Cyber Security Solutions

The irony is that even simple actions can significantly strengthen data security for those travelling on high-value assets. Wheeler offers a suite of easy-to-follow instructions that significantly reduce exposure. Using passwords to protect cabin Wi-Fi is an obvious one. “Flight departments can be reluctant to create Wi-Fi passwords due to the perceived inconvenience to passengers,” explains Wheeler. “Yet the inconvenience of learning a password far outweighs the potential personal, commercial, and reputational risks. You can even put passwords into a QR code for passengers to scan when they board.”

Wheeler’s advice regarding passwords may surprise some people: “Length trumps complexity when it comes to a strong password. Believe it or not, it is harder for the decoders to crack a long password, say the first line of your favorite song, than to figure out a short password that includes numbers, special characters, and letters.” Changing passwords frequently will also improve protection.

Wheeler also says the convenience of auto-connecting may be a cyber downfall. “Think before you connect. It is better to switch off auto-connect and actively decide which Wi-Fi networks to connect to.” If you’re not sure the Wi-Fi is legitimate, Wheeler advises to stay on the cellular network.

Make a habit of locking your devices and securing them with a password known only to the user. If you travel, use a virtual private network, VPN, for an encrypted connection. This creates another layer of defense when logging on to a hotel or FBO network. Equally, when travelling to a new country, ask your technology department to confirm if it is high risk in terms of cyber events. If it is, leave your data-rich devices at home and use loaner devices.

As the amount of data transmitted from airframes increases exponentially year on year, SD has developed a multi-layered cybersecurity policy that, through a blend of human expertise, machine reading and advanced technology, protects SD customers from the potential catastrophe of a data breach.  From a simple audit to the development of a full-on VPN that cloaks an aircraft and prevents data from ever touching the public internet, SD can support cyber vigilance. “Our eco-system of hardware, software, and ground infrastructure, including the SD Data Center, which holds International Standard Organization (ISO) 27001:2013 status, gives customers confidence that our team applies deep-rooted methodologies to business operations, workforce experience, and clearly defined IT processes, for a structured approach to managing data security.

SD Data Center

One of SD’s guiding principles is to validate products and services before market introduction, which is why we apply cyber vigilance at all levels. The SD Data Center is home to all data generated by our group of companies. By serving ourselves, applying rigorous cybersecurity protocols, and leveraging the full capabilities of our Data Center, we maintain our business continuity. We put cybersecurity at the core of all our operations and encourage our customers to think the same way.

To find out more about how SD can keep you safe on the ground and in the air, contact [email protected].

Sign up for our Newsletter