Cyber Security in Aviation
If you look at the rationale behind business professionals’ choice to fly private versus commercial you will notice one important point; while private flights offers no savings on travel expenses it offers the wealthy and companies privacy from the public, schedule flexibility and operational discretion.
In consideration of that point I pose the following:
If FBOs are expected to operate on razor-thin margins, how can they guarantee proper discretion and privacy?
They can’t without re-evaluating their own security practices. While flight operators offer schedule flexibility and FBOs are responsible for general privacy, which is ensured through physical security measures handled by the airport authority. Take for example the typical rural FBO near a popular vacation area. With a low but consistent income from “home base” pilots they tend to rely on whatever surge income that accompanies the peak season to carry them through their off season, while potentially reducing staff during that time.
For management it poses a somewhat complex situation regarding data and cyber security. How can FBOs increase their technological oversight and increase data and IT security without hampering flexibility of line crew personnel and CSRs? All the while minimizing the “cost of entry” to effectively cope with high and low density seasons that causes inconsistent income.
General IT (Information Technology) security presents similar barriers of entry as well, a preconceived notion that in order to be secure you need to be an IT professional or shell out serious cash to hire one. Where the reality as simple that implementing the right tools, habits and automation can vastly increase how secure devices and networks can be. Using antivirus tools like Avast, offering automated scans and live updating, is a boon to most businesses as a robust tool that adds nothing to your overhead and requires minimal set-up.
Requiring periodic password cycling can prevent exposed credentials from affecting the entire business. Regular software and hardware audits provide insight into outdated and therefore potentially unsecured systems and give management the ability to adapt. Devising a plan for regular on and off site system back ups helps to ensure data security and loss prevention in case of an emergency.
Considering data security is where insuring protection can appear to be the most intimidating. As there is no sure fire method for protecting against every occurance by using a combination of cloud storage, for off-site backups, and physical isolated system back ups casts a wide net for protecting against most types of loss that could bring your operations to a grinding halt.
The importance of these practices became painfully apparent last year when over 400,000 systems were infected with the Wannacry virus, effectively locking people and businesses out of their systems and isolating any data that was not backed up unless a payment was made to the attacker via cryptocurrency, which is inherently untraceable. All the while considering those systems affected were turned into a ticking time-bomb where if payment is not received by a certain time period after the attack started all data stored on the computer is wiped and lost forever.
Researching the demographics of the systems affected helps pinpoint the potential point of entry for approximately 98% of those system. It was due to the users neglecting to keep their systems operating system up to date and failing to implement proper device security.
While the likelihood that your company will be affected by similar attacks is low, management needs to understand that even one attack can cripple business and severely compromise your clients privacy.
This rational is what led VoyagerFBO to live in the cloud. This benifits FBOs from more than a security perspective however. It allows our clients to operate from anywhere in the world at anytime and gives FBOs and their clients piece of mind that while their information is available from anywhere it is protected by industry leading security provided by Amazon Web Services. All of this comes with the added benefit of removing any sort of need for FBOs to shell out thousands of dollars to set up and maintain a local server for database use.
Fortunately mitigating risks involving breaches in a company’s cyber security is relatively straight forward with the right information and tools. The focus should center around identifying and securing mission critical data such as customer information and accounting records. For a well rounded security system companies should utilize a broad spectrum of tools like robust antivirus tools, cloud backups for sensitive data and a methodical approach to maintaining system health and automation.